Cloud Security Alliance

The CSA was formed in December 2008 as a coalition by individuals who saw the need to provide objective enterprise user guidance on the adoption and use of cloud computing.{{cite news |title= Experts Get Serious About Cloud Security |first= Derrick |last=Harris |url=http://gigaom.com/2009/03/31/experts-get-serious-about-cloud-security/ |newspaper=GigaOm |date= March 31, 2009 |accessdate=March 14, 2013}} Its initial work product, Security Guidance for Critical Areas of Focus in Cloud Computing, was put together in a Wiki-style by dozens of volunteers.{{cite web|url=https://cloudsecurityalliance.org/research/security-guidance/ |title=Security Guidance for Critical Areas of Focus in Cloud Computing |publisher=Cloud Security Alliance |date= |accessdate=2013-08-22}}

In 2014, the Chairman of the Board of the CSA was Dave Cullinane, VP of Global Security and Privacy for Catalina Marketing, St. Petersburg, Florida, and former CISO for eBay. Cullinane has said, "If you have an application exposed to the Internet that will allow people to make money, it will be probed."C. Wysopol, et al, "The Art of Software Security Testing: Identifying Software Security Flaws" Symantec, 2007

In 2009, the Cloud Security Alliance incorporated in Nevada as a Corporation and achieved US Federal 501(c)6 non-profit status. It is registered as a Foreign Non-Profit Corporation in Washington.{{cite web | url=http://www.sos.wa.gov/corps/search_detail.aspx?ubi=603156283 |title=Corporations Division - Registration Data Search |publisher=Washington Secretary of State Corporations Division |accessdate=2015-03-21}}

The CSA works to support a number of global policy makers in their focus on cloud security initiatives including the National Institute of Standards and Technology (NIST),{{cite web|url=http://www.csoonline.com/article/661620/nist-formalizes-cloud-computing-definition-issues-security-and-privacy-guidance |title=NIST formalizes cloud computing definition, issues security and privacy guidance - CSO Online - Security and Risk |publisher=CSO Online |date=2011-02-03 |accessdate=2013-08-22}} European Commission,{{cite web|url=http://www.infosecurity-magazine.com/view/27223/cloud-security-is-a-shared-responsibility/ |title=Infosecurity - Cloud security is a shared responsibility |publisher=Infosecurity-magazine.com |date=2012-07-26 |accessdate=2013-08-22}} Singapore Government,{{cite web|url=http://www.asiacloudforum.com/content/cloud-security-alliance-picks-spore-corporate-hq |title=Cloud Security Alliance picks S'pore for corporate HQ |publisher=Asia Cloud Forum |date=2012-07-20 |accessdate=2013-08-22}} and other data protection authorities. In March 2012, the CSA was selected to partner with three of Europe’s largest research centers (CERN, EMBL and ESA) to launch Helix Nebula – The Science Cloud.{{cite web |url=http://www.helix-nebula.eu/index.php/about-us/the-partnership/consortium.html |title=Helix Nebula - Helix Nebula Supporters |publisher=Helix-nebula.eu |date=2013-07-30 |accessdate=2013-08-22 |archive-url=https://web.archive.org/web/20130920125114/http://www.helix-nebula.eu/index.php/about-us/the-partnership/consortium.html |archive-date=2013-09-20 |url-status=dead }}

The Cloud Security Alliance employs roughly sixty full-time and contract staff worldwide. It has several thousand active volunteers participating in research, working groups and chapters at any time.

According to CSA, they are a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing, and providing education on the uses of Cloud Computing to help secure all other forms of computing.

Individuals who are interested in cloud computing and have experience to assist in making it more secure receive a complimentary individual membership based on a minimum level of participation.

The Cloud Security Alliance has a network of chapters worldwide.{{cite web|url=https://cloudsecurityalliance.org/chapters/ |title=Chapters |publisher=Cloud Security Alliance |date=2012-11-02 |accessdate=2013-08-22}} Chapters are separate legal entities from the Cloud Security Alliance, but operate within guidelines set down by the Cloud Security Alliance In the United States, Chapters may elect to benefit from the non-profit tax shield that the Cloud Security Alliance has.

Chapters are encouraged to hold local meetings and participate in areas of research. Chapter activities are coordinated by the Cloud Security Alliance worldwide.

