Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

Download Publication

Home
Publications
Security Guidance for Critical Areas of Focus in Cloud Computing V2.0
Security Guidance for Critical Areas of Focus in Cloud Computing V2.0

Security Guidance for Critical Areas of Focus in Cloud Computing V2.0

Release Date: 12/02/2009

Working Group: Security Guidance

The guidance provided herein is the second version of the Cloud Security Alliance document,
“Security Guidance for Critical Areas of Focus in Cloud Computing”, which was originally
released in April 2009.
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources

Related Resources

PublicationsBlogs
Security Guidance for Critical Areas of Focus in Cloud Computing v5
Security Guidance for Critical Areas of Focus i...
Download Now
Security Guidance v4.0 Info Sheet
Security Guidance v4.0 Info Sheet
Download Now
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus i...
Download Now
View all publications
The Five Keys to Choosing a Cloud Security Provider
The Five Keys to Choosing a Cloud Security Provider
Published: 04/21/2025
Implementing CCM: Cryptography, Encryption, and Key Management
Implementing CCM: Cryptography, Encryption, and Key Management
Published: 03/10/2025
Implementing CCM: The Change Management Process
Implementing CCM: The Change Management Process
Published: 02/24/2025
Implementing CCM: Put Together a Business Continuity Management Plan
Implementing CCM: Put Together a Business Continuity Management Plan
Published: 02/14/2025
View all blogs
View all webinars

Acknowledgements

Rich Mogull
Rich Mogull
CEO at Securosis

Rich Mogull

CEO at Securosis

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and fe...

Read more

Jesus Luna Headshot Missing
Jesus Luna

Jesus Luna

Anton Chuvakin Headshot Missing
Anton Chuvakin

Anton Chuvakin

M S Prasad Headshot Missing
M S Prasad

M S Prasad

Scott Matsumoto Headshot Missing
Scott Matsumoto

Scott Matsumoto

Yvonne Wilson Headshot Missing
Yvonne Wilson

Yvonne Wilson

Christofer Hoff Headshot Missing
Christofer Hoff

Christofer Hoff

Michael Johnson Headshot Missing
Michael Johnson

Michael Johnson

Sean Catlett
Sean Catlett
Chief Security Officer

Sean Catlett

Chief Security Officer

Sean Catlett is the Chief Security Officer at Slack, where he oversees product security, GRC, and security engineering and operations. Prior to Slack, Sean was the first CISO for Reddit, where he built the company’s dedicated Security and Privacy functions, protecting more than 430 million monthly active users around the world. In addition to executive roles at industry-leading security software companies, Sean has held senior leadership ro...

