Global adoption and implementation of Cloud computing services is inevitable, it is just a matter of time. This new cloud computing model is transforming the way business are managed and how Information Technology departments handle and secure their data. In an effort to cut operational and implementation costs and stay up to date with todays technology the US Government is also looking towards Cloud computing and Virtualization.

“Aggressive adoption of cloud  computing is clearly underway. The cloud is forcing thoughtful adaptation of certain security controls, while creating an even greater demand for best practices in security program governance.” – Jerry Archer, CIO, Intuit, Inc

Well, when you have this huge computing  model and it is quickly being adopted by lots of vendors and businesses, then you need someone to help with all of the regulatory security compliance issues and risk management. That someone is the Cloud Security Alliance or CSA.



The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

The Cloud Security Alliance is comprised of many subject matter experts from a wide variety disciplines, united in our objectives:

  • Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
  • Promote independent research into best practices for cloud computing security.
  • Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.
  • Create consensus lists of issues and guidance for cloud security assurance.


The issues and opportunities of cloud computing gained considerable notice in 2008 within the information security community. It was at a security practitioners’ conference, the ISSA CISO Forum in Las Vegas, November 20, 2008, where the concept of the Cloud Security Alliance was born. Following a presentation of emerging trends by Jim Reavis that included a call for action for securing cloud computing, Reavis and Nils Puhlmann outlined the initial mission and strategy of the Cloud Security Alliance. A series of organizational meetings in early December 2008 that included Reavis, Puhlmann and industry leaders such as Dave Cullinane, Philippe Courtot, Alan Boehme, Izak Mutlu, Jay Chaudhry, Christofer Hoff, Paul Kurtz and Jean Pawluk formalized the founding of the Cloud Security Alliance. Our outreach to the information security community to create our initial work product for the 2009 RSA Conference resulted in dozens of volunteers to research, author, edit and review our first whitepaper. We are proud to recognize these individuals as founding members. We look forward to welcoming all interested practitioners as members of this organization going forward to continue our important work.