There are separate legal entities in Europe and Asia Pacific, called Cloud Security Alliance (Europe), a Scottish company in the United Kingdom, and Cloud Security Alliance Asia Pacific Ltd,{{cite web|url=https://cloudsecurityalliance.org/about/apac-leadership/ |title=APAC Leadership |publisher=Cloud Security Alliance |date=2012-11-02 |accessdate=2013-10-14}} in Singapore. Each legal entity is responsible for overseeing all Cloud Security Alliance-related activities in their respective regions.

These legal entities operate under an agreement with Cloud Security Alliance that give it oversight power and have separate Boards of Directors. Both are companies Limited By Guarantee. The Managing Directors of each are members of the Executive Team of Cloud Security Alliance.

The Cloud Security Alliance has 25+ active working groups.{{cite web|url=https://cloudsecurityalliance.org/research/ |title=CSA : Cloud Security Alliance : Homepage |publisher=Cloudsecurityalliance.org |accessdate=2013-10-14}} Key areas of research include cloud standards, certification, education and training, guidance and tools, global reach, and driving innovation.

• Security Guidance for Critical Areas of Focus in Cloud Computing. Foundational best practices for securing cloud computing.{{cite web |url=http://cloudcomputing.sys-con.com/node/931916 |title=Security Guidance for Critical Areas of Focus in Cloud Computing | Cloud Computing Journal |publisher=Cloudcomputing.sys-con.com |date= |accessdate=2013-08-22 |archive-url=https://web.archive.org/web/20131111234923/http://cloudcomputing.sys-con.com/node/931916 |archive-date=2013-11-11 |url-status=dead }}
• Top Threats to Cloud Computing. Helps organizations make educated risk management decisions regarding their cloud adoption strategies.{{cite web|last=Gardner |first=Dana |url=https://www.zdnet.com/article/cloud-security-alliance-research-defines-top-threats-and-best-paths-to-secure-cloud-computing/ |title=Cloud Security Alliance research defines top threats and best paths to secure cloud computing |publisher=ZDNet |date=2010-03-02 |access-date=2013-08-22}}
• GRC (Governance, Risk and Compliance) Stack. A toolkit for key stakeholders to instrument and assess clouds against industry established best practices, standards and critical compliance requirements.{{cite web|author= |url=http://www.darkreading.com/security-services/167801101/security/attacks-breaches/228300151/cloud-security-alliance-unveils-grc-stack.html |title=Cloud Security Alliance Unveils GRC Stack |publisher=Dark Reading |date=2010-11-18 |accessdate=2013-10-14}}
• Cloud Controls Matrix (CCM). Security controls framework for cloud provider and cloud consumers.{{cite web|url=http://www.infosecurity-magazine.com/view/20437/cloud-security-alliance-intros-new-version-of-cloud-controls-matrix/ |title=Infosecurity - Cloud Security Alliance intros new version of cloud controls matrix |publisher=Infosecurity-magazine.com |date=2011-08-31 |accessdate=2013-08-22}}
• CloudTrust Protocol. The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.{{cite web|url=http://www.infosecurity-magazine.com/view/19241/csc-licences-cloud-trust-protocol-to-cloud-security-alliance/ |title=Infosecurity - CSC licences cloud trust protocol to Cloud Security Alliance |publisher=Infosecurity-magazine.com |date=2011-07-07 |accessdate=2013-08-22}}
• Consensus Assessments Initiative Research. Tools and processes to perform consistent measurements of cloud providers.{{cite web|author=Help Net Security |url=http://www.net-security.org/secworld.php?id=10171 |title=Toolkit to implement and assess cloud security |publisher=Net-security.org |date= |accessdate=2013-08-22}}
• Software Defined Perimeter. A proposed security framework that can be deployed to protect application infrastructure from network-based attacks. It will incorporate standards from organizations such as OASIS and NIST and security concepts from organizations like the U.S. DoD into an integrated framework.