Read more

Shail Khiyara Headshot Missing
Shail Khiyara

Shail Khiyara

Shawn Chaput Headshot Missing
Shawn Chaput

Shawn Chaput

Alex Hutton Headshot Missing
Alex Hutton

Alex Hutton

Alexander Meisel Headshot Missing
Alexander Meisel

Alexander Meisel

Alexander Windel Headshot Missing
Alexander Windel

Alexander Windel

Anthony Licciardi Headshot Missing
Anthony Licciardi

Anthony Licciardi

Beau Monday Headshot Missing
Beau Monday

Beau Monday

Arthur J. Hedge III Headshot Missing
Arthur J. Hedge III

Arthur J. Hedge III

Beth Cohen Headshot Missing
Beth Cohen

Beth Cohen

Bikram Barman Headshot Missing
Bikram Barman

Bikram Barman

Colin Watson Headshot Missing
Colin Watson

Colin Watson

David Jackson Headshot Missing
David Jackson

David Jackson

David Sherry Headshot Missing
David Sherry

David Sherry

David Tyson Headshot Missing
David Tyson

David Tyson

Don Blumenthal Headshot Missing
Don Blumenthal

Don Blumenthal

Erick Dahan Headshot Missing
Erick Dahan

Erick Dahan

Erik Peterson Headshot Missing
Erik Peterson

Erik Peterson

Geir Arild Engh-Hellesvik Headshot Missing
Geir Arild Engh-Hellesvik

Geir Arild Engh-Hellesvik

Georg Hess Headshot Missing
Georg Hess

Georg Hess

Gerhard Eschelbeck Headshot Missing
Gerhard Eschelbeck

Gerhard Eschelbeck

Greg Kane Headshot Missing
Greg Kane

Greg Kane

Greg Tipps Headshot Missing
Greg Tipps

Greg Tipps

James Tiller Headshot Missing
James Tiller

James Tiller

Jim Arlen Headshot Missing
Jim Arlen

Jim Arlen

Joe Cupano Headshot Missing
Joe Cupano

Joe Cupano

Joe McDonald Headshot Missing
Joe McDonald

Joe McDonald

Joe Stein Headshot Missing
Joe Stein

Joe Stein

Joel Weise Headshot Missing
Joel Weise

Joel Weise

Joseph Stein Headshot Missing
Joseph Stein

Joseph Stein

Kathleen Lossau Headshot Missing
Kathleen Lossau

Kathleen Lossau

Karen Worstell Headshot Missing
Karen Worstell

Karen Worstell

Luis Morales Headshot Missing
Luis Morales

Luis Morales

Michael Reiter Headshot Missing
Michael Reiter

Michael Reiter

Mike Kavis Headshot Missing
Mike Kavis

Mike Kavis

Patrick Sullivan Headshot Missing
Patrick Sullivan

Patrick Sullivan

Peter Gregory Headshot Missing
Peter Gregory

Peter Gregory

Peter McLaughlin Headshot Missing
Peter McLaughlin

Peter McLaughlin

Ralph Broom Headshot Missing
Ralph Broom

Ralph Broom

Sarabjeet Chugh Headshot Missing
Sarabjeet Chugh

Sarabjeet Chugh

Scott Giordano Headshot Missing
Scott Giordano

Scott Giordano

Scott Morrison Headshot Missing
Scott Morrison

Scott Morrison

Sergio Loureiro Headshot Missing
Sergio Loureiro

Sergio Loureiro

Vern Williams Headshot Missing
Vern Williams

Vern Williams

Randolph Barr Headshot Missing
Randolph Barr

Randolph Barr

Lee Newcombe Headshot Missing
Lee Newcombe

Lee Newcombe

Brian O'Higgins Headshot Missing
Brian O'Higgins

Brian O'Higgins

Dennis Hurst Headshot Missing
Dennis Hurst

Dennis Hurst

Sitaraman Lakshminarayanan Headshot Missing
Sitaraman Lakshminarayanan

Sitaraman Lakshminarayanan

Srijith K. Nair Headshot Missing
Srijith K. Nair

Srijith K. Nair

Tajeshwar Singh Headshot Missing
Tajeshwar Singh

Tajeshwar Singh

Tanya Forsheit
Tanya Forsheit
Co-Chair Privacy, Security & Data Innovations Group at Loeb & Loeb LLP

Tanya Forsheit

Co-Chair Privacy, Security & Data Innovations Group at Loeb & Loeb LLP

Wayne Pauley Headshot Missing
Wayne Pauley

Wayne Pauley

Werner Streitberger Headshot Missing
Werner Streitberger

Werner Streitberger

Jeff Reich
Jeff Reich
Vice President of Member Success, CSA

Jeff Reich

Vice President of Member Success, CSA

Jean Pawluk Headshot Missing
Jean Pawluk

Jean Pawluk

Anish Mohammed Headshot Missing
Anish Mohammed

Anish Mohammed

C. Warren Axelrod Headshot Missing
C. Warren Axelrod

C. Warren Axelrod

Jeff Spivey Headshot Missing
Jeff Spivey

Jeff Spivey

Jim Hietala Headshot Missing
Jim Hietala

Jim Hietala

Francoise Gilbert Headshot Missing
Francoise Gilbert

Francoise Gilbert

Adrian Secombe Headshot Missing
Adrian Secombe

Adrian Secombe

Jeffrey Ritter Headshot Missing
Jeffrey Ritter

Jeffrey Ritter

Wing Ko Headshot Missing
Wing Ko

Wing Ko

Joe Wallace Headshot Missing
Joe Wallace

Joe Wallace

Glenn Brunette Headshot Missing
Glenn Brunette

Glenn Brunette

Jens Laundrup
Jens Laundrup
Chief Security Engineer and Executive Consultant, Emagined Security Inc.

Jens Laundrup

Chief Security Engineer and Executive Consultant, Emagined Security Inc.

Jens Laundrup, Chief Security Engineer and Executive Consultant, Emagined Security Inc., has spent over 30 years in the Information Security space to include numerous security engineering disciplines including Military, Government and Corporate Information Security, Compliance Program Design, Architecture Design, and Network & Physical Security. Mr. Laundrup has led the development and design of cutting-edge risk-based security programs and...

Read more

Richard Zhao
Richard Zhao
Chief Strategy Officer of NSFOCUS

Richard Zhao

Chief Strategy Officer of NSFOCUS

Dr. Liang ZHAO (Richard) manages the research team, strategic planning, and fosters innovations at NSFOCUS. He obtained his B.Sc, M.Sc. and Ph.D degrees from Peking University at 1991, 1994, 1997 respectively. Liang majored physics and fiber-optic communications and has over 15 years of professional experience in telecom and network security areas. He owns certifications of CISSP, ITIL, BS7799.

Prior to his current position, he was th...

Read more

Michael Sutton Headshot Missing
Michael Sutton
CISO, Zscaler

Michael Sutton

CISO, Zscaler

Justin Foster Headshot Missing
Justin Foster

Justin Foster

Jon Callas Headshot Missing
Jon Callas

Jon Callas

David Lingenfelter
David Lingenfelter
Security and Compliance, MaaS360

David Lingenfelter

Security and Compliance, MaaS360

David is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance, and policy development. Throughout his career David has performed risk and vulnerability assessments along with making recommendations on network and system design improvements. David’s career has spanned from traditional hardware based security architectures to cloud technologies and virtual environments.

Read more

Richard Austin Headshot Missing
Richard Austin

Richard Austin

John Arnold Headshot Missing
John Arnold

John Arnold

Subra Kumaraswamy Headshot Missing
Subra Kumaraswamy

Subra Kumaraswamy

Girish Bhat Headshot Missing
Girish Bhat

Girish Bhat

Pamela Fusco Headshot Missing
Pamela Fusco

Pamela Fusco

Ernie Hayden Headshot Missing
Ernie Hayden

Ernie Hayden

David Mortman Headshot Missing
David Mortman

David Mortman

Carlo Espiritu Headshot Missing
Carlo Espiritu

Carlo Espiritu

Dov Yoran Headshot Missing
Dov Yoran

Dov Yoran

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training