Membership
Become a Member
Enterprises
Solution Providers
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
About Circle
Create an Account
Login to Circle
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

Security Guidance

Latest Research
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Download

Research Home
View Working Groups
Contribute
Download Publications
Earn a cloud certificate based on the Security Guidance v4
Home
Research
Working Groups
Security Guidance
Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing establishes a stable, secure baseline for cloud operations. This effort provides a practical, actionable roadmap for managers wanting to adopt the cloud paradigm safely and securely. It helps managers understand how to support business goals with cloud while managing and mitigating the risks associated with cloud computing adoption. 

The CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing builds on previous iterations through dedicated research, public participation from CSA members, working groups, and industry experts. This version incorporates advances in cloud, security, and supporting technologies, reflects on real-world cloud security practices, integrates the latest CSA research projects, and offers guidance for related technologies. Domains are reviewed to emphasize security, stability, and privacy in a multi-tenant environment. 

New to the cloud? Want to understand how cloud security is different from on-premise security?
If you’re interested in a brief explanation and introduction to cloud security read our blog. Otherwise you can find the full list of recommendations and best practices can in the latest version of the Cloud Security Guidance for Cloud Computing.

Interested in certificates and training?
Cloud Security Alliance offers the Certificate of Cloud Security Knowledge (CCSK) which tests individuals on the domains covered in the CSA Security Guidance. There is both a certificate and a training available through CSA. You can learn more about the CCSK here

Security GuidanceCloud Controls MatrixCCAKCCSK

The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals to create the Cloud Security Guidance. We are profoundly grateful to all who contributed to version 4 of the release.

Next Meeting

No Meetings Currently Scheduled


Working Group Leadership

Rich Mogull Headshot

Rich Mogull

Earn your Certificate of Cloud Security Knowledge

Best Practices for Cloud Security

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.

Download the Security Guidance
Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Con este documento, nuestro objetivo es proporcionar tanto orientación como inspiración para respaldar los objetivos comerciales, mientras se gestionan y mitigan los riesgos asociados con la adopción de la tecnología de computación en la nube.

Request to download
Security Guidance v4.0 - Chinese Translation

Security Guidance v4.0 - Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Request to download
View All Research

Blog Posts

What is cloud security? How is it different from traditional on-premises network security?
Read Now

Press Coverage

Article TitleSourceDate
Developing a Cloud Security StrategySecurity IntelligenceOctober 15, 2020