CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
![]() | Secure Connection Requirements of Hybrid Cloud Release Date: 11/05/2021 The National Institute of Standards and Technology (NIST) defines hybrid cloud infrastructure as a composition of distinct cloud infrastructures (pri... Request to download |
![]() | Toward a Zero Trust Architecture Release Date: 10/27/2021 Enterprise stakeholders must consider the challenges of increased real-time system complexity, the need for new cybersecurity policy and strong cultural s... Request to download |
![]() | The Continuous Audit Metrics Catalog Release Date: 10/19/2021 Are traditional infosec assurance tools outdated? Many cloud customers think so. They see that technology changes quickly, and products are frequently evo... Request to download |
![]() | Practical Preparations for the Post-Quantum World Release Date: 10/19/2021 This document discusses the cybersecurity challenges and recommended steps to reduce likely new risks due to quantum information sciences. This paper was ... Request to download |
![]() | Information Technology Governance, Risk and Compliance in Healthcare Release Date: 10/15/2021 Information Technology (IT) Governance, Risk, and Compliance (GRC), are three words that have a significant impact on organizations. While each term seems... Request to download |
![]() | Top 10 Blockchain Attacks, Vulnerabilities & Weaknesses Release Date: 09/27/2021 Cryptocurrencies and other blockchain virtual assets have been the target of the majority of Distributed Ledger Technology (DLT) attacks and a variety of ... Request to download |
![]() | State of Cloud Security Risk, Compliance, and Misconfigurations Release Date: 09/17/2021 Cloud misconfigurations consistently are a top concern for organizations utilizing public cloud. Such errors lead to data breaches, allow the deletion or ... Request to download |
![]() | Ransomware in the Healthcare Cloud Release Date: 09/15/2021 Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant reve... Request to download |
![]() | How to Design a Secure Serverless Architecture 2021 Release Date: 09/14/2021 Like any solution, serverless computing brings with it a variety of cyber risks. This paper covers security for serverless applications, focusing on best pra... Request to download |
![]() | Recommendations for Adopting a Cloud-Native Key Management Service Release Date: 09/14/2021 Cloud-native key management services (KMS) offer organizations of any size and complexity a low-cost option for meeting their needs for key management, pa... Request to download |
![]() | The Evolution of STAR: Introducing Continuous Auditing Release Date: 09/14/2021 The CSA Continuous Auditing Certification (aka STAR Level 3) is the most rigorous assurance tier in the STAR program. Level 3 certified services providers... Request to download |
![]() | Microservices Architecture Pattern Release Date: 08/31/2021 This document provides a repeatable approach to architecting, developing, and deploying microservices as Microservices Architecture Patterns (MAPs). The p... Request to download |
![]() | Process for CSA International Standardization Council (ISC) Standards Liaison Officer Release Date: 08/18/2021 The Cloud Security Alliance (CSA) has designated a council to coordinate all aspects of standardization efforts within the CSA. The role of the council is... Request to download |
![]() | Protecting the Privacy of Healthcare Data in the Cloud Release Date: 08/10/2021 The Health Delivery Organization (HDO) needs to understand the relationship between privacy and security, particularly the differences. This understanding... Request to download |
![]() | Release Date: 07/29/2021 The purpose of this document is to enable, encourage cloud and security practitioners to apply threat modeling for cloud applications, services, and security... Request to download |
![]() | Cloud Key Management Working Group Charter 2021 Release Date: 07/20/2021 Cloud services are becoming ubiquitous in all sizes, and customers encounter many obligations and opportunities for using key management systems with thos... Request to download |
![]() | The Use of Blockchain in Healthcare Release Date: 07/15/2021 Healthcare is a large and heavily regulated industry. US and EU privacy and security laws require healthcare organizations to protect personal information... Request to download |
![]() | Healthcare Cybersecurity Playbook - An Evolving Landscape Release Date: 07/14/2021 One aspect of healthcare that has increased significantly during the COVID-19 pandemic is the use of telehealth. Telehealth is used for everything from re... Request to download |
![]() | SecaaS Working Group Charter 2021 Release Date: 07/09/2021 This charter lays out the scope, responsibilities, and roadmap for the Security as a Service (SecaaS) Working Group. The SecaaS Working Group has been cre... Request to download |
![]() | Hyperledger Fabric 2.0 Architecture Security Report Release Date: 06/28/2021 Blockchain technology is being rapidly adopted by enterprises to bring traceability and transparency to external business workflows. Considering that many... Request to download |