Security Guidance Working Group

Introduction to the Security Guidance Working Group

CSA Security Guidance for Critical Areas of Focus in Cloud Computing seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable roadmap to managers wanting to adopt the cloud paradigm safely and securely. Domains are reviewed to emphasize security, stability, and privacy in a multi-tenant environment.

Download the Security Guidance Working Group Charter

Download

CSA Security Guidance Version 4

Welcome to the fourth version of the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing. Built on previous iterations of the security guidance, dedicated research, public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies, reflects on real-world cloud security practices, integrates the latest Cloud Security Alliance research projects, and offers guidance for related technologies.

The goal of the fourth version of Security Guidance for Critical Areas of Focus in Cloud Computing is to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Document Version Release Date Download
Security Guidance 4 7/26/2017 Download (pdf)

Version 4.0 Acknowledgments

Lead Authors

  • Rich Mogull
  • James Arlen
  • Adrian Lane
  • Gunnar Peterson
  • Mike Rothman
  • David Mortman

Editors

  • Dan Moren
  • John Moltz

CSA Staff

  • Jim Reavis
  • Luciano (J.R.) Santos
  • Daniele Catteddu
  • Frank Guanco
  • Hillary Baron
  • Victor Chin
  • Ryan Bergsma
  • Stephen Lumpe (Design)


Contributors

On behalf of the CSA Board of Directors and the CSA Executive Team, we would like to thank all of the individuals that contributed time and feedback to this version of the CSA Security Guidance for Critical Areas of Focus in Cloud Computing. We value your volunteer contributions and believe that the devotion of volunteers like you will lead the Cloud Security Alliance into the future.

Click on CSA Guidance v3 below for more information

CSA Security Guidance Version 3

Security Guidance Version 3.0 incorporates the highly dynamic nature of IT and new developments within other CSA research projects, tying in various CSA activities into one comprehensive C-level best practice. Security Guidance v3.0 will serve as the gateway to emerging standards being developed in the world’s standards organization and is designed to serve as an executive-level primer to any organization seeking a secure, stable transition to hosting their business operations in the cloud.

Document Version Release Date Download
Security Guidance 3 11/14/2011 Download (pdf)

CSA Guidance v3 is the third version of the Cloud Security Alliance document, “Security Guidance for Critical Areas of Focus in Cloud Computing”, which was originally released in April 2009.

In a departure from the second version of our guidance, each domain was assigned its own editor and peer reviewed by industry experts. The structure and numbering of the domains align with industry standards and best practices. We encourage the adoption of this guidance as a good operating practice in strategic management of cloud services.

These white papers and their release schedule are located at:

https://cloudsecurityalliance.org/guidance/

In another change from the second version, there are some updated domain names. We have these changes: Domain 3: Legal Issues: Contracts and Electronic Discovery and Domain 5: Information Management and Data Security. We now have added another domain, which is Domain 14: Security as a Service

Version 3 Acknowledgments

Editors

  • Archie Reed
  • Chris Rezek
  • Paul Simmonds

Domain Authors/Contributors

  • Domain 1: Chris Hoff, Paul Simmonds
  • Domain 2: Marlin Pohlman, Becky Swain, Laura Posey, Bhavesh Bhagat
  • Domain 3: Francoise Gilbert, Pamela Jones Harbour, David Kessler, Sue Ross, Thomas Trappler
  • Domain 4: Marlin Pohlman, Said Tabet
  • Domain 5: Rich Mogull, Jesus Luna
  • Domain 6: Aradhna Chetal, Balaji Ramamoorthy, Jim Peterson, Joe Wallace, Michele Drgon, Tushar Bhavsar
  • Domain 7: Randolph Barr, Ram Kumar, Michael Machado, Marlin Pohlman
  • Domain 8: Liam Lynch
  • Domain 9: Michael Panico, Bernd Grobauer, Carlo Espiritu, Kathleen Moriarty, Lee Newcombe, Dominik Birk, Jeff Reed
  • Domain 10: Aradhna Chetal, Balaji Ramamoorthy, John Kinsella, Josey V. George, Sundararajan N., Devesh Bhatt, Tushar Bhavsar
  • Domain 11: Liam Lynch
  • Domain 12: Paul Simmonds, Andrew Yeomans, Ian Dobson, John Arnold, Adrian Secombe, Peter Johnson, Shane Tully
  • Domain 13: Dave Asprey, Richard Zhao, Kanchanna Ramasamy Balraj, Abhik Chaudhuri, Melvin M. Rodriguez
  • Domain 14: Jens Laundrup, Marlin Pohlman, Kevin Fielder
  • Peer Reviewers

    Valmiki Mukherjee, Bernd Jaeger, Ulrich Lang, Hassan Takabi, Pw Carey, Xavier Guerin, Troy D. Casey, James Beadel, Anton Chuvakin, Tushar Jain, M S Prasad, Damir Savanovic, Eiji Sasahara, Chad Woolf, Stefan Pettersson, M S Prasad, Nrupak Shah, Kimberley Laris, Henry St. Andre, Jim Peterson, Ariel Litvin, Tatsuya Kamimura, George Ferguson, Andrew Hay, Danielito Vizcayno, K.S. Abhiraj, Liam Lynch, Michael Marks, JP Morgenthal, Amol Godbole, Damu Kuttikrishnan, Rajiv Mishra, Dennis F. Poindexter, Neil Fryer, Andrea Bilobrk, Balaji Ramamoorthy, Damir Savanovic

    CSA Staff

    • Executive Director: Jim Reavis
    • Technical Writer/Editor: Amy L. Van Antwerp
    • Graphic Designer: Kendall Scoboria
    • Research Director: J.R. Santos

Security Guidance Working Group Leadership

Security Guidance Co-chairs

Rich Mogull

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA and Black Hat. Rich was previously a Research Vice President at Gartner on the security team and co-chair of the Gartner Security Summit.

Security Guidance Working Group Initiatives

Please contact Security Guidance Working Group Leadership for more information.

JOIN WORKING GROUP


In what ways do you see yourself contributing?


Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:

Security Guidance Working Group Downloads

Security Guidance v4.0 – Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Release Date: August 03, 2018

Security Guidance v4.0 Info Sheet

Release Date: July 26, 2017

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Description: The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology.

Release Date: July 26, 2017

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: November 14, 2011

Cloud Computing for Business

This book is for all these people, and indeed for all executives whose companies are using, or thinking of using, cloud computing.

Release Date: March 02, 2011