Cloud 101CircleEventsBlog
Join us at CSA's third annual Virtual Zero Trust Summit from November 20 - 21. Register now!

CSA Security Guidance for Critical Areas of Focus in Cloud Computing

Read the best practices recommended by security experts for staying secure in the cloud.

Download Guidance
Security Guidance for Critical Areas of Focus in Cloud Computing v5.0
Security Guidance v5.0

Cloud computing offers tremendous benefits in agility, resiliency, economy, and security. However, the security benefits only appear if you adopt cloud-native models and adjust your architectures and security controls to align with the capabilities of cloud platforms.

The Cloud Security Alliance's Security Guidance for Critical Areas of Focus in Cloud Computing outlines cloud security best practices that have been developed and refined by CSA's extensive community of experts. Emphasizing the practical application of security principles in real-world scenarios, this comprehensive guide equips professionals with actionable skills. Learn how to adopt and implement a cloud-native approach that addresses modern challenges in complex cloud environments.

All NEW content with Security Guidance v5! Version 5 provides a comprehensive understanding of the essential security measures needed in today's cloud landscape. Completely revamped from v4, the v5 body of knowledge includes the latest in cloud architecture, cloud native security, workloads, virtual networking, data security, DevSecOps, Zero Trust, Generative AI, and much more. V5 also includes vital information about risk management, achieving compliance, optimizing organizational cloud security strategies, and understanding the shared responsibility model.Security Guidance v4 is still available for download here.

Download CSA's Security Guidance v5 today.

Security Domains

The domains which comprise the CSA Guidance are tuned to address both the strategic and tactical security “pain points” within a cloud environment and can be applied to any combination of cloud service and deployment model. We have over 25+ research working groups dedicated to creating further guidance and frameworks for these domains.

CSA CCSK Domain 1 Icon

DOMAIN 1

Cloud Computing Concepts and Architecture

DOMAIN 1

Cloud Computing Concepts and Architecture

This domain lays the foundational framework for the Cloud Security Alliance (CSA) Security Guidance. It covers the definitions, baseline terminologies, controls, deployment, and architectural models crucial for understanding cloud computing. Learners will explore the transformative impact of cloud computing and its benefits when properly understood and adopted, emphasizing the importance of cloud-native capabilities and services.

CSA CCSK Domain 2 Icon

DOMAIN 2

Cloud Governance

DOMAIN 2

Cloud Governance

Focusing on the governance framework of policies, procedures, and controls, this domain ensures transparency and accountability within cloud environments. It addresses strategic guidance, risk management, compliance monitoring, and budget allocation. Learners will understand key governance frameworks and regulations such as ISO/IEC 38500:2024, ISACA COBIT, ISO/IEC 27014:2020, and GDPR.

CSA CCSK Domain 3 Icon

DOMAIN 3

Risk, Audit, & Compliance

DOMAIN 3

Risk, Audit, & Compliance

This domain delves into evaluating cloud service providers (CSPs), establishing cloud risk registries, and implementing approval processes. It covers compliance and auditing, including compliance inheritance, and introduces tools and technologies for governance, risk, and compliance (GRC) processes. Emphasis is placed on robust risk management frameworks, compliance with regulatory standards, and leveraging tools and technologies for effective governance.

CSA CCSK Domain 4 Icon

DOMAIN 4

Organization Management

DOMAIN 4

Organization Management

Learners will explore the overall management of cloud environments, including organizing and validating the security assurance of CSPs and securing individual cloud service deployments. This domain highlights the importance of tenancy in a multitenant environment, key controls for managing hierarchy, and best practices for managing multiple cloud deployments. It also covers organization-level security management nuances and strategies for hybrid and multi-cloud environments.

CSA CCSK Domain 5 Icon

DOMAIN 5

Identity & Access Management

DOMAIN 5

Identity & Access Management

This domain ensures that only authorized identities have the right access to resources. It covers fundamental IAM concepts, the characteristics and challenges of IAM in the cloud, and effective management strategies. Key topics include multi-factor authentication (MFA), just-in-time (JIT) access, identity federation, policy-based access control (PBAC), and secure identity providers (IdPs).

CSA CCSK Domain 6 Icon

DOMAIN 6

Security Monitoring

DOMAIN 6

Security Monitoring

Focusing on the distinct aspects of security monitoring in cloud environments, this domain covers cloud telemetry, management plane logs, service and resource logs, and advanced monitoring tools. Learners will explore hybrid and multi-cloud setups, the role of logs, events, and configuration detection in security monitoring, and the use of Generative Artificial Intelligence (GenAI) for enhancing cloud security.

