Research News Arrow to Content

Luciano

A Message from Luciano "J.R." Santos

Research Director, Cloud Security Alliance

As Research Director of CSA Global, I would like to highlight our new CSA initiatives and the great work by our volunteers, CSA staff, corporate members and CSA chapters. Here you will find links to our initiative pages, where you can download recently published documents, find ways to get involved, and obtain additional information about the initiative.

Top Threats to Cloud Computing

The CSA Top Threats Working Group will identify and address the changing landscape of probable threats in cloud computing today. Its seminal document, Top Threats to Cloud Computing, provides needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document is updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. The document’s second version will be released in July 2012. Get involved in this exciting area of research!

Visit the Top Threats website at: https://cloudsecurityalliance.org/research/top-threats/

Mobile Working Group

Launched at RSA San Francisco in February 2012, the CSA Mobile working group will provide fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point. The working group will release its Security Guidance for Critical Areas of Focus in Mobile Computing whitepaper in November 2012. Participate in the Mobile Working Group by joining the bi-weekly calls, helping peer review the charter, or collaborating on the upcoming research document.

Visit the Mobile Working Group website at: https://cloudsecurityalliance.org/research/mobile/

Big Data Working Group

The Big Data Working Group (BDWG) will identify scalable techniques for data-centric security and privacy problems. BDWG’s investigation will focus best practices for security and privacy in big data, help industry and government adopt these best practices, establish liaisons with other organizations to coordinate the development of big data security and privacy standards, and accelerate the adoption of novel research aimed at addressing security and privacy issues. The working group will also put together research proposals for joint funding by government and industry initiatives.

Visit the Big Data Working Group website at: https://cloudsecurityalliance.org/research/big-data/

Health Information Working Group

This working group will provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients. It will also foster cloud awareness within all aspects of healthcare and related industries. Join in on the conversation by participating in the bi-weekly calls, reviewing the charter, and developing research for this important initiative.

Visit the Cloud Data Governance website at: https://cloudsecurityalliance.org/research/him/

Telecom Working Group

The Telecom Working Group (TWG) was formed to provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of telecommunications. The Telecom Working Group will coordinate research within this focus area and has scheduled five new initiatives for 2012. Subject matter includes GRC Stack Implementation, ISO 27017, how to achieve effective security event management in a provder-grade enviroment, how to provide compliance monitoring to cloud customers, and how to provide forensic support in a muilt-tenant, provider-grade cloud infrastructure.

Visit the Cloud Data Governance website at: https://cloudsecurityalliance.org/research/telecom/

In Conclusion

Thank you to all who have contributed to the CSA activities listed above. I'll be posting updates on current CSA activities, research and opportunities to contribute at the CSA homepage (in the "Latest in Research" section) and at our CSA LinkedIn Group.

------------------

Luciano "J.R." Santos
[email protected]
Research Director, Cloud Security Alliance

April 09, 2014

CSA Seeks Input on Open Peer Review: CAIQ v3.0.1

CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.

April 09, 2014

CSA Seeks Input on Open Peer Review: CCM v3.0.1

Cloud Security Alliance announces an open peer review period for the Cloud Controls Matrix (CCM) v3.0.1, now through May 8, 2014.

April 03, 2014

Cloud Security Alliance Announces Launch Of Privacy Level Agreement (PLA) V.2 Working Group

PLA v2 seeks to provide a clear and effective way to communicate to customers the level of data protection offered by a CSP.

March 31, 2014

On behalf of the CDPC Leadership Team: Open Review Period – Cloud Data Protection Cert Candidate Project

We are proposing that the Cloud Data Protection Cert be included as part of the CSA’s GRC Stack as organizations will also have more granular controls for leveraging the Cloud Controls Matrix (CCM).

March 20, 2014

First Research Newsletter Now Available

The CSA Research team is excited to announce that the first monthly Research Update is available here.

