Announcements

  • 🥧 Final Hours: 50% off CCSK + Free AI Course

    Don’t worry, we saved some Pi for you. For today only, claim your 50% off CCSK v4 online training + exam bundle + free Generative AI course. Use promo code enjoyyourcsapi at checkout on CSA Knowledge Center by 12 AM PT on March 15th to take advantage of this offer. 

    With the CCSK v4, you're getting more than just a slice of cybersecurity knowledge; you're securing the whole pie. And with our brand new introductory AI course, you're set to lead in the next era of cybersecurity. Don't let this opportunity slip through your fingers. You can have your pie and eat it too, but only if you act before midnight.

  • Enjoy Your CSA Pi

    This Pi Day is served à la mode. For 24 hours only, slice into our CCSK v4 online training + exam bundle at an incredible 50% discount, and to sweeten the deal, we’re giving you our brand new Introduction to Generative AI & Prompt Engineering course for free. To get this discount, ensure you are logged in to the CSA Knowledge Center. At checkout, apply the code: enjoyyourcsapi

    This is your chance to build a solid foundation in cybersecurity with the industry-recognized CCSK and learn how to leverage AI in your defense strategy with an exclusive, introductory AI course. But hurry, the clock is ticking, and this offer vanishes at 12 AM PT on March 15th.

    https://e.cloudsecurityalliance.org/l/908632/2024-03-13/nczjf 

  • Top Threats to Cloud Computing 2024 Survey

    The goal of this survey is to determine the top threats, vulnerabilities, and risks organizations are facing in 2024. The results of this survey will be used in CSA's 6th installment of the Top Threats to Cloud Computing paper.

    The survey has 35 questions and will take less than 8 minutes to complete. Definitions of each security issue are provided via a link if you need additional clarity.

    Prizes include 5 $20 Amazon giftcards and 1 CCSK token. You have a chance to win these prizes if you submit a completed survey and enter your business email at the end of the survey. 

  • Registration Now Open | CSA AI Summit at RSA Conference

    ​​Headed to RSA? We are too! 

    CSA is proud to host its 15th consecutive Summit at the RSA Conference. Registration for the CSA AI Summit at RSA Conference is now open, and we can’t wait to see you. To join us, register for RSAC and use code “52ECLOUDSECXP” for a complimentary Expo Pass or “52FCDCLOUDSEC” to save $150 on the All-Access pass.

    Don't miss out on crucial discussions about AI and cloud security with industry leaders. Register now → https://e.cloudsecurityalliance.org/l/908632/2024-03-05/ncl94

  • ISSA Survey

    We're excited to support the ISSA ESG research on the life and times of cybersecurity professionals, and we want your valuable input. Join the survey and contribute your insights on:

    • InfoSec careers
    • Skills development
    • Organizational considerations
    • Security incidents and vulnerabilities
    • The cybersecurity skills shortage
    • Information security activities

    Your perspective is crucial to shaping the narrative. Take the survey now and be a vital part of advancing our understanding of the information security landscape!

    Participate Now → https://bit.ly/3Ik0xIH 

  • [New Research] State of Security Remediation 2024

    Dive into insights from our latest survey, the State of Security Remediation Survey Report 2024. This comprehensive report, commissioned by Dazz, sheds light on the critical role of security remediation in strengthening organizational defenses against security breaches, which currently averages a staggering cost of $7.29 million per incident. 

  • Join the Continuous Audit Metrics Working Group

    The Continuous Audit Metrics Working Group is looking for new volunteers to expand the Continuous Audit Metrics Catalog with new metrics while also evaluating the usage of existing metrics in cloud applications. Individuals who have experience with implementing security metrics in information systems, continuous monitoring of information system security, automated compliance testing, and security operation centers (SOC) are encouraged to participate. If interested, please reach out to our research analyst, Lefteris Skoutaris at: eskoutaris@cloudsecurityalliance.org

  • [New Research] Glossary of Data Security Terms

    The CSA Data Security Glossary, released today by the Data Security Working Group, identifies and defines 127 terms relevant to data security. Based on the CSA Cloud Security Glossary, NIST Glossary, and other public sources, this compilation of data security terms serves as a foundational reference for future CSA Working Group publications. This glossary is essential for cybersecurity professionals and practitioners to better comprehend data security. 