• Mobile Working Group{{cite web|last=Paoli |first=Chris |url=http://redmondmag.com/articles/2012/12/05/csa-security-guidance.aspx |title=CSA Security Guidance for Mobile Devices |publisher=Redmondmag.com |date=2013-08-16 |accessdate=2013-08-22}}{{cite web|url=http://mobileenterprise.edgl.com/how-to/The-Evil-Eight--Top-Mobile-Security-Threats82553 |title=The Evil Eight: Top Mobile Security Threats | How-To | Mobile Enterprise(ME) |publisher=Mobileenterprise.edgl.com |date= |accessdate=2013-08-22}}
• Big Data Working Group{{cite web |last=Brenner |first=Bill |url=http://blogs.csoonline.com/cloud-security/2336/cloud-security-alliance-takes-big-data |title=Cloud Security Alliance takes on big data | CSO Blogs |publisher=Blogs.csoonline.com |date=2012-08-30 |accessdate=2013-08-22 |archive-url=https://archive.today/20130410174113/http://blogs.csoonline.com/cloud-security/2336/cloud-security-alliance-takes-big-data |archive-date=2013-04-10 |url-status=dead }}{{cite web|author=Marcia Savage |url=http://searchcloudsecurity.techtarget.com/news/2240162533/Cloud-Security-Alliance-tackles-big-data-security |title=Cloud Security Alliance tackles big data security |publisher=Searchcloudsecurity.techtarget.com |date=2012-08-31 |accessdate=2013-08-22}}
• Security as a Service Working Group{{cite web|url=http://www.simplysecurity.com/2011/10/07/cloud-security-alliance-addresses-security-as-a-service-market/ |title=Cloud Security Alliance addresses Security-as-a-Service market |publisher=Simply Security |date=2011-10-07 |accessdate=2013-08-22}}
• Trusted Cloud Initiative{{cite web|author= |url=https://research.cloudsecurityalliance.org/tci/ |title=TCI Reference Architecture |publisher=cloudsecurityalliance.org |date=2011 |accessdate=2016-10-05}}
• CloudAudit{{cite web|url=http://www.datacenterknowledge.com/archives/2010/10/27/cloudaudit-joins-cloud-security-alliance/ |title=CloudAudit Joins Cloud Security Alliance |publisher=Data Center Knowledge |date= |accessdate=2013-08-22}}
• CloudCERT{{cite web|author=Nathan Eddy |url=http://www.eweek.com/c/a/Cloud-Computing/Cloud-Security-Alliance-Presents-Privacy-Level-Agreement-Initiative-148911/ |title=Cloud Security Alliance Presents Privacy Level Agreement Initiative - Cloud Computing - News & Reviews |publisher=eWeek.com |date=2012-09-05 |accessdate=2013-08-22}}
• CloudSIRT{{cite web |url=http://www.computerworld-digital.com/computerworld/cloud201109?pg=18#pg18 |title=Computerworld - The Cloud Security Checklist |publisher=Computerworld-digital.com |date=2011-09-11 |accessdate=2013-10-14 |archive-url=https://web.archive.org/web/20130625103211/http://www.computerworld-digital.com/computerworld/cloud201109?pg=18#pg18 |archive-date=2013-06-25 |url-status=dead }}
• Cloud Metrics{{cite web|last=Silverstone |first=Ariel |url=http://www.csoonline.com/article/507823/clear-metrics-for-cloud-security-yes-seriously |title=Clear Metrics for Cloud Security? Yes, Seriously - CSO Online - Security and Risk |publisher=CSO Online |date=2009-11-17 |accessdate=2013-10-14}}
• Security, Trust and Assurance Registry (STAR){{cite web|url=http://www.networkworld.com/columnists/2012/032612-edit-257586.html |title=Push your cloud supplier to participate in CSA STAR |publisher=Networkworld.com |date=2012-03-26 |accessdate=2013-10-14}}
• Cloud Data Governance{{cite web |url=http://www.itbusinessedge.com/cm/blogs/vizard/cloud-computing-forces-data-governance-issue/?cs=39920 |title=Cloud Computing Forces Data Governance Issue | Blogs |publisher=ITBusinessEdge.com |date= |accessdate=2013-10-14 |archive-url=https://web.archive.org/web/20120808183315/http://www.itbusinessedge.com/cm/blogs/vizard/cloud-computing-forces-data-governance-issue/?cs=39920 |archive-date=2012-08-08 |url-status=dead }}
• Turbot (business)
• Blockchain/Distributed Ledger{{Cite web |title=Blockchain/Distributed Ledger Working Group {{!}} CSA |url=https://cloudsecurityalliance.org/research/working-groups/blockchain/ |access-date=2023-03-04 |website=cloudsecurityalliance.org}}

{{Reflist|30em}}

• {{Official website|https://cloudsecurityalliance.org/}}

{{Authority control}}

Category:Cloud computing

Category:Security organizations

Category:Non-profit organizations based in the United States