The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
The Cloud Security Alliance is comprised of many subject matter experts from a wide variety disciplines, united in their objective:
Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
Promote independent research into best practices for cloud computing security.
Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions
Create consensus lists of issues and guidance for cloud security assurance.
The CSA is also participating in a group that will coordinate cloud standards across Standard Development Organizations (SDOs). The new group has a Cloud Standards Coordination wiki at cloud-standards.org.
Resources
Paper: Top Threats to Cloud Computing March 2010 - Prepared by the Cloud Security Alliance
The purpose of this document is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. In essence, this threat research document should be seen as a companion to "Security Guidance for Critical Areas in Cloud Computing". As the first deliverable in the CSA's Cloud Threat Initiative, this document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about.
Paper: Security Guidance for Critical Areas of Focus in Cloud Computing v2 December 2009 Prepared by the Cloud Security Alliance
The Cloud Security Alliance's initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there will certainly be guidance that we could improve upon. We will quite likely modify the number of domains and change the focus of some areas of concern. We seek your help to improve this guidance to make version 2.0 of this document an even better asset to the security practitioner and cloud provider. We will be kicking off numerous online activities and in-person regional events to share our findings and connect with experts to increase our knowledge base.
CSA Group