  • [Register Now] Cloud Threats & Vulnerabilities Summit 2024

    CSA is excited to host the second annual Virtual Cloud Threats & Vulnerabilities Summit on March 26-27, 2024. This virtual summit will address key systemic risks uncovered within the global cloud ecosystem and show how CSA's efforts to improve standards for cloud vulnerability and threat identification are growing. 

  • [New Research] Key Management Lifecycle Best Practices

    🔐 Just released: Key Management Lifecycle Best Practices! Cryptographic keys are the backbone of secure digital communications and data protection, but managing them can be a challenge. Produced by the Cloud Key Management Working Group, this whitepaper provides guidance, procedures, and important considerations for the secure management of cryptographic keys at every stage of the key lifecycle, regardless of the type of encryption algorithms or keys.

  • [New Release] Communicating the Business Value of Zero Trust

    In a new release by the Zero Trust Working Group, Communicating the Business Value of Zero Trust bridges the knowledge gap between security teams and non-technical stakeholders. This paper is a guide for those in the infosec industry to clearly, succinctly, and directly communicate the business value that a Zero Trust strategy can bring and subsequently gain stakeholder buy-in.

  • [Registration Now Open] CSA’s FinCloud Security Summit 2024

    Registration Now Open: Be a part of the pivotal discussion on cloud security in financial services at CSA’s FinCloud Security Summit 2024. Join us virtually on Feb. 27th for a day of expert insights and groundbreaking solutions in financial cybersecurity. This is the industry’s must-attend event to gain a holistic understanding of the current state and future of financial services in the cloud. Register here. 

  • CSA’s AI Safety Executive Committee

    CSA is pleased to announce the formation of the AI Safety Executive Committee, in partnership with Amazon, Anthropic, Google, Microsoft, and OpenAI. This group is joined by a broad coalition of experts such as Jen Easterly, Director of CISA; Jason Clinton, CSO of Anthropic; Phil Venables, CISO at Google Cloud; and Matt Knight, Head of Security at OpenAI. The AI Safety Executive Committee is dedicated to crafting and openly sharing reliable guidelines for AI safety and security, initially concentrating on generative AI. To learn more about this initiative, read the full press release here. 

  • Final Draft of CCM v4 SSRM Implementation Guidelines Open for Peer Review

    Peer review is now open for the final draft of the Cloud Controls Matrix (CCM) v4 Shared Security Responsibility Model (SSRM) Implementation Guidelines. Feedback is welcomed until January 4th. 

  • ACSP Course Enrollment Open! Jan 30th-Feb 1st, 2024

    We're thrilled to announce that enrollment is now open for our upcoming Advance Cloud Security Practitioner (ACSP) course. An advanced, hands-on, three-day course that delves deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments.

     However, seats are limited to just 30 spots!
     
    This is a first-come, first-serve enrollment. If you've been on the edge of your seat waiting for this, now's the time to jump in and secure your spot.
     
    You can enroll here: https://checkout.square.site/merchant/0264JME7RWW4P/checkout/ZY2ATJFLJXCHWGXDLSR5MFZZ.
     
    Advanced Cloud Security Practitioner (virtual)
     
    Price: $2,195.00
    Time: January 30, 31, February 1 from 8am to 2pm PT
    Where: Online
    Presented by Securosis for the Cloud Security Alliance

    CSA Corporate Members with training support should contact their CSA representative for information on discounted pricing.

    If you have questions, you can reach out to us at support@cloudsecurityalliance.org.

    In this advanced, hands-on, three-day course, delve deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments. You will learn how to configure a production-quality account with multiple virtual networks and core security controls, as well as build a deployment pipeline, integrate it into an existing application stack, and code a variety of security automation controls. This training expands on the basics of the CCSK.