March 19, 2014

Featured Research: CUMULUS

The CUMULUS framework will bring together consumers, service providers, and cloud suppliers to work with certification authorities to ensure security certificate validity in the ever-changing cloud environment.

March 19, 2014

Volunteer Spotlight: Evelyn de Souza

Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.

March 19, 2014

Featured Research: Software Defined Perimeter Initiative

The SDP Initiative defines an architecture to create highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.

March 19, 2014

CSA Announces the Newly Created Research Lifecycle

The Research Lifecycle is a comprehensive, step-by-step guide that sets up a series of standard procedures for the generation of a CSA research product.

March 19, 2014

Phillip Redman to speak at the next Cloud Security Alliance Mobile Working Group meeting on March, 27 @ 9am PT

Join us to learn Phillip’s views on the enterprise mobility space and to get a chance to interact with one of the most respected thought leaders in this space.

March 19, 2014

CSA Seeks Input For Open Peer Review: Big Data Taxonomy

The Cloud Security Alliance (CSA) Big Data Working Group (BDWG) would like to invite you to review and comment on a preliminary draft of the “Big Data Taxonomy” document.

February 12, 2014

Invitation to CSA CloudBytes: CSA STAR Certification

Don’t miss your chance to join experts and learn more about the CSA STAR Certification on Thursday, February 20th at 11:00am (Pacific Time).

January 27, 2014

Mobile Working Group 2014 Kick-Off Call

Join us as we brief the audience on each of the current initiatives and generate conversation on what’s new for mobile in 2014.

December 09, 2013

Announcing the Consensus Assessments Initiative Questionnaire (CAIQ) V.3 Open Review Period

The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments.

December 05, 2013

Cloud Security Alliance Releases Software Defined Perimeter (SDP) Framework Details

New white paper outlines best practices to deploy an SDP to protect application infrastructure from network-based attacks.

December 05, 2013

SAFECode and the Cloud Security Alliance Release Guidance for the Secure Development of Cloud Applications

New paper outlines practical software security recommendations to address threats specific to cloud computing.

November 13, 2013

Cloud Security Alliance Announces Software Defined Perimeter (SDP) Initiative

A project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.

November 11, 2013

Cloud Security Alliance Annual Congress to Draw Industry Attention to Most Debated Issues in Cloud Computing

Announcing notable and heavily debated presentations featuring some of the industry’s most progressive thought leaders.

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

November 05, 2013

Invitation to CSA CloudBytes: Cloud Controls Matrix v3.0

Don’t miss your chance to join experts and learn more about the Cloud Controls Matrix and the latest release of version 3.0.

October 31, 2013

Announcing CSA Congress 2013 Working Group Events

Here is your chance to learn more about the current working group activities, recently published documents, roadmap for 2014, and how to get involved.

October 23, 2013

Survey for SaaS companies: State of Identity Management

CSA survey to better understand the maturity of SaaS providers in their implementation of identity management solutions.

October 07, 2013

CSA Releases CCM v3.0 Info Sheet for Updates on New Controls, Domains

The CCM v3.0 Info Sheet is designed to update users on domain changes, control additions, and alignment to other CSA and industry standards documents.

September 26, 2013

Cloud Security Alliance Releases Cloud Controls Matrix, Version 3.0

The industry standard for cloud security now includes expanded controls to assess cloud service provider information security risks.

September 24, 2013

Cloud Security Alliance Mobile Working Group Opens Annual Mobile Market Maturity Survey

Group seeks global input to understand current market maturity and needed processes to manage enterprise mobile technology.

September 24, 2013

Cloud Security Alliance Big Data Working Group Releases Report On Big Data Analytics For Security Intelligence

New report provides insight on how new big data tools and opportunities are changing the security analytics landscape.

September 03, 2013

Take the Helix Nebula Open Survey

Helix Nebula is conducting a survey to understand the general perception of the Helix Nebula initiative and to help us improve the way we inform people about its work.

