Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Contact Us
Current Business Members
Cloud Customers
Cloud Solution Providers
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Initiative Assessment Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events & Webinars
Learn and network while you earn CPE credits.
Events
CloudBytes Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups

Security Guidance

Latest Research
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Download

Research Home
View Working Groups
Contribute
Download Publications
Earn a cloud certificate based on the Security Guidance v4
Home
Research
Working Groups
Security Guidance
Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing establishes a stable, secure baseline for cloud operations. This effort provides a practical, actionable roadmap for managers wanting to adopt the cloud paradigm safely and securely. It helps managers understand how to support business goals with cloud while managing and mitigating the risks associated with cloud computing adoption. 

The CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing builds on previous iterations through dedicated research, public participation from CSA members, working groups, and industry experts. This version incorporates advances in cloud, security, and supporting technologies, reflects on real-world cloud security practices, integrates the latest CSA research projects, and offers guidance for related technologies. Domains are reviewed to emphasize security, stability, and privacy in a multi-tenant environment. 

New to the cloud? Want to understand how cloud security is different from on-premise security?
If you’re interested in a brief explanation and introduction to cloud security read our blog. Otherwise you can find the full list of recommendations and best practices can in the latest version of the Cloud Security Guidance for Cloud Computing.

Interested in certificates and training?
Cloud Security Alliance offers the Certificate of Cloud Security Knowledge (CCSK) which tests individuals on the domains covered in the CSA Security Guidance. There is both a certificate and a training available through CSA. You can learn more about the CCSK here

Security GuidanceCloud Controls MatrixCCAKCCSK

The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals to create the Cloud Security Guidance. We are profoundly grateful to all who contributed to version 4 of the release.

Next Meeting

No Meetings Currently Scheduled


Working Group Leadership

Rich Mogull Headshot

Rich Mogull

Earn your Certificate of Cloud Security Knowledge

Best Practices for Cloud Security

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.

Download the Security Guidance
Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Con este documento, nuestro objetivo es proporcionar tanto orientación como inspiración para respaldar los objetivos comerciales, mientras se gestionan y mitigan los riesgos asociados con la adopción de la tecnología de computación en la nube.

Request to download
Security Guidance v4.0 - Chinese Translation

Security Guidance v4.0 - Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Request to download
View All Research

Blog Posts

What is cloud security? How is it different from traditional on-premises network security?
Read Now

Press Coverage

Article TitleSourceDate
Developing a Cloud Security StrategySecurity IntelligenceOctober 15, 2020