    TO PARTICIPATE, STUDENTS WILL NEED TO COMPLETE A PRE-CLASS LAB CHALLENGE AT LEAST 48 HOURS BEFORE CLASS

    Students should be comfortable:

    * connecting to and working with remote Linux systems via SSH.

    * navigating with Amazon Web Services console without step-by-step screenshots.

    * with basic Python skills to complete all automation labs (code snippets will be provided).

    More information about the training, including an outline, is available here: https://cloudsecurityalliance.org/education/advanced-cloud-security-practitioner-training

    Technical requirements:

    * The training will be run on Zoom. Students will create their own AWS lab environment as part of the pre-class lab challenge. Total AWS charges for running the labs are typically less than $25 and a post-class cleanup tool is provided.

    * Students will need a computer capable of connecting to AWS without restriction (some corporate networks and VPNs may cause issues)

    * SSH access is required for the pre-class challenge but not for the training.

    After signup you will receive an email with class details closer to the class date

  • [Today Only] 50% off CCSK for Cyber(security) Monday

    ⏰ It’s time! CSA’s Cyber(security) Monday deal is live now. Use code csasecure at checkout by 12 AM PST on Nov. 29th for 50% off all Certificate of Cloud Security Knowledge (CCSK) online products. 

    While the security may be silent this Cyber Monday, your defense shouldn't be a secret; arm yourself with the recognized standard of expertise in cloud security.

  • 50% off CCSK - Sneak Peek at Cyber Monday Deals from CSA

    Sneak Peek Alert! 📆 This Cyber Monday, Nov. 27th, get ready for an unbeatable offer from CSA: 50% off all Certificate of Cloud Security Knowledge (CCSK) online products! Elevate your cloud security expertise to the next level at half the cost. 🌐 Prepare to seize this opportunity - download the CCSK Prep-Kit today and stay tuned for the release of our exclusive discount code!

  • [Now Available] CSA's Certificate of Competence in Zero Trust (CCZT)

    📣 The wait is over – CSA's Certificate of Competence in Zero Trust (CCZT) is now available! 📣

    As the industry’s first authoritative and vendor-neutral Zero Trust training and certificate, the CCZT is vital for professionals seeking to advance in the ever-evolving world of cybersecurity. Developed by CSA, the trusted industry leader for cloud security certificates, the CCZT builds knowledge to drive the definition, implementation, and management of Zero Trust over time. 

  • [Registration Now Open] CSA's 2024 virtual AI Summit

    🚀 Registration is now open for CSA’s 2024 AI Summit! Secure your virtual seat for January 17-18 to join industry leaders and innovators in shaping the future of AI in cybersecurity. Start the new year right and contribute to the defining conversations on AI. 

  • [New Training] DevSecOps: Pragmatic Implementation

    👀 New training alert! DevSecOps: Pragmatic Implementation is now available on the CSA Knowledge Center. This two-part, self-paced course offers a framework-agnostic approach to embedding security within the Software Development Lifecycle (SDLC). Elevate your professional skills and stay informed with the latest in DevSecOps methodologies.

  • CSA Insights Survey

    We’ve put together a survey to gain some valuable insights into our CSA community.
    We are curious about what initially sparked your interest in CSA and what information you find essential. Your insights will help us further improve our platform to serve you better.


    Please take a moment to complete the short survey below, and feel free to pass it along to any industry peers who are also familiar with CSA.Take the survey → https://airtable.com/appKuPgIxHOweGuLt/shrQH8czL465qo3HP

  • CCM Lite Now Available

    At CSA, we believe cybersecurity is for everyone. That’s why we and the CCM Working Group created CCM Lite –a streamlined edition of the Cloud Controls Matrix (CCM v4) that consists of 91 cloud security controls. This pragmatic solution is designed for low-risk profile cloud organizations, such as Small and Medium Enterprises (SMEs) with limited IT and/or cybersecurity expertise and resources.  