August 08, 2013

Watch New CloudBytes Webinar Online: Measuring and Mitigating Risk for Cloud Services

Hosted by Grant Shirk and Kamal Shah, this unique video conference explores how employees and departments adopt, use and spread cloud services.

August 07, 2013

CSA CloudBytes: Cloud Compliance for Financial Services (Tuesday 8/13, 8am Pacific)

In today’s world, financial service businesses rely on communication technology that enable rapid and secure sharing of information.

August 06, 2013

CSA CloudBytes Town Hall: NSA/PRISM Lessons Learned (Monday 8/12, 8am Pacific)

You are invited to attend a CSA CloudBytes Town Hall on “NSA/PRISM Lessons Learned: The Repercussions for Cloud Services Adoption.”

July 31, 2013

CSA and ISACA Cloud Market Maturity Survey 2013

The Cloud Security Alliance (CSA) and ISACA is announcing the availability of a new survey on cloud market maturity as part of the second collaborative project between the two organizations.

July 22, 2013

CSA Seeks Input For Open Peer Review: Big Data Analytics for Security Intelligence Document

The Big Data Working Group would like to invite you to review and comment on a preliminary draft of the “Big Data Analytics for Security Intelligence” document.

July 03, 2013

CSA CloudBytes: Measuring and Mitigating Risk for Cloud Services (Thursday, July 18th at 10:00am Pacific)

The classic adage, “you can’t manage what you can’t measure” is just as relevant to cloud security as it is to operational excellence.

June 27, 2013

Cloud Security Alliance Silicon Valley Chapter to Hold 2nd Annual Innovation Conference

The annual conference is designed to deliberately create provocative and disruptive debates on cloud technology among industry experts, solution providers and end-users.

June 27, 2013

Cloud Security Alliance Establishes Incident Management and Forensics Working Group

CSA’s newest working group releases first white paper on conducting forensic investigation in cloud environments.

June 26, 2013

Official CSA Snowden/NSA/Patriot Act Survey

We are hoping to generate a rational and valuable global dialogue, and will make this survey public.

June 17, 2013

CSA Releases the Expanded Top Ten Big Data Security & Privacy Challenges

Big Data remains one of the most talked about technology trends in 2013. But lost among all the excitement about the potential of Big Data are the very real security and privacy challenges that threaten to slow this momentum.

June 12, 2013

CSA Seeks Input For Open Peer Review: Cloud Trust Protocol Work Group Charter

The Cloud Security Alliance Cloud Trust Protocol (CTP) Working Group would like to invite you to review and comment on their updated work group charter.

June 12, 2013

Cloud Security Alliance Seeking Co-chairs for the Cloud Trust Protocol Working Group

The CSA Cloud Trust Protocol (CTP) Working Group is seeking new co-chairs to lead research in the areas of continuous monitoring/auditing for cloud assurance and transparency certification.

June 06, 2013

CSA CloudBytes: HIPAA Omnibus Rule (Thursday 6/13, 12pm Pacific)

Don’t miss this free event! On June 13th at 12:00pm (PDT), the CSA Health Information Working Group will be hosting a webinar the HIPAA Omnibus Rule.

May 31, 2013

White Paper Analysing Cloud Vulnerability Incidents from 2008-2012 released by the CSA Cloud Vulnerabilities Working Group

A white paper studying cloud computing outages reported by the media over a four year period has been released by the newly-established CSA Cloud Vulnerabilities Working Group.

May 16, 2013

Cloud Security Alliance APAC Defines 2013-2014 Research Roadmap

The APAC region leadership team has published its research roadmap for 2013-2014.

May 15, 2013

Cloud Security Alliance Successfully Completes Open Certification Framework (OCF) Pilot Implementations with Alibaba and New Taipei City Government

Representatives to discuss cloud computing pilot results and key learnings at CSA Congress APAC.

