Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Initiative
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups
Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Initiative
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups
Circle
Events
Blog

Security Guidance

Latest Research
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Download

Research Home
View Working Groups
Contribute
Download Publications
Earn a cloud certificate based on the Security Guidance v4
Home
Research
Working Groups
Security Guidance
Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing establishes a stable, secure baseline for cloud operations. Back when CSA released the first version of the Security Guidance in 2009, it was the first comprehensive set of best practices for securing cloud computing. Since then this working group has periodically updated the Security Guidance, building on previous iterations and incorporating the latest advances in cloud, security, and supporting technologies.

New to the cloud? Want to understand how cloud security is different from on-premise security?
If you’re interested in a brief explanation and introduction to cloud security read our blog. Otherwise you can find the full list of recommendations and best practices can in the latest version of the Cloud Security Guidance for Cloud Computing.

Interested in certificates and training?
Cloud Security Alliance offers the Certificate of Cloud Security Knowledge (CCSK) which tests individuals on the domains covered in the CSA Security Guidance. There is both a certificate and a training available through CSA. You can learn more about the CCSK here

Security GuidanceCCAKCCSKCloud Controls Matrix

The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals to create the Cloud Security Guidance. We are profoundly grateful to all who contributed to version 4 of the release.

Next Meeting

No Meetings Currently Scheduled


Working Group Leadership

Rich Mogull Headshot
Rich Mogull
Rich Mogull

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA...

Read more

Earn your Certificate of Cloud Security Knowledge

Best Practices for Cloud Security

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.

Download the Security Guidance
Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Con este documento, nuestro objetivo es proporcionar tanto orientación como inspiración para respaldar los objetivos comerciales, mientras se gestionan y mitigan los riesgos asociados con la adopción de la tecnología de computación en la nube.

Request to download
Security Guidance v4.0 - Chinese Translation

Security Guidance v4.0 - Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Request to download
View All Research

Blog Posts

How the Incident Response Lifecycle Changes for Cloud
Read Now
Business Continuity and Disaster Recovery in the Cloud
Read Now
The 6 Phases of Data Security
Read Now

Press Coverage

Article TitleSourceDate
Developing a Cloud Security StrategySecurity IntelligenceOctober 15, 2020