  • [New Release] Machine Identity in Cybersecurity and IAM

    We are pleased to announce the release of Machine Identity in Cybersecurity and IAM. This latest research from CSA’s IAM Working Group explores the evolution of identity and access management (IAM) to include machine identities, providing insights into their unique characteristics and associated risks. This document offers best practices for governance and risk management, making it a valuable resource for professionals in cybersecurity and IAM fields.

  • CCM New Mapping to PCI DSS v4.0

    The Cloud Controls Matrix (CCM) Working Group is excited to announce an additional mapping aligned with CCM v4 and a new version update to v4.0.9. This update and release incorporates the Payment Card Industry Data Security Standard (PCI DSS) v4.0 into CCM v4. 
  • [New Training] DevSecOps: Automation

    Supercharge your DevSecOps skills with our new online self-paced Cloud Infrastructure Security course, DevSecOps: Automation. Dive into proven processes that seamlessly integrate security into your development cycle. From mastering mitigation techniques to breaking builds, you'll learn to balance speed with security, ensuring your organization stays agile and safe. 

  • [New Release] FaaS Serverless Control Framework (Set) based on NIST 800-53 R5 controls

    Released today, this spreadsheet provides a cybersecurity control framework for Function-as-a-Service (FaaS) serverless deployments. The framework is based on the NIST 800-53 R5 controls and intended to be used by the cloud consumer.
  • [New Training] Zero Trust Implementation

    We're excited to announce the release of Zero Trust Implementation, the sixth course in our Zero Trust Training (ZTT) program. This self-paced course builds upon and extends beyond the concepts discussed in the CSA Zero Trust Planning and Introduction to Zero Trust Architecture courses. Learners will get an in-depth look at the crucial facets of Zero Trust (ZT) implementation, covering project kick-off, disaster planning, network setup, device agent deployment, and automation.

  • Join us for CSA's Virtual Research Summit 2023 - Oct. 17-18

    We’re excited to invite you to the CSA Research Summit, a free virtual event taking place on Oct. 18-19, 2023! On both days of the Summit, experts from our Research Team will provide the latest updates in new and existing research projects, providing critical tools and guidance for the cloud adopting community. Right at your fingertips will be valuable insights on AI, quantum threats, secure DevOps, Zero Trust, Data Security, and more. 
  • [New Research] Communicating the Business Value of Zero Trust

    Released today, Communicating the Business Value of Zero Trust is a whitepaper release candidate that provides security practitioners guidance on how to clearly, succinctly, and directly communicate the business value that a Zero Trust strategy can bring. Security teams need to be able to communicate the value of Zero Trust to non-technical or non-security audiences, all the way up to the Board of Directors. We believe that the infosec industry has not sufficiently enabled security practitioners to clearly, succinctly, and directly communicate the business value that a Zero Trust strategy can bring. The goal of this CSA guidance is to fill that gap.
  • Joe Sullivan to Headline SECtember 2023

    We are excited to announce veteran CSO Joe Sullivan will be a keynote speaker at SECtember 2023! Joe Sullivan is the CEO of Ukraine Friends and has worked at the intersection of government, technology, and security since the mid-1990s. Attend SECtember in-person to hear his perspective on how security leaders can navigate the crossroads of stringent regulations and corporate and personal risk. Register here → https://www.sectember.com/
  • [New Release] Security-Enabled Innovation and Cloud Trends: Survey Report

    We’re excited to announce the release of the findings from our latest survey, Security-Enabled Innovation and Cloud Trends. Commissioned by Expel, this survey captured the perspectives of 1,018 IT and security professionals from a diverse range of organizations. The findings of this survey provide a better understanding of the current views of security professionals on their organization’s relationship with security and innovation.
  • Final Version of Security Implications of ChatGPT Now Available

    The final version of "Security Implications of ChatGPT" has been released! As AI continues to revolutionize industries, managing its risks is essential. This paper provides guidance around managing the risks in leveraging ChatGPT, making it a crucial resource for security professionals. Download here → https://cloudsecurityalliance.org/artifacts/security-implications-of-chatgpt/?utm_source=Circle&utm_medium=AnnouncementPost
  • SECtember Keynote Announced: Shawn Bice, Microsoft's Corporate VP for Cloud Ecosystem Security

