Security Guidance

Latest Research
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Download

Earn a cloud certificate based on the Security Guidance v4
Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing establishes a stable, secure baseline for cloud operations. Back when CSA released the first version of the Security Guidance in 2009, it was the first comprehensive set of best practices for securing cloud computing. Since then this working group has periodically updated the Security Guidance, building on previous iterations and incorporating the latest advances in cloud, security, and supporting technologies.

New to the cloud? Want to understand how cloud security is different from on-premise security?
If you’re interested in a brief explanation and introduction to cloud security read our blog. Otherwise you can find the full list of recommendations and best practices can in the latest version of the Cloud Security Guidance for Cloud Computing.

Interested in certificates and training?
Cloud Security Alliance offers the Certificate of Cloud Security Knowledge (CCSK) which tests individuals on the domains covered in the CSA Security Guidance. There is both a certificate and a training available through CSA. You can learn more about the CCSK here

Security GuidanceCCAKCCSKCloud Controls Matrix

The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals to create the Cloud Security Guidance. We are profoundly grateful to all who contributed to version 4 of the release.

Next Meeting

No Meetings Currently Scheduled



Working Group Leadership

Rich Mogull Headshot
Rich Mogull
Rich Mogull

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA...

Read more

Earn your Certificate of Cloud Security Knowledge

Best Practices for Cloud Security

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.

Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Guía de Seguridad de Áreas Críticas para la Computación en la Nube

Con este documento, nuestro objetivo es proporcionar tanto orientación como inspiración para respaldar los objetivos comerciales, mientras se gestionan y mitigan los riesgos asociados con la adopción de la tecnología de computación en la nube.

Security Guidance v4.0 - Chinese Translation

Security Guidance v4.0 - Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Blog Posts

The 6 Phases of Data Security
CCSK Success Stories: From a Cloud Technical Specialist
How Security Changes With Cloud Networking

Press Coverage

Article TitleSourceDate
Developing a Cloud Security StrategySecurity IntelligenceOctober 15, 2020