May 03, 2013

CSA Cloud Bytes: Big Data Analytics (Tues 5/7, 10am PDT)

As part of our mission to educate the industry on all matters related to the cloud, CSA Cloud Bytes would like to present a webinar on Big Data Analytics.

March 19, 2013

Open Survey: CIRRUS: Towards an EU Framework for Cloud Service Provider Security

The objective of this survey is to gather information on security activities as well as future priorities in cloud computing.

March 14, 2013

CSA Cloud Bytes on March 19th Will Focus on Financial Services

As part of our mission to educate the industry on all matters related to the cloud, CSA has launched a new free educational webinar series called CSA Cloud Bytes.

March 14, 2013

“CUMULUS” Research Project Investigates Certification Infrastructure for Multi-Layer Cloud Services

Eight partners from European science and industry have joined forces in the CUMULUS research project to investigate how in future cloud services can be made more secure and trustworthy for end users.

February 25, 2013

Cloud Security Alliance Warns Providers of ‘The Notorious Nine’ Cloud Computing Top Threats in 2013

A revised report aimed to provide organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regarding cloud adoption strategies.

February 25, 2013

Cloud Security Alliance Releases First Guidelines for Cloud Service Providers Delivering Services in the European Union

CSA Privacy Level Working Group encourages adoption worldwide as a powerful self-regulatory tool for data protection transparency and accountability in the cloud.

February 25, 2013

CSA Seeks Input For Open Peer Review: Expanded Top Ten Big Data Security and Privacy Challenges Report

The report outlines the unique challenges presented by Big Data through narrative use cases and identifies the dimension of difficulty for each challenge.

February 25, 2013

CSA Seeks Input For Open Peer Review: CCM v3.0

The Cloud Security Alliance has released a draft of the latest version of the Cloud Control Matrix, CCM v3.0 for public peer review.

February 06, 2013

CSA Seeks Input For Open Peer Review: Trusted Cloud Initiative Reference Architecture v2.0

Trusted Cloud Initiative (TCI) would like to invite you to review and comment on the latest version of the reference architecture (v2.0).

February 05, 2013

CSA Cloud Bytes: HIPAA & The Cloud – A Vendor’s Perspective, Feb. 7 – 12:00pm PST

CSA Health Information Management Working Group is proud to host a CSA Cloud Bytes headlined by Hemant Pathak, Assistant General Counsel at Microsoft.

January 28, 2013

CSA Launches Updated TCI Reference Architecture Research Website

TCI has updated its research website to include simplified architecture definition results, as well as an interactive application that allows users to learn about the applicability of the TCI reference architecture to their business scenario.

January 23, 2013

CSA Seeks Input for Open Peer Review: Provider Forensic Support Whitepaper

CSA’s Telecom Working Group and Incident Management & Forensics Working Group would like to invite you to review and comment on the Provider Forensic Support in Public Multi-Tenant Cloud Environments whitepaper.

January 14, 2013

CSA Seeks Input For Open Peer Review: Privacy Level Agreement Document

The Cloud Security Alliance (CSA) Privacy Level Agreement (PLA) Working Group would like to invite you to review and comment on the Privacy Level Agreement document.

November 08, 2012

Cloud Security Alliance Releases Security Guidance for Critical Areas of Mobile Computing

CSA Mobile Working Group report aims to provide industry with mobile security best practices.

November 07, 2012

CSA Big Data Working Group Releases Top 10 Big Data Security and Privacy Challenges Report

Group’s first research provides eye opening insight into a wide diversity of big data challenges facing enterprises.

October 29, 2012

CSA Releases Security Information and Event Management (SIEM) Guidance

New Security-as-a-Service Implementation Report provides guidance for deployment of cloud-based SIEM

October 25, 2012

CSA Seeks Input on a Mobile App Store Security Initiative Policy Guideline Document

The CSA Mobile Working Group would like to invite you to review and comment on their Mobile App Store Security Initiative Policy Guideline document that was created by their Initiative 5 sub-group.

