What is the Cloud Security Alliance?
The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing. CSA uses the expertise of industry practitioners, associations and governments, as well as its corporate and individual members, to offer research, education, certification, events and products specific to cloud security.
The organization's activities, knowledge and extensive network benefit the entire cloud community, including cloud service providers (CSPs), customers, entrepreneurs and governments. CSA also offers a forum through which all parties can work together to create and maintain a trusted cloud ecosystem.
The industry group provides security education and guidance to companies in different stages of cloud adoption and helps CSPs address security in their software delivery models. CSA membership is available to any interested parties with the expertise to contribute to the security of cloud computing.
Cloud Security Alliance research areas
CSA leads a number of ongoing research initiatives through which it provides white papers, tools and reports to help companies and vendors secure cloud computing services.
CSA working groups target 32 cloud security domains and address almost every aspect of cloud security. These include the following:
- The CSA IoT Working Group develops relevant use cases for internet of things (IoT) implementations and establishes actionable guidance to enable security practitioners to secure their deployments.
- The CSA Application Containers and Microservices Working Group conducts research on application containers and microservices security. It is charged with publishing guidance and best practices for the secure use of application containers and microservices.
- The CSA SaaS Governance Working Group encourages and defines mechanisms to promote cooperation and helps vendors and customers work closely together to manage software-as-a-service risks and guarantee the security of customer data and the resilience of the SaaS cloud infrastructure.
CSA programs and partnerships
CSA offers numerous programs and partnerships, such as CSA Security, Trust & Assurance Registry (STAR), which is a program for security assurance in the cloud. STAR incorporates the principles of transparency, rigorous auditing and the harmonization of standards. The STAR program offers several benefits, including "indications of best practices and validation of security posture of cloud offerings," according to the CSA website.
CSA Code of Conduct for GDPR Compliance offers a consistent and comprehensive framework to help companies comply with the European Union's General Data Protection Regulation. CSA Code of Conduct offers a compliance tool to achieve GDPR compliance, as well as transparency guidelines regarding the level of data protection offered by a cloud service provider.
Cloud Security Alliance offers three membership options:
- Corporate Membership for Solution Providers offers a venue for members to learn about the latest developments in the cloud, showcase their expertise to a global audience and connect with users.
- Corporate Membership for Enterprises provides information, tools and guidance to help members realize the benefits of their cloud investments.
- Individual Membership offers any individual with an interest in cloud computing and the expertise to help make it more secure a complimentary individual membership based on a minimum level of participation.
CSA currently has 90,000 individual members, 80 global chapters and 400 corporate members.
Cloud Security Alliance certifications
Cloud Security Alliance also offers professional cloud security certifications, such as the following:
- CSA STAR Certification is a rigorous, third-party, independent assessment of the security of a CSP. STAR Certification is based on achieving ISO/IEC 27001, as well as the specified set of criteria detailed in the Cloud Controls Matrix. Achieving the STAR Certification means that cloud providers will be able to offer prospective customers a greater understanding of their level of security control.
- CSA CCSK (Certificate of Cloud Security Knowledge) is a web-based examination of a person's competency in the primary cloud security issues. The CCSK aims to provide an understanding of security issues and best practices over a range of cloud computing domains. Recommended for IT auditors, the CCSK is required for portions of the CSA STAR program.
This article was written by Linda Rosencrance in 2018. TechTarget editors revised it in 2023 to improve the reader experience.