Mission Statement
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Learn more
January 05, 2018
The Cloud Security Alliance is launching the Application Containers and Microservices (ACM) Working Group. The CSA ACM Working Group previously work with the National Institute of Standards and Technology (NIST) ACM Working Group to provide research, guidance, and best practices for the secure use of application containers and microservices. CSA is currently looking for volunteers…
December 04, 2017
Updates to industry leading cloud certificate reflect evolving cloud landscape and the need for qualified security professionals SEATTLE, WA – December 4, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the general availability…
November 30, 2017
Volunteers recognized for dedication, efforts to furthering cloud security best practices SEATTLE, WA – November 30, 2017 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the recipients of its sixth annual Ron Knode Service Award,…
November 21, 2017
Significant updates provide actionable guidance to reflect new European personal protection obligations Edinburgh, Scotland – November 21, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the CSA Code of Conduct for GDPR Compliance,…
November 20, 2017
New White Paper Helps Software-as-a-Service Startups Build Solid Security by Aligning Security Controls with Product Development and Investment Rounds SEATTLE, WA – November 20, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released a…
October 20, 2017
Updates Extend Real-World Examples to Align with Top Security Threats SEATTLE, WA – October 20, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced an updated ‘Treacherous 12: Top Threats to Cloud Computing +…
August 30, 2017
White paper introduces key metrics to measure threats, recover lost functionality in wake of attack SEATTLE, WA – August 30, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Improving Metrics…
July 27, 2017
Updates to industry leading cloud certificate reflect evolving cloud landscape and the need for qualified security professionals. LAS VEGAS, NV – Black Hat 2017, Booth BB5 – July 26, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud…
Tech Target | January 10, 2018
The biggest cloud security threats, according to the CSA
Energy Digital | January 05, 2018
Drone Major Group: Embracing opportunities for smart cities
Liftr News | December 26, 2017
Report Lays Out Top 12 Cloud Security Threats
SC Magazine | December 22, 2017
The professional cybersecurity groups
TechGenix | December 21, 2017
CLOUD SECURITY: WHY IT MAY BE MORE RISKY THAN VENDORS WOULD HAVE YOU BELIEVE
Security Boulevard | December 21, 2017
Q&A: Cloud Providers and Leaky Servers
ZDnet | December 15, 2017
Micro-fortresses everywhere: The cloud security model and the software-defined perimeter
CIO | December 14, 2017
January 15, 2018
By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Data on 123 million US households leaked —Tech giants investing in healthcare technology —Intel chips contain security vulnerability —DHS suffers breach of over 247,000 records —Forever 21 finds malware in PoS systems Data on 123 million...
January 11, 2018
By Daniele Catteddu, Chief Technology Officer , Cloud Security Alliance On November 21, the CSA released the Code of Conduct for GDPR Compliance. This new document is part of CSA’s continuous effort to support the community with best practices that will help cloud providers and customers alike face the tremendous challenge...
January 11, 2018
By Doug Lane, Vice President/Product Marketing, Vaultive With 2017 behind us, it’s time to prepare your IT strategy and goals for the new year. There is a good chance that, if you aren’t using the cloud already, there’s a cloud services migration in store for your organization this year. No...
January 09, 2018
By Jacob Serpa, Product Marketing Manager, Bitglass Leading cloud access security brokers (CASBs) currently provide data protection, threat protection, identity management, and visibility. However, this has not always been the case. Since the inception of the CASB market, cloud access security brokers have offered a variety of tools and undergone a number of evolutions. For organizations...
January 04, 2018
By Doug Lane, Vice President/Product Marketing, Vaultive While it’s tough to predict what the most significant single threat of 2018 will be, it’s safe to say that 2017 was certainly a wake-up call for both businesses and consumers when it comes to data breaches. From the rampant misconfiguration of Amazon...
December 29, 2017
By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: — Man attempts prison break through cyberattacks — Mailsploit allows for perfect phishing attacks — 1.4 billion credentials found in dark web database — Starbucks WiFi hijacks connected devices — Hackers target cryptocurrency employees for bitcoins...
December 27, 2017
By Paul Ilechko, Senior Security Architect, Cedrus Many companies are starting to look at the Cloud Access Security Broker (CASB) technology as an extra layer of protection for critical corporate data as more and more business processes move to the cloud. CASB technologies protect critical corporate data stored within cloud apps...
December 20, 2017
By Yael Nishry, Vice President/Business Development, Vaultive; Arthur van der Wees LLM, Arthur’s Legal; and Jiri Svorc LLM, Arthur’s Legal For organizations around the world, implementing state-of-the-art security and personal data protection (using both technical and organizational measures) is now a must. In the wake of the recent Equifax incident, this article...
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training.
Release Date: December 15, 2017
Release Date: December 15, 2017
Release Date: November 20, 2017
Abstract: The Top Threats to Cloud Computing Plus: Industry Insights serves as a validation of the relevance of security issues discussed in the earlier document as wells as provides references and overviews of these incidents. In total, 21 anecdotes and examples are featured in the document. The references and overview of each anecdote and example…
Release Date: October 20, 2017
Release Date: October 12, 2017
Release Date: October 03, 2017
Release Date: August 30, 2017
Release Date: August 03, 2017
Release Date: July 26, 2017
Release Date: July 26, 2017
Release Date: October 12, 2017
Release Date: October 03, 2017
Cloud Security Alliance Releases Candidate Mapping of ISO 27002/27017/27018 Security Controls At the Cloud Security Alliance Summit San Francisco 2016, the CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO…
Release Date: June 06, 2016
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”
Release Date: February 01, 2016
A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.
Release Date: September 18, 2014
The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.
Release Date: February 25, 2013
The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.
Release Date: February 24, 2013
Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.
Release Date: November 08, 2012
The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.
Release Date: November 14, 2011
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011
No meetings currently posted. Check back soon.
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