October 19, 2012

CSA Seeks Input on a Mobile Authentication Document

Review and comment on the Mobile Authentication Document that was created by their Initiative 4 Authentication Sub-group.

October 19, 2012

CSA Seeks Input on a Mobile BYOD Document

Review and comment on the Bring Your Own Device (BYOD) Document that was created by their Initiative 3 BYOD Sub-group.

October 16, 2012

Take The CSA Mobile Maturity Questionnaire

This brief 5-10 minute survey is designed to help the Cloud Security Alliance, as well as, enterprises and individual consumers understand the current maturity level of the mobile marketplace.

October 09, 2012

Cloud Security Alliance Releases (SecaaS) Implementation Guidance

CSA today announced that its Security as a Service (SecaaS) Working Group has completed its peer review process and has published implementation guidance documents expanding upon their “Defined Categories of Service” document that was first made available in August of 2011.

October 04, 2012

Data Loss from Missing Mobile Devices Ranks as Top Mobile Device Threat by Enterprises

CSA Mobile Working Group today released findings from a new survey that calls out the specific security concerns enterprise executives say are the real and looming threats as it relates to mobile device security in the enterprise environment.

September 27, 2012

Cloud Maturity Study Reveals the Top 10 Issues Eroding Cloud Confidence

New research by Cloud Security Alliance and ISACA identifies government regulations, exit strategies, and international data privacy as top concerns.

September 26, 2012

CSA Security as a Service (SecaaS) Working Group Completes Implementation Guidance

New Identity and Access Management research provides business and technical considerations for implementation of SecaaS as part of the cloud.

September 21, 2012

Cloud Security Alliance Releases Cloud Controls Matrix Version 1.3

Version 1.3 integrates revised mapping of FedRAMP security controls.

September 20, 2012

CSA Identifies 17 Key Components for Effective Mobile Device Management of BYOD and Company-Owned Devices

The whitepaper is one of six parts to the upcoming, “Security Guidance for Critical Areas of Mobile Computing” report, one of a number of important research items to be presented and discussed at the upcoming annual CSA Congress being held November 7-8 in Orlando.

September 12, 2012

CSA Seeks Volunteers for Consensus Assessments Initiative Questionnaire (CAIQ) v.2

CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.

August 27, 2012

CSA Seeks Input on SecaaS Category 10 Implementation Guidance

Implementation Guidance documents, for each category of service previously defined, are being developed and we have another category ready for peer review now.

August 20, 2012

CSA Announces Open Security Framework for Cloud Providers

The Cloud Security Alliance (CSA) today announces additional details of its Open Certification Framework, and its partnership with BSI (British Standards Institution).

August 07, 2012

Helix Nebula Science Cloud Passes First Major Test

“Helix Nebula – the science cloud,” set up earlier this year to support the massive IT requirements of European scientists has successfully deployed its first flagship applications in high-energy physics, molecular biology and natural-disaster risk management.

August 07, 2012

CSA Seeks Input on SecaaS Categories of Service Implementation Guidance Documents

Implementation Guidance documents, for each category of service previously defined, are being developed and we have another category ready for peer review now.

August 06, 2012

CSA Seeks Input on CCM v1.3 FedRAMP Mapping Document

The CCM Working Group would like to invite you to review and comment on a preliminary draft of CCM v1.3 with a revised mapping of the Federal Risk and Authorization Management Program (FedRAMP) security controls published January 2012.

July 24, 2012

Take the Top Threats to Cloud Computing Survey

This survey’s purpose is to identify whether the Top Threats first identified by the CSA are still relevant today.

July 18, 2012

CSA Research Sponsorship Opportunities Available

CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.

July 11, 2012

Take the CSA Top Threats to Mobile Computing Survey

Due to the rapid adoption of mobile computing, and immediate connection to cloud computing, the CSA is creating a “Top Threats to Mobile Computing” report.

