Human error accounts for the majority of cloud security breaches—and it all starts with how we manage people. CSA’s latest blog breaks down the Human Resources domain of the Cloud Controls Matrix (CCM), offering practical guidance to reduce insider risk ... Learn More
Join global leaders at CSA’s Virtual Cloud Trust Summit to explore how organizations can meet evolving cloud security, compliance, and resilience needs. Hear from STAR experts and regulators on continuous assurance, pooled assessments, and more. ... Learn More
We want your insights! How is your organization navigating the evolving cloud and AI security landscape? Take our quick survey on multi-cloud, identity, and infrastructure security—and you could win big: $50 Amazon gift cards Apple AirPods ... Learn More
Blockchain is kicking off a new type of project - Blockchain in Action: An AI-Powered Lab Series The goal: to demystify Blockchain's current real-world applicability through an engaging, educational, and hands-on AI-powered series of Working Group meetings. ... Learn More
Data Security Working Group Meeting - 5/22/25 Development: Data security within an AI Environment - June 2025 Development continues on the AI data security paper, with focus on refining gaps across DSP01–DSP24 controls in the AI ... Learn More
An open CSA community.
last person joined 11 hours ago
Are you sure you want to join this community?
Would you like to visit the community homepage now?
The working group will advocate for and promote the adoption of Zero Trust security principles, providing practical and technically sound guidance on how organizations can and should approach this, for their cloud and on-premise environments along with mobile endpoints. This group will build on and leverage established and recognized zero trust frameworks and controls. The goals of the CSA Zero Trust (ZT) Working Group are to:- Act as a source of education and outreach on the adoption of Zero Trust as a modern and necessary approach to information security- Take a deliberately technology and vendor-neutral approach to architectures and approaches for mature Zero Trust implementations. - Aim to educate the industry about the strengths and weaknesses of different approaches so enterprises can make informed decisions based on their specific needs and priorities.- Be able to take technically sound positions and make defensible recommendations on Zero Trust while remaining vendor-neutral
last person joined yesterday
This group revolves around CSA’s CCSK training content, based off of CSA’s Security Guidance document. The CCSK training provides learners with a foundational knowledge of cloud computing environments and terminology. This community is an open group for CCSK test takers, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no soliciting policy. We are happy to direct members to the Inner Circle for any cloud related advertisement announcements.
Businesses are now demanding a stronger collaboration between both development and operational teams and adding their relative security teams. This additional force that creates DevSecOps is transferable to the idea that prior to this implementation, DevOps skipped the security step which after deployment of applications created roadblocks once confronted with issues that arose with this specific exclusion. The true focus of DevSecOps is to create a transparent and full circle management life cycle that leverages all of the components of DevSecOps to ensure timely and full functioning application deployment that include proper security steps through every process rather than at the end.
last person joined 4 days ago
This group revolves around CSA’s CCAK training content, based off of the work done by the Cloud Audit Expert Group. The CCAK training content offers an overview of auditing a cloud environment as well as provides several resources for CSPs, CSCs, and Auditors alike to take advantage of. This is an open group for CCAK test takers, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no soliciting policy. We are happy to direct members to the Inner Circle for any cloud related advertisement announcements.
last person joined 9 days ago
This group revolves around CSA’s ACSP hands-on training. The ACSP course provides a deeper dive into cloud security knowledge that builds on the CCSK. This is an open group for ACSP students, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no soliciting policy. We are happy to direct members to the Inner Circle for any cloud related advertisement announcements.
last person joined 18 hours ago
In today's world of so many SecaaS offerings, CSA's SecaaS working group strives to establish general categories of security services, and provides guidance on what should be expected as a standard set of functionalities in any given category.This working group is in the process of being revitalized, and co-chairs are currently being determined. Once leadership is confirmed, charter revision and forecasting deliverables will begin.
last person joined 3 days ago
AI Technology & Risk
last person joined 2 days ago
This working group aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices, and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.
A private community for CSA UK Chapter to share and collaborate.
last person joined 6 days ago
The mission of the CSA FSI community and research working groups is to bring together financial service institutions, financial supervisory authorities, and other national regulatory bodies along with relevant cloud and fintech service providers. Together they discuss and identify commonly acceptable best practices that will help manage the technical security risks related to secure cloud adoption, and facilitate compliance with laws and regulations.
A private community for CSA Bangalore Chapter to share and collaborate.
A private community for CSA Triangle (Triangle Area of North Carolina) Chapter to share and collaborate. We reach throughout the eastern portion of North Carolina to all who are interested in learning more about Cybersecurity. We are a 501c3 non-profit organization based in Raleigh, North Carolina and are actively seeking members to join and engage. Our chapter actively supports Veterans and welcome those with backgrounds in IT and Cybersecurity to engage, share their experiences and grow professionally.
A private community for CSA Washington DC Metro Area Chapter to share and collaborate.
- This working group is currently inactive -This working group has been created to guide the creation of an open source and automation compatible vulnerability identification framework. By making it easy to generate and consume vulnerability information, the cybersecurity industry will be better equipped to rapidly respond to emerging threats.
last person joined 7 days ago
A private community for CSA Carolinas Chapter to share and collaborate.
last person joined 17 days ago
A private community for CSA Nashville Chapter to share and collaborate.
CSA Italy si rivolge a professionisti ed imprese in Italia che credono nel successo del modello Cloud Computing e nella condivisione di esperienze e buone pratiche per promuoverne l’utilizzo in sicurezza. CSA Italy e' un' associazione no-profit di diritto italiano costituita nell’Ottobre 2011, Capitolo Italiano di Cloud Security Alliance (CSA). CSA Italy si propone di supportare il mercato Information and Communication Technology e Cyber Security in Italia, in particolare le PMI e Pubbliche Amministrazioni, nell’adozione di un approccio consapevole e sicuro al Cloud Computing. Certi del valore che il modello cloud computing può generare nel mercato italiano, CSA Italy intende promuovere:- un’adeguata disciplina di sicurezza dell’utilizzatore di servizi Cloud, a partire da una corretta identificazione delle informazioni che intende trasferire e gestire nel Cloud e consapevolezza della loro importanza, necessaria per richiedere adeguate misure di sicurezza nel Cloud;- stimolare i Cloud Provider ad essere più trasparenti nel comunicare modelli e misure di sicurezza e privacy adottate per la protezione dei dati dei propri Clienti.Per maggiori informazioni potete scrivere a info@csaitaly.it
last person joined 10 days ago
Communauté Circle du Chapitre Français de la CSA -- https://CloudSecurityAlliance.fr
last person joined 3 months ago