Taking Cloud security Service Level Agreements (SLAs) close-to-market

Goal: Assess the market readiness of software solutions targeting the automated management of cloud security SLAs

Time: 10 mins - 15 mins

Prizes: 5 CCSK token opportunities

Closing Date: April 29th

Participate Now

Thank you for your continued support!

Mitigating Risk for Cloud Apps Survey

Current state of SaaS security - with several years of cloud adoption in many organizations, approaches to security have been evolving rapidly. The purpose of this survey is to look at the specific concerns, policies, and controls that enterprises are using. The goal will be to answer the question, what are today's enterprises doing to mitigate risk across both sanctioned and unsanctioned cloud applications?

Time: 15 minutes

Prizes: 10 CCSK Tokens

Closing Date: May 23rd

Participate Now

Thank you for your continued support!

Defeating Insiders Survey

Defeating the Insider Threat and Shoring up the Data Security Lifecycle

Everything we know about defeating the insider threat seems not to be solving the problem. In fact, evidence from the Deep and Open Web points to a greatly worsening problem. Today’s employees work with a number of applications and with a series of clicks information can be both maliciously and accidentally leaked.

The purpose of this survey and research is to uncover:

  • The extent of employees leaking critical information and tradecraft on illicit sites
  • Data types and formats being exfiltrated along with exfiltration mechanisms
  • Why so many of these threats go undetected
  • What happens to the data after it has been exfiltrated
  • Tools to disrupt and prevent the data exfiltration cycle
  • Possibilities to expunge traces of data once exfiltrated

Time: 10-15 minutes

Prizes: 5 CCSK Tokens

Participate now

Thank you for your continued support!

CSA Seattle Chapter Survey

Moving to the Cloud: Attitudes and Obstacles

The goal of this survey is to determine the sentiments held about moving to the cloud and determine what obstacles prevent companies from fully embracing cloud. This is a part of a series of surveys which indicate how these attitudes and challenges change as years pass.

Prizes: Daily $50 Amazon Gift Card Drawings the week of RSA

Participate now

Thank you for your continued support!

Crowdsourcing Security Risk Scores Survey

What are the most important security controls in your industry? Which controls should you prioritize first? Researchers from the Cloud Security Alliance, and Brigham Young University are crowdsourcing the wisdom of IT security experts to answer these and other related questions. The results of this study will be used to develop crowd-sourced, risk scoring methodology to more objectively help companies better understand the security risks associated with vendors and partners.

Time: 10 minutes

Prize: $100 Amazon Gift Card

Participate now

Thank you for your continued support!

The Cloud Security Alliance is uniquely positioned within the cloud security community. Thousands of active members are able to respond to cloud security-related surveys. This website is a repository of the results from these surveys.

The Cloud Balancing Act for IT: Between Promise and Peril

Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place. That’s what the findings from a new Cloud Security Alliance (CSA) survey, titled The Cloud Balancing Act for IT: Between Promise and Peril, indicated when it surveyed executives and IT managers worldwide. Security professionals indicated receiving, on average, 10.6 requests each month for new cloud services. Perhaps that’s why 71.2% of companies now have a formal process for users to request new cloud services.

The Cloud Balancing Act for IT Survey Report includes responses from more than 200 IT and security professionals varying in company size and industries from the Americas, EMEA and APAC regions. Sponsored by Skyhigh Networks, the survey covers several topics ranging from the need to hire CISOs to help curb the likelihood of cyber threats to just how much of the business IT is willing to hand over to cloud services from their legacy on-premises solutions.

The Cloud Balancing Act for IT: Between Promise and Peril

The Cloud Balancing Act for IT: Between Promise and Peril

Cloud Adoption does not have to mean opening up your organization to increased security risks and threats if the right policies are in place.

Release Date: January 13, 2016

Cloud Adoption Practices & Priorities Survey Report

The benefits for enterprises moving to the cloud are clear: greater business agility, data availability, collaboration, and cost savings. The cloud is also changing how companies consume technology. Employees are more empowered than ever before to find and use cloud applications, often with limited or no involvement from the IT department, creating what’s called “shadow IT.” Despite the benefits of cloud computing, companies face numerous challenges including the security and compliance of corporate data, managing employee-led cloud usage, and even the development of necessary skills needed in the cloud era. By understanding the cloud adoption practices and potential risks, companies can better position themselves to be successful in their transition to the cloud.

In the 2014 Cloud Adoption Practices and Priorities (CAPP) survey, the Cloud Security Alliance sought to understand how IT organizations approach procurement and security for cloud services and how they perceive and manage employee-led cloud adoption. We asked IT and security professionals for their views on “shadow IT,” obstacles preventing cloud adoption, types of cloud services requested and blocked, security priorities, and governance practices. We uncovered stark differences between how companies in North America and Europe approach the cloud, and even how large enterprises differ from their smaller counterparts. As more IT departments look to play a greater role in enabling the safe adoption of cloud services, we hope these findings can provide some guidance.

Cloud Usage: Risks and Opportunities

This survey was circulated to over 165 IT and security professionals in the U.S. and around the globe representing a variety of industry verticals and enterprise sizes. The goal was to understand their perception of how their enterprises are using cloud apps, what kind of data are moving to and through those apps, and what that means in terms of risks.

Beyond raising awareness around cloud service risk, the findings of this survey are intended to provide usage intelligence that helps IT, security, and business decision-makers take action in their organizations – from consolidating and standardizing on the most secure and enterprise-ready cloud services, to knowing what policies will have the most impact, to understanding where to focus when educating users.

NSA/PRISM Survey Downloads

During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines. Snowden provided evidence of US government access to information from telecommunications and Internet providers via secret court orders as specified by the Patriot Act. The subsequent news leaks indicated that allied governments of the US may have also received some of this information and acted upon it in unknown ways. As this news became widespread, it led to a great deal of debate and soul searching about appropriate access to an individual's digital information, both within the United States of America and any other country.

CSA initiated this survey to collect a broad spectrum of member opinions about this news, and to understand how this impacts attitudes about using public cloud providers as well as any other broadly available Internet service. This survey was conducted online via SurveyMonkey from June 25, 2013 to July 9, 2013.

Government Access to Information Survey Results

Government Access to Information Survey Results

The survey received almost 500 responses from CSA members around the world. It found that 56% of non-US residents were now less likely to use US-based cloud providers, in light of recent revelations about government access to customer information.

Release Date: July 23, 2013