July 07, 2012

CSA Seeks Input on “Mobile Device Management: Key Components” whitepaper

The peer review site and survey will be open until Friday, July 20th, 2012.

June 27, 2012

CSA Seeks Input on Top Threats to Mobile Computing Document

The Cloud Security Alliance’s Mobile Working Group requests your review and survey participation for the first “Top Threats to Mobile Computing”.

May 15, 2012

Infocomm Development Authority of Singapore and Cloud Security Alliance Launch Joint Initiative to Create Trusted Cloud Ecosystem in Singapore

IDA and CSA will launch a joint initiative to create a trusted cloud eco-system in Singapore.

May 04, 2012

Big Data Working Group Kick-Off Call

CSA is launching a kick-off call for the Big Data Working Group on May 23rd, 14:00pm PST (GMT-7), open to all individuals interested in addressing scalable techniques for data-centric security and privacy problems.

April 21, 2012

CSA Seeks Input on the CTP Reference Architecture Model

The CSA CloudTrust Protocol (CTP) would like to invite you to review and comment on the CTP Reference Architecture Model.

April 13, 2012

Top Threats to Cloud Computing Kick-Off Call

Join us on our Kick-Off Call as we look for volunteers to participate in updating the CSA Top Threats to Cloud Computing document.

April 12, 2012

CSA Seeks Input on the Big Data Working Group Charter

The Cloud Security Alliance (CSA) Big Data Working Group (BDWG) would like to invite you to review and comment on the work group Charter.

March 20, 2012

Mobile Working Group Kick-Off (Call 2)

To accommodate all time zones, CSA will now be launching a Mobile Working Group kick-off (call 2) after our call 1 was held on March 15th.

March 20, 2012

Health Information Management Working Group Kick-off Call

Cloud Security Alliance is launching a kick-off call for the Health Information Management Working Group on March 22nd, 12:00pm PST (GMT-7).

February 27, 2012

CSA Announces Asia Pacific Expansion Initiative; Announces Partnership with Trend Micro as Founding Sponsor

CSA and Trend Micro Incorporated, a global cloud security leader, today announced the establishment of the CSA Asia Pacific headquarters.

February 27, 2012

CSA Launches Mobile and Innovation Initiatives at RSA

Cloud Security Alliance (CSA) today announced two significant new initiatives for 2012, addressing growing areas of need in cloud security – mobile computing and innovation.

January 05, 2012

VOLUNTEER OPPORTUNITY: Telecom Working Group 2012

The Cloud Security Alliance’s (CSA) Telecom Working Group is having it’s 2012 Kickoff call on January 12th. We are inviting all motivated individuals who want to contribute to any of the six new research initiatives being introduced for the coming year.

December 02, 2011

Cloud Security Alliance Announces an Expanded Educational Program

The Cloud Security Alliance is pleased to announce the expansion of their educational program. Three new sections have been added, each specifically designed to address a need within the cloud security community.

November 16, 2011

Cloud Security Alliance Releases Results of Cloud Consumer Advocacy Questionnaire and Information Survey

Cloud Data Governance (CDG) working group today introduced the results of its Cloud Consumer Advocacy Questionnaire and Information Survey. The survey is the first deliverable for the CDG working group, which will now turn its focus to delivering best practices recommendations, prioritizing and answering the key problems and questions identified by cloud stakeholders in the survey.

November 16, 2011

Cloud Security Alliance Releases Guidance Version 3

The Cloud Security Alliance (CSA) today unveiled the third version of its Security Guidance for Critical Areas of Focus in Cloud Computing. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely.

October 19, 2011

An Invitation for SME’s to contribute to CSA’s Cloud Data Governance Working Group by Tuesday, October 25th

The Cloud Data Governance (CDG) Working Group is seeking Subject Matter Experts to help identify the current state of public cloud solution provider maturity in addressing the issues related to Information Lifecycle Management (ILM). Subject Matter Experts are needed to help us complete the initial phase of our research.

