Cloud 101CircleEventsBlog

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Cloud Key Management Working Group Charter 2025

Cloud Key Management Working Group Charter 2025

Release Date: 03/18/2025

Cloud services are becoming ubiquitous in all sizes, and customers encounter many obligations and opportunities for using key management systems with those cloud services. However, as an area of emergent technical focus, there is little independent analysis and guidance in the public domain for...
Context-Based Access Control for Zero Trust - Japanese Translation

Context-Based Access Control for Zero Trust - Japanese Translation

Release Date: 03/11/2025

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact research@cloudsecurityalliance.org.

Traditional...
Shadow Access and AI

Shadow Access and AI

Release Date: 03/11/2025

Shadow Access is undesired or unauthorized access to resources, such as applications, networks, and data. Shadow Access is increasingly a cloud issue, resulting from the increased use of entitlements that connect cloud services together. Automated infrastructure with incorrectly permissioned...