Cloud 101CircleEventsBlog

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Top Concerns With Vulnerability Data

Top Concerns With Vulnerability Data

Release Date: 11/11/2024

The top vulnerability management frameworks used today include the Common Vulnerabilities and Exposures (CVE) program and the Common Vulnerability Scoring System (CVSS). The CVE program assigns an identifier to every discovered security vulnerability, standardizing the vulnerability...
Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives

Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives

Release Date: 11/05/2024

This publication explores the use of asymmetric cryptography in Zero Trust. Asymmetric cryptography provides an industry-standard, secure method to establish identity, authenticate entities, maintain data integrity, and control access without requiring any explicit trust. Therefore, it aligns...
The State of Multi-Cloud Identity Survey

The State of Multi-Cloud Identity Survey

Release Date: 10/29/2024

Enterprises encounter significant obstacles when adopting multi-cloud. Namely, harmonizing hybrid and cloud identity systems for secure integration. Identity and Access Management-related tech debt, vendor lock-in, and legacy applications all stand as barriers. Meanwhile, traditional tools...