October 18, 2011

Cloud Security Alliance Announces Trusted Cloud Initiative White Paper

CSA today announces that the Trusted Cloud Initiative has published its first white paper, “Trusted Cloud Initiative Quick Guide to the Reference Architecture”. The purpose of the quick guide is to take a user through the Trusted Cloud architecture much like an owner’s manual walks a consumer through a product.

October 06, 2011

The Cloud Consumer Advocacy Questionnaire and Information Survey (CCAQIS) – Survey submission has been extended through October 11, 2011

CCAQIS was designed to capture the current state of data governance and data security capabilities offered by leading cloud service providers in the industry.
The results of this survey will be aggregated and used for guidance and research conducted by CSA and its affiliates.

September 29, 2011

Open Review Period for Guidance V.3: Domains 7, and 14 (Has Begun)

The Cloud Security Alliance would like to invite you to review and comment on the following Guidance V.3 Domains: Domain 7: Traditional Security, Business Continuity and Disaster Recovery, Domain 14: Security as a Service

September 26, 2011

Cloud Security Alliance Issues First Security as a Service White Paper

CSA today announced that the Security as a Service working group has published its first white paper, “Defined Categories of Service 2011”. The purpose of this group’s research is to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

September 22, 2011

Open Review Period for Guidance V.3: Domains 4, 8, 9 and 11(Has Begun)

The Cloud Security Alliance would like to invite you to review and comment on the following Guidance V.3 Domains: Domain 4: Compliance and Audit, Domain 8: Data Center Operations, Domain 9: Incident Response, Notification, and Remediation, Domain 11: Encryption and Key Management.

September 20, 2011

Open Review Period for Guidance V.3: Domains 2, 3, 5 and 12 (Has Begun)

The Cloud Security Alliance would like to invite you to review and comment on the following Guidance V.3 Domains: Domain 2: Governance and Enterprise Risk Management, Domain 3: Legal and Electronic Discovery, Domain 5: Information Lifecycle Management, Domain 12: Identity and Access Management.

September 15, 2011

Open Review Period for Guidance V.3: Domains 1,6, 10 and 13 (Has Begun)

The Cloud Security Alliance would like to invite you to review and comment on the following Guidance V.3 Domains: Domain 1: Cloud Computing Architectural Framework, Domain 6: Portability and Interoperability, Domain 10: Application Security Domain 13: Virtualization.

August 26, 2011

Cloud Security Alliance Releases Cloud Controls Matrix v1.2

The Cloud Security Alliance (CSA) today published Version 1.2 of the Cloud Controls Matrix (CCM), which is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.

August 18, 2011

Open Review Period for the Draft of SecaaS Defined Categories of Service Whitepaper Starts Today

The Security as a Service (SecaaS) working group would like to invite you to review and comment on the Security as a Service “Defined Categories of Service” whitepaper. Your expertise will ensure that the white paper has accurate content.

August 11, 2011

CSA Announces a New Research Initiative Called Cloud Data Governance

The initial phase of the initiative will be a survey of cloud providers to determine the current industry practices around data governance as articulated by the Information Security Lifecycle Management domain in our V2.1 of the Security Guidance for Critical Areas of Focus in Cloud Computing.

July 26, 2011

Call for Volunteers for V.3 Guidance Group 2: GRC, Audit, Physical, BCM, DR

The Cloud Security Alliance and Group 2 GRC, Audit, Physical, BCM, DR Leadership team are looking for volunteers to assist with drafting Domain 2, 4 and 7 of version 3 of CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing.

July 21, 2011

Call for volunteers for V.3 Guidance Group 8: Virtualization and Technology Compartmentalization

The Cloud Security Alliance and Group 8 Virtualization and Technology Compartmentalization Leadership are looking for volunteers to assist with drafting Domain 13 of version 3 of CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing.

