The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the ability of cloud technologies to secure other forms of computing. The industry group also provides security education and guidance to companies implementing cloud computing and helps vendors address security in their software delivery models.
The CSA leads a number of ongoing research initiatives through which it provides white papers, tools and reports to help companies and vendors secure cloud computing services. The CSA GRC Stack, for example, provides a toolkit for assessing private and public clouds against industry-established security best practices. The CloudAudit project seeks to simplify the process of gathering audit data by creating a standard way for cloud providers to communicate how they address security, governance and compliance.
The CSA also offers a Certificate of Cloud Security Knowledge (CCSK), which is designed to establish a baseline of knowledge on cloud security issues. CCSK candidates must pay $295 and pass a multiple-choice exam that is based on two documents: “Security Guidance for Critical Areas of Focus in Cloud Computing,” published by the CSA, and the European Network and Information Security Agency’s “Cloud Computing: Benefits, Risks and Recommendations for Information Security.”
The organization is led by cloud computing and security experts, and supported by founding charter companies PGP Corp., Qualys Inc. and Zscaler Inc. Security expert and blogger Chris Hoff serves as the organization’s technical director. CSA membership is open to any interested parties with expertise to contribute to the security of cloud computing.