Cloud 101
Circle
Events
Blog

Working Group

SaaS Governance

This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider.
View Current Projects
Working Group Overview
This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider.


What do we discuss? 
During our meetings we typically discuss changes in the industry and collaborate on projects the group is currently working on. We welcome anyone who would like to join, even if you would like to just listen-in on your first call.


Drafts & Important Docs

Working Group Leadership

Ronald Tse
Ronald Tse

Ronald Tse

CEO, Ribose

Ronald has served CSA in numerous capacities, including as a member of CSA's APAC Research Advisory and International Standardization Council. Additionally, he co-chairs the Open Certification Framework (OCF), SaaS Governance, and DevSecOps working groups. He is the founder and CEO of Ribose, where under his leadership the company has been consistently awarded the industry's highest cloud security ratings, including being the on...

Read more

Publications in ReviewOpen Until
Telesurgery Tabletop Guide BookDec 16, 2022
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization ManagementDec 18, 2022
ATT&CK & D3FEND with a CAVEATDec 23, 2022
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - OutlineMar 31, 2023
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Telesurgery Tabletop Guide Book

Open Until: 12/16/2022

The purpose of this guidebook is to assist healthcare providers in planning and facilitating a discussion and evaluation of...

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management

Open Until: 12/18/2022

With the growing amount of cloud applications that customers are using, it is as important as ever to get a handle on the m...

ATT&CK & D3FEND with a CAVEAT

Open Until: 12/23/2022

Cybersecurity practitioners continue to search for adversarial threat models to drive system assessment and operational ana...

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline

Open Until: 03/31/2023

The proposed outline for the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing v5 is...