    As Microsoft’s Corporate Vice President of the Cloud Ecosystem Security organization, Shawn Bice leads his team through some of the industry’s toughest cybersecurity challenges focusing on the core cloud security platform, AI-powered threat and data intelligence, and more, 

    Shawn will be joined on the SECtember mainstage by Caleb Sima, former CISO at Robinhood and CSA’s Chair for AI Safety Initiative, for a Fireside Chat on the widespread integration of Generative AI within cloud security solutions and what the future may bring.
  • CSA Announces Appointment of Caleb Sima as Chair for AI Safety Initiative

    CSA is pleased to announce the appointment of industry veteran Caleb Sima to the position of Chair of the Cloud Security Alliance AI Safety Initiative. Caleb will work with CSA members and experts from around the world to develop CSA’s AI strategy, as well as a recommended portfolio of guidance to allow for secure and responsible adoption of AI. Join us in giving a big welcome to Caleb Sima! Learn more about Caleb's appointment here → https://cloudsecurityalliance.org/press-releases/2023/07/20/cloud-security-alliance-announces-appointment-of-caleb-sima-as-chair-for-ai-safety-initiative
  • [New Release Candidate]Zero Trust Guiding Principles

    Released today, Zero Trust Guiding Principles is a whitepaper release candidate intended to provide guiding principles that any organization can leverage when scoping or initiating a move toward Zero Trust (ZT). Information Protection practitioners can use these principles to stay on track while managing an organization's ZT journey. Download here → https://cloudsecurityalliance.org/artifacts/zero-trust-guiding-principles
  • [New Release Candidate] Zero Trust Principles and Guidance for Identity and Access Management (IAM)

    Released today, Zero Trust Principles and Guidance for IAM is a whitepaper release candidate intended to provide an understanding of both existing and new identity, access management, and cloud solutions through a Zero Trust (ZT) lens. Topics discussed include ZT implementation methodology, identity proofing and validation, dealing with failed policy decisions, and more: Download here → 
  • [New Research] What is Identity & Access Management (IAM) for the Cloud

    Identity and Access Management (IAM) is a critical component of any organization’s technology stack and security infrastructure, particularly in the cloud. What is IAM for the Cloud, the latest research release by CSA’s IAM Working Group aims to provide an understanding of the challenges and considerations involved in managing IAM in the cloud, as well as the importance of IAM to an organization's overall security strategy. Download and read more → https://cloudsecurityalliance.org/artifacts/what-is-iam-for-the-cloud
  • New DevSecOps Training Available

    CSA developed the Cloud Infrastructure Security Training program, a comprehensive catalog of essential online training courses designed to deliver fundamentals for understanding how to build and protect cloud infrastructure. CSA regularly updates the Cloud Infrastructure Security training catalog on the Knowledge Center. 

    The latest release is DevSecOps: Bridging Compliance & Development, a self-paced course covering key topics in addressing the gap between compliance and development, such as translating compliance objectives into security measures. Learners will also gain knowledge of identifying inflection points in the secure development lifecycle and embedding, automating, measuring, and testing controls. Learn more: https://knowledge.cloudsecurityalliance.org/devsecops-bridging-compliance-development
  • [New Release] Cloud & Compromise: Gamifying of Cloud Security

    It’s time to gather your fellow security friends, colleagues, and a 12-sided dice for a night of threat modeling fun! We’re excited to announce the release of Cloud & Compromise: Gamifying of Cloud Security, the latest guidance from CSA’s Top Threats Working Group. Cloud & Compromise (C&C) provides two gamification scenarios to inspire fun incident response roleplaying:

    • Standard Level Incident Response Game: This level relies on social interaction, where the game facilitator introduces the activity, and teams run the game themselves based on feel.
    • Advanced Level Incident Response Game: Relies on gameplay, where the facilitator introduces the activity and teams run the project with more rigid scoring.
    Roll the die and learn to protect, detect, and respond to cloud threats and threat indicators through gamification. From CISO, to Senior Engineer, to Intern, everyone has a role to play.
  • [New Training] Zero Trust Planning