June 30, 2011

Security as a Service Initial Group Call set for July 5th

The CSA Security as a Service (SecaaS) Working Group will have their first group call on July 5th. The purpose of their research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

June 22, 2011

Call for Volunteers to Upgrade the CSA Cloud Controls Matrix to v1.2

We need smart, motivated volunteers and team leaders who are committed to an early August 2011 completion date. You can prepare yourself by checking out the current CSA Cloud Controls Matrix (v1.1).

June 21, 2011

SecaaS Seeks Additional Input on Working Group Proposal

Thank you to those who have contributed to the “Categories of Service” section of our working group proposal. We are still seeking input to all categories. For those who have recently expressed interest in getting involved, send me an email at [email protected] (Subject line: SecaaS Categories).

June 21, 2011

Telecom Working Group Charter Finalized

The Cloud Security Alliance would like to announce that a finalized Telecom Working Group (TWG) Charter is available to download on the Telecom Working Group page. The working group’s web page has also been updated to include current leadership and contributing members.

June 07, 2011

SecaaS Seeks Input on Working Group Proposal

The Cloud Security Alliance is now soliciting input for the Security as a Service (SecaaS) Working Group’s “Categories of Service” section of their working group proposal.

May 26, 2011

Updated Telecom Working Group Charter Available for Review

The Cloud Security Alliance would like to announce that a draft of the updated Telecom Working Group (TWG) Charter is now available for review. The new charter re-defines the scope of the TWG to allow more differentiation and synergy with the Security as a Service (SecaaS – Work Group 9) Working Group.

May 23, 2011

Call for volunteers to upgrade the CSA Cloud Controls Matrix to v1.2

Goals are to (1) include more granular controls for IaaS, and (2) create more mappings between the matrix and other compliance frameworks, such as NERC CIP.

December 17, 2010

Cloud Security Alliance launches Cloud Controls Matrix (CCM) 1.1

The Cloud Security Alliance (CSA) today announced the launch of revision 1.1 of the CCM Security Controls Matrix. The matrix is now available for free download at: https://cloudsecurityalliance.org/research/projects/cloud-controls-matrix-ccm/

November 17, 2010

Cloud Security Alliance Unveils Governance, Risk Management and Compliance (GRC) Stack

The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.

October 27, 2010

Cloud Security Alliance announces that CloudAudit has become an official project of the CSA

The Cloud Security Alliance (CSA) today announced that CloudAudit has become an official project of the CSA, with the joint mission of promoting the use of best practices for providing security assurance within Cloud Computing.

October 12, 2010

Cloud Security Alliance announces availability of Consensus Assessments Initiative Questionnaire

The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.

September 09, 2010

Cloud Security Alliance Seeks Community Input for Top Threats Report

Version 2.0 slated for release in late 2010 San Francisco, CA – September 9, 2010 – The Cloud Security Alliance is now soliciting input for Version 2.0 of its “Top Threats to Cloud Computing Report.” This pending revision is the first to Version 1.0, which was published and announced earlier this year RSA Conference 2010….

April 27, 2010

Cloud Controls Matrix is Released

The Cloud Security Alliance today has announced the availability of version 1.0 of the CSA Cloud Controls Matrix, a catalog of cloud security controls aligned with key information security regulations, standards and frameworks.

April 27, 2010

Trusted Cloud Research Advisory and New Whitepaper

The Cloud Security Alliance today has announced the completion of important milestones in its Trusted Cloud Initiative, previously announced by CSA and Novell at the RSA Conference 2010 in San Francisco.

December 17, 2009

Cloud Security Alliance Issues Version Two of Guidance Identifying Key Practices for Secure Adoption of Cloud Computing

The Cloud Security Alliance (CSA) today issued the second version of its “Guidance for Critical Areas of Focus in Cloud Computing”, now available on the Cloud Security Alliance website.

Page Dividing Line