Mission Statement

To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more

Latest News

November 15, 2016

Cloud Security Alliance Launches Crowdfunded Cloud Security Management Solution

STARWatch SaaS Application Empowers Organizations to Manage Compliance & Risks Using CSA Standards and Best Practices SAN FRANCISCO – November 15, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch of its…

November 03, 2016

CSA’S IOT SECURITY REPORT

OCTOBER 28, 2016 via RESEARCHandMARKETS, The World’s Largest Market Research Store Last week’s DDoS attack was the largest of its kind in history, and shows how easy Internet of Things devices can be compromised and used to conduct massive cyber-attacks. The attack has caused serious concern among the technology community regarding the level of security…

November 02, 2016

Cloud Security Alliance Releases Chinese Financial Services Report with Ernst & Young China

Beijing, CHINA – November 1, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Ernst & Young (EY) China, today released the results of a joint survey, “Financial Services Industry Cloud Adoption Survey: China”. The…

October 07, 2016

CSA Internet of Things Working Group Releases Industry’s First Guidance for Securing IoT Product Ecosystem

‘Designing and Developing Secure IoT Products’ Provides Actionable and Useful Guidance to Raise the Overall Security of IoT Products San Jose, CA – CSA Congress 2016 – October 7, 2016 – The Cloud Security Alliance (CSA) today released a new detailed and hefty guidance report titled Future-proofing the Connected World: 13 Steps to Developing Secure…

October 07, 2016

Cloud Security Alliance EMEA to Host Fifth Annual Congress

Agenda and Keynote Speakers Announced for Premiere European Cloud Security Event MADRID, SPAIN – October 7, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the agenda and keynote speakers for its fifth annual…

October 05, 2016

Cloud Security Alliance Asia Pacific Hosts Financial Cloud Forum in Shanghai

Organization Announces Upcoming Research and Future Events in Region Shanghai, China – October 6, 2016 — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today outlined a number of highlights from its recent Financial Cloud Forum 2016…

September 27, 2016

Open Peer Review – Quantum-Safe Security Glossary

The Cloud Security Alliance would like to invite you to review and comment on the Quantum-Safe Security working group’s latest document, Quantum-Safe Security Glossary. This document is the latest in a series of documents from the working group introducing quantum computing. This document is intended to help the industry understand quantum‐safe methods for protecting their…

September 27, 2016

Open Peer Review – Applied Quantum-Safe Security: Quantum Resistant Algorithms and Quantum Key Distribution position paper

The Cloud Security Alliance would like to invite you to review and comment on the Quantum-Safe Security working group’s latest document, Applied Quantum-Safe Security: Quantum Resistant Algorithms and Quantum Key Distribution. This document is the latest in a series of documents from the working group introducing quantum computing. This document focuses on the potential for…

See all news

Press Coverage

Tech News World | October 13, 2016

IoT Could Become Playground for Botnets Gone Wild

The Register | October 13, 2016

Devs! Here’s how to secure your IoT network, in, uh, 75 easy pages

Government Technology Magazine | October 13, 2016

New Guide Offers Advice on Securing Internet of Things Products

Christian Science Monitor | October 13, 2016

Your home might be secretly carrying out cyberattacks

eWeek | October 13, 2016

Cloud Security Alliance Details IoT Security Guidelines

Cyber Scoop | October 13, 2016

Cloud Security Alliance issues IoT security guide

PC Magazine | September 07, 2016

10 Best Practices for Securing Big Data

Security Info Watch | September 06, 2016

Addressing Cloud Risk

Channel Insider | August 30, 2016

10 Best Practices for Security, Compliance Monitoring

TechRepublic | August 29, 2016

72% of CXOs committed to digital transformation, only 15% believe they can do it

Comptuerworld | August 29, 2016

How software-defined everything will change outsourcing

Information Management | August 29, 2016

100 Best Practices in Big Data Distributed Programming Frameworks

Silicon Angle | August 28, 2016

The Cloud Security Alliance publishes its best practices for Big Data security

ComputerWorld Australia | August 27, 2016

100 best practices for keeping big data secure

CIO Insight | August 26, 2016

Security Concerns of Next-Generation Analytics

ComputerWorld | August 26, 2016

Got big data? The Cloud Security Alliance offers up 100 best practices

Cloud Tech | August 26, 2016

The top 100 best practices in big data revealed

TechRepublic | August 26, 2016

Cloud Security Alliance releases top 100 big data best practices report

SearchSecurity.com | August 26, 2016

NSA’s SNMP exploit cyberweapon affects all Cisco ASA software

Channel Partners | August 26, 2016

Channeling Security: Kaspersky Execs Say ‘Plan Is To Push More Responsibility Out To Partners’

See all press

Recent Blog Posts

November 21, 2016

Evolving Threats Compel an About-face in Data Protection Strategy

By  Vijay Ramanathan, Vice President of Product Management, Code42 It’s time to flip our thinking about enterprise information security. For a long time, the starting point of our tech stacks has been the network. We employ a whole series of solutions on servers and networks—from monitoring and alerts to policies and...

