Membership
Become a Member
Enterprises
Solution Providers
Startups
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
Circle
Create an Account
Inner Circle Discussion
Job Board Postings
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

Working Group

Security Guidance

Research Home
View Working Groups
Contribute
Download Publications
Home
Research
Working Groups
Security Guidance

Introduction

Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable roadmap to managers wanting to adopt the cloud paradigm safely and securely. Domains are reviewed to emphasize security, stability, and privacy in a multi-tenant environment. The CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing builds on previous iterations through dedicated research, public participation from CSA members, working groups, and industry experts. This version incorporates advances in cloud, security, and supporting technologies, reflects on real-world cloud security practices, integrates the latest CSA research projects, and offers guidance for related technologies. The goal of the fourth version of Security Guidance for Critical Areas of Focus in Cloud Computing is to provide guidance and inspiration to support business goals while managing and mitigating the risks associated with cloud computing adoption.

Artifacts

Security Guidance v4.0 Info Sheet
Security Guidance v4.0 Info Sheet

This version, the first major update since 2011, is the culmination of over a year of dedicated research and pub...

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (Spanish Translation)

This localized version of this publication was produced from the

Security Guidance v4.0 - Chinese Translation
Security Guidance v4.0 - Chinese Translation

This localized version of this publication was produced from the

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 - Japanese Translation
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 - Japanese Translation

This localized version of this publication was produced from the

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challeng...

FedRAMP Cloud Controls Matrix v3.0.1 Candidate Mapping
FedRAMP Cloud Controls Matrix v3.0.1 Candidate Mapping
New Security Guidance for Early Adopters of the IoT
New Security Guidance for Early Adopters of the IoT

This document provides guidance for the secure implementation of Internet of Things (IoT)-based systems. We have...

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0
Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operation...

Cloud Computing for Business
Cloud Computing for Business

This book is for all these people, and indeed for all executives whose companies are using, or thinking of using...

NIST Guidelines on Security and Privacy in Public Cloud Computing
NIST Guidelines on Security and Privacy in Public Cloud Computing

Interest in cloud computing has rapidly grown in recent years due to the advantages of greaterflexibility an...

Security Guidance for Critical Areas of Focus in Cloud Computing V2.0
Security Guidance for Critical Areas of Focus in Cloud Computing V2.0

The guidance provided herein is the second version of the Cloud Security Alliance document,“Security Guidanc...

Security Guidance for Critical Areas of Focus in Cloud Computing V1.0
Security Guidance for Critical Areas of Focus in Cloud Computing V1.0

This is version one of the CSA Security Guidance. You can find the latest version of this document

Read the Blog

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Learn more

Next Meeting

No Meetings Currently Scheduled

Leadership

Rich Mogull Headshot

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremo...

 
Rich Mogull