    CSA is excited to release Zero Trust Planning, the fifth course in our online Zero Trust Training (ZTT) program. This course will provide learners an in-depth look at the crucial facets of Zero Trust (ZT) planning, the ZT maturity model and how it supports an organization's ZT planning process, and use cases for prioritization, scoping, and gap analysis. 
  • Join us virtually Aug. 2-3 for CSA AI Summit

    The Cloud Security Alliance AI Summit brings together experts from around the world to provide key insights on how generative AI can benefit cybersecurity, how malicious attackers are using it and guidelines for responsible usage. The explosive growth of ChatGPT is due in large part to its delivery via the cloud, obligating CSA and its community to take a leading role in articulating the best practices and assurance ecosystem for AI as a Service. Attendees of CSA’s inaugural AI Summit will gain a holistic understanding of the future of AI disciplines and receive pragmatic advice on managing risks and gaining benefits from generative AI today. 
  • New STAR Lead Auditor Self-Paced Training

    Released today, the STAR Lead Auditor training is a six-hour, online, self-paced course jointly developed by CSA and the British Standards Institution (BSI) to help assessors, service providers, and consultants learn how to audit CSPs against the STAR Certification scheme. STAR Lead Auditor training expands auditors traditional skills into the field of cloud security auditing while also teaching IT and security personnel how to implement cloud security controls in an audit-friendly way.

    The training covers a range of topics, including the STAR Certification scheme, cloud security, auditing principles and techniques, mapping, reporting, and legal concepts. Besides the Certificate of Cloud Auditing Knowledge (CCAK), STAR Lead Auditor training is another way that assessors can become qualified to provide CSA STAR Certification audits.
  • [New Survey Report] State of Financial Services in the Cloud

    We’re excited to announce the release of the findings from our latest survey, State of Financial Services in the Cloud. The study—which compared the current state of cloud adoption to the industry’s readiness in 2020 when CSA conducted a similar survey (Cloud Usage in the Financial Services Sector)—identifies the issues and opportunities that financial services industry leaders are currently addressing as they work to advance their use of cloud services.
    The survey found that while the use of cloud services is increasing, the pace of adoption is dependent on the speed at which cloud service providers (CSP) and financial services can demonstrate both adherence to regulations and overall data protection and what staff are comfortable with managing.
  • [New Research] State of SaaS Security: 2023 Survey Report

    Released today, SaaS Security Survey Report: 2024 Plans & Priorities shares the results of responses from 1000+ C-level security executives and professionals from all over the world. Commissioned by Adaptive Shield, this new CSA survey report finds that SaaS security has become a top priority for 80% of the organizations surveyed and more than half of security executives have experienced a SaaS security incident.
  • Just released: High-Performance Computing (HPC) Tabletop Guide

    Released today, this guide lays out the framework necessary to host an HPC-focused cyberattack tabletop exercise (TTX) so that organizations can begin to have these conversations around HPC security. The guide takes readers through an example tabletop exercise designed to assist stakeholders in discussing HPC security as an incident unfolds and establish common ground on actions that can be taken to improve the security of the HPC systems as well as develop incident response (IR) processes around HPC systems.
  • Hardware Security Module as a Service (HSMaaS) Survey


    Help us identify Hardware Security Module as a Service (HSMaaS) adoption drivers for businesses through this short survey released by the CSA Cloud Key Management Working Group. The survey will collect insights that will be used for the production of an upcoming HSMaaS whitepaper. 
  • Registration for SECtember 2023 is now open!



    Join us in Bellevue, WA on Sept. 18-22 to hear from leading experts at the forefront of cloud security. Our interactive sessions will cover the hottest technology trends and vetted best practices that keep some of our most iconic brands secure. From AI to Zero Trust, we will deliver the knowledge and networking you need to stay ahead of the cybersecurity curve.