Who is the Cloud Security Alliance (CSA) and How They Can It Help Your Company’s Security and Security People?

When you work in information security, sometimes it feels like you need all the help you can get. But good help that really moves you forward can be hard to find. Often success doesn’t come down to more resources, but to working smarter and more strategically with the resources you have.

Helping information security practitioners succeed in our drive to “secure all forms of computing” is the far-reaching mission of the Cloud Security Alliance (CSA), a US-based nonprofit. The hardworking CSA community of experts and stakeholders create vendor-neutral, best-practice tools and guidance, often in emerging/underserved security areas, which they make available to our industry for free.

A recent episode of The Virtual CISO Podcast featured two CSA thought leaders: John Yeoh and Aaron Guzman. John is CSA’s Global VP and head of research, and Aaron co-chairs CSA’s IoT Working Group and is product security lead at Cisco Meraki.

“We’re very membership– and community-driven,” says John. “Everything that we do operates within this community of experts and stakeholders that we have.”

CSA began over a decade ago with securing the cloud, which remains a core foundational technology that the industry has evolved around.

“Cloud, Internet of Things [IoT], securing forms of blockchain, and even preparing for the quantum age — it all becomes very relevant, and we try to address all these things,” describes John.

“If you haven’t seen the Cloud Controls Matrix and you are a SaaS or technology service provider, do yourself a favor and pick it up,” shares host John Verry, Pivot Point’s CISO and Managing Partner. “It’s one of the best forms of guidance out there.”

“We’re big believers in open, trusted frameworks, things like ISO 27001,” John Verry continues. “You guys have kind of taken that and built on top of that, right? That’s what the CSA STAR program does. It’s a way to certify the Cloud Controls Matrix on top of ISO 27001.”

If your business relies on an IoT ecosystem, this podcast with Aaron Guzman and John Yeoh will be a big help with framing your evolving security options and making the best decisions with developing or purchasing a secure IoT solution.

To hear the complete episode with Aaron and John, as well as scan our extensive menu of tasty cybersecurity podcasts, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here.

We are a trusted source of simple, practical, and actionable information security guidance.