Working Group

Hybrid Cloud Security

Join Group
Hybrid Cloud Security


As businesses are developing rapidly, and IT infrastructures constantly diversified, a single public / private cloud or traditional on-premises datacenter is no longer able to meet service requirements in terms of costs, performance, scalability, security, and compatibility. Users are increasingly choosing hybrid clouds to meet their needs. Hybrid clouds take advantage of various clouds and traditional IT infrastructures and work systematically to benefit the users based on their service requirements. However, there are different security risks the hybrid clouds pose, bringing on challenges to security protection. This initiative aims to identify hybrid cloud security risks and countermeasures, helping users identify and reduce risk. Besides this, the working group also intends to provide suggestions on hybrid cloud governance, hybrid cloud threat profiles and hybrid cloud security evaluation, guiding both users and cloud service providers to choose and provide secure hybrid cloud solutions, and promoting security planning and implementation.


Mitigating Hybrid Clouds Risks

Release Date: 10/22/2020

Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloudmodel consists of ris...

Mitigating Hybrid Clouds Risks

Cloud Penetration Testing Playbook

Release Date: 07/12/2019

As cloud services continue to enable new technologies and see massive adoption there is a need to extend the scope of penetratio...

Cloud Penetration Testing Playbook

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Next Meeting

No Meetings Currently Scheduled


Zou Feng Headshot

Zou Feng (CISSP-ISSAP, CISA) has been working in IT for 20+ years with strong technical background and broad experience in heterogeneous system and multi-culture environment. Starting as Communicat...

Zou Feng
Narudom Roongsiriwong Headshot

Narudom is a certified information security professional with more than 20 years of experience. His primary areas of interest in information security are in solution designing, analytics, and appli...

Narudom Roongsiriwong