CSA CCSK Domain 7 Icon

DOMAIN 7

Infrastructure & Networking

DOMAIN 7

Infrastructure & Networking

This domain covers managing the overall infrastructure footprint and network security. Key topics include Software Defined Networks (SDN), security groups, container networking, connectivity options, Zero Trust Architectures (ZTA), and Secure Access Service Edge (SASE). Emphasis is placed on implementing secure architectures, integrating security early in the development lifecycle, and maintaining vigilant monitoring.

CSA CCSK Domain 8 Icon

DOMAIN 8

Cloud Workload Security

DOMAIN 8

Cloud Workload Security

Learners will explore securing various cloud workloads, including virtual machines (VMs), containers, serverless functions (FaaS), AI, and platform as a service (PaaS). The domain covers practices such as VM image security automation, enforcing least privilege, regular vulnerability assessments, customizing container configurations, securing API endpoints, managing secrets, adversarial training for AI workloads, and regular security audits for PaaS environments.

CSA CCSK Domain 9 Icon

DOMAIN 9

Data Security

DOMAIN 9

Data Security

This domain addresses the complexities of data security within cloud environments, emphasizing the need for resilient practices to safeguard information. It explores strategies, tools, and practices essential for protecting data in-transit and at rest. Key topics include data classification, cloud storage types, advanced encryption methods, and access controls. The domain also provides a primer on cloud storage and examines key concepts and technologies shaping the future of data security. Learning objectives include understanding data security fundamentals, data classifications and states, cloud storage security measures, key management, protecting computing workloads, posture management, and advanced data security concepts.

CSA CCSK Domain 10 Icon

DOMAIN 10

Application Security

DOMAIN 10

Application Security

This domain focuses on the practice of using security controls to protect computer applications from external threats. It covers the entire lifecycle of application security, from early design and threat modeling to maintaining and defending production applications. Cloud computing advancements necessitate stable, scalable, and secure progress in application development. Key topics include microservices, API exposure, DevOps approaches, shared responsibility models, third-party libraries, security features from cloud providers, programmable infrastructure, and stateless architectures. Emphasis is placed on secure architecture, IAM, DevSecOps, continuous monitoring, threat modeling, and automated security testing.

CSA CCSK Domain 11 Icon

DOMAIN 11

Incident Response & Resilience

DOMAIN 11

Incident Response & Resilience

This domain covers critical aspects of incident response (IR) in cloud environments, addressing unique challenges introduced by cloud adaptation. It provides best practices for cloud incident response (CIR) and resilience, organized according to the IR Lifecycle described in the CSA Cloud Incident Response Framework and NIST SP 800-61 Rev. 2. Key frameworks include ISO/IEC 27035 and ENISA Strategies for IR. Emphasis is placed on preparation, detection and analysis, containment, eradication and recovery, and post-incident analysis. Effective communication and information sharing between CSPs and CSCs, internal IR teams, law enforcement, and key partners are crucial for strengthening CIR capabilities.

CSA CCSK Domain 12 Icon

DOMAIN 12

Related Technologies & Strategies

DOMAIN 12

Related Technologies & Strategies

This domain explores various angles for analyzing cloud security challenges using perspectives (lenses) and processes. It covers critical security areas such as organization management, IAM, security monitoring, network, workload, application, and data. Key technologies and strategies include Zero Trust (ZT), Artificial Intelligence (AI), and Threat and Vulnerability Management (TVM). Practices include continuous verification of users and devices, least privilege principles, multi-factor authentication, micro-segmentation, encryption, threat detection, access control, policy enforcement, machine learning for anomaly detection, risk management, CSPM, and continuous monitoring. Integrating AI into TVM enhances threat detection and response, maintaining a robust security posture.

You can learn more about how to implement each of these domains by earning your Certificate of Cloud Security Knowledge (CCSK).

Version 5.0 Acknowledgments

On behalf of the CSA Board of Directors and the CSA Executive Team, we extend our heartfelt gratitude to everyone who dedicated their time and provided invaluable feedback for the fifth version of the CSA Security Guidance for Critical Areas of Focus in Cloud Computing. Your volunteer contributions are greatly appreciated, and it is the commitment of volunteers like you that propels the Cloud Security Alliance into the future.

Special thanks to our Editors, Larry Hughes and Jackie Donnelly, and to our Lead Authors, Mike Rothman and Rich Mogull. We also deeply appreciate the contributions of Michael Roza, Moshe Ferber, and Peter van Eijk.

We extend our sincere thanks to all contributors listed in the Security Guidance itself. Your efforts are truly valued.