(CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the ability of cloud technologies to secure other forms of computing. The industry group also provides security education and guidance to companies implementing cloud computing and helps vendors address security in their software delivery models. CSA membership is open to any interested parties with expertise to contribute to the security of cloud computing.
The CSA leads a number of ongoing research initiatives through which it provides white papers, tools and reports to help companies and vendors secure cloud computing services. The CSA Governance, Risk and Compliance (GRC) Stack, for example, provides a toolkit for assessing private and public clouds against industry-established security best practices. The CloudAudit project seeks to simplify the process of gathering audit data by creating a standard way for cloud providers to communicate how they address security, governance and compliance.
The CSA Security, Trust & Assurance Registry (STAR) program for security assurance in the cloud seeks to reduce or eliminate the per-relationship cost for the provider and customer and increase the consistency of evaluations from assessor to assessor. The basic premise of STAR is that a service provider can voluntarily undertake an objective assessment of its own environment, publish it to a registry and allow the results to be viewed by existing, new, and potential customers.
The CSA also offers two certifications for individuals:
Certificate of Cloud Security Knowledge (CCSK) - this credential certifies competency in key cloud security areas, including cloud architecture, data center operations, incident response, identity and access management and virtualization.
Certified Cloud Security Professional (CCSP) - this credential certifies that the professional has deep-seated knowledge and competency derived from hands-on experience with cyber, information, software and cloud computing infrastructure security.