November 18, 2016

Container Sprawl: The Next Great Security Challenge

By Jon King, Security Technologist and Principal Engineer, Intel Security And you thought virtualization was tough on security … Containers, the younger and smaller siblings of virtualization, are more active and growing faster than a litter of puppies. Recent stats for one vendor show containers now running on 10% of hosts,...

November 14, 2016

Fight Against Ransomware Takes to the Cloud

By Raj Samani, EMEA CTO, Intel Security “How many visitors do you expect to access the No More Ransom Portal?” This was the simple question asked prior to this law enforcement (Europol’s European Cybercrime Centre, Dutch Police) and private industry (Kaspersky Lab, Intel Security) portal going live, which I didn’t have...

November 11, 2016

Personalized Ransomware: Price Set by Your Ability to Pay

By Susan Richardson Smart entrepreneurs have long employed differential pricing strategies to get more money from customers they think will pay a higher price. Cyber criminals have been doing the same thing on a small scale with ransomware: demanding a larger ransom from individuals or companies flush with cash, or...

November 04, 2016

Cyber Security Tip for CISOs: Beware of Security Fatigue

By Susan Richardson, Manager/Content Strategy, Code42 What’s the most effective thing you can do for cyber security awareness? Stop talking about it, according to a new study that uncovered serious security fatigue among consumers. The National Institute of Standards and Technology study, published recently, found many users have reached their saturation point...

November 02, 2016

The Dyn Outage and Mirai Botnet: Using Yesterday’s Vulnerabilities to Attack Tomorrow’s Devices Today

By Jacob Ansari, Manager, Schellman On Oct. 21, Dyn, a provider of domain name services (DNS), an essential function of the Internet that translates names like www.schellmanco.com to its numerical IP address, went offline after a significant distributed denial of service (DDoS) attack affected Dyn’s ability to provide DNS services to...

October 31, 2016

To Include or Not to Include – Scoping ISO 27001 and Colocation Service Providers

By Ryan Mackie, Principal and ISO Certification Services Practice Director, Schellman Introduction ISO 27001 North American GrowthISO/IEC 27001:2015 (ISO 27001) certification is becoming more of a conversation in most major businesses in the United States. To provide some depth, there was a 20% increase in ISO 27001 certificates maintained globally...

October 27, 2016

Defeating Insider Threats in the Cloud

By Evelyn de Souza, Data Privacy and Security Leader, Cisco Systems  and Strategy Advisor, Cloud Security Alliance Everything we know about defeating the insider threat seems to not be solving the problem. In fact, evidence from the Deep, Dark and Open Web points to a greatly worsening problem. Today’s employees...

Read the blog

Certification

CCSK: Certificate of Cloud Security Knowledge

The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.

Learn more

Training

CSA Training

The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.

Learn more

Newsletter Archive

All of our past newsletters are available online for your convenience.

Read them here

Downloads

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Download

Release Date: June 06, 2016

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Download

Release Date: February 01, 2016

Big Data Taxonomy

Big Data Taxonomy

A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.

Download

Release Date: September 18, 2014

Enterprise Architecture v2.0

Enterprise Architecture v2.0

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

Download

Release Date: February 25, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union

The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.

Download

Release Date: February 24, 2013

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Download

Release Date: November 08, 2012

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Download

Release Date: November 14, 2011

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Download

Release Date: September 01, 2011

Cloud Adoptions Practices & Priorities in the Chinese Financial Sector Survey Report

Cloud Adoptions Practices & Priorities in the Chinese Financial Sector Survey Report

Download

Release Date: October 28, 2016

CloudWatch2 Risk Based Decision Making Mechanisms For Cloud Service In The Public Sector

Download

Release Date: October 27, 2016

Defeating Insider Threat Survey

Download

Release Date: October 19, 2016

Future Proofing the Connected World

Download

Release Date: October 07, 2016

Big Data Security and Privacy Handbook

Big Data Security and Privacy Handbook

Download

Release Date: August 26, 2016

Mitigating Risk Survey Report

Mitigating Risk Survey Report

Download

Release Date: August 17, 2016

Re-Think Security

Download

Release Date: July 15, 2016

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Download

Release Date: June 30, 2016

Quantum Random Number Generators

Quantum Random Number Generators

A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Randomness, quantitatively measured by entropy, is the measure of uncertainty or disorder within a set of data. The higher the level of unpredictability, the more random the data is and the more valuable it becomes, particularly for…

Download

Release Date: June 09, 2016

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Controls Matrix v3.0.1 (10-6-16 Update)

Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…

Download

Release Date: June 06, 2016

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.