What is it?

The Cloud Security Alliance (CSA) provides cloud security best practice advice and other services to its members. The organisation originated in the US but now has chapters all over the world, including one for the UK and Ireland. It was formed in 2008 as a response to growing calls for the industry to group together to create common goals and protocols for the cloud.

Who is behind it?

The organisation was formed as a result of an initiative by two seasoned IT security experts, Jim Reavis and Nils Puhlmann, imploring any executives they came across to come together for the common good of the industry.

Now, with a full-time staff working for it, the CSA calls on executives from the likes of Ebay and The Coca Cola Company to sit on its board of directors.
What does it do?

In a nutshell, the CSA produces guidance and advice for those moving to the cloud. This comes in the form of white papers, market analysis, working groups, training events and discussion forums. It also provides accreditation for suppliers to prove that they know their security stuff when it comes to the cloud.
Who are its members?

Essentially, its members are split into three categories, all of which provide input to its knowledge base in one form or another, but are separated for the purposes of objectivity and transparency, presumably.

In the CSA’s eyes you are either:

•    A supplier
•    A non-profit cloud action or industry group
•    An end user individual or organisation

The CSA counts a wide range of enterprises among its band of merry men, including big gun corporations like KPMG, Orange and Siemens and all of our old friends like Google, Microsoft, salesforce.com and Oracle. Although it represents a large number of solutions providers, it also provides a lot of information on the best ways for potential customers to interact with vendors and get the best and most appropriate deals.

What’s their ‘cloud cred’ like?

Exemplary, actually. At the 1st Cloud Circle Security Conference in October 2011, almost every speaker petitioned the audience to read The Cloud Security Alliance Guidance as a first port of call; Paul Simmonds of The Jericho Forum castigated those that hadn’t.

Eoin Fleming, a security affinity tower leader EMEA at HP (whatever one of those is) also pointed to  a 197 ‘yes/no’ question survey that the organisation has created as a great place to start for assessing what you require form your cloud solution. In turn, it can also be used to take potential suppliers to task as a check list style procurement exercise. It contains “about 98 per cent of the questions you need to ask”, he said. “I won’t tell you the other two because I don’t want to answer them.”

How do I become a member? Do I need to be?

Why not? It’s free to join the UK and Ireland chapter, if you are either an individual or a company of any size, and it gets you discounted entry to sponsored events, access to the shared experiences and knowledge of other members, an invitation to six chapter meetings a year across UK and Ireland and "away days" where you have chance to discuss hot topics about Cloud security, risk and opportunities with your peers and guests.

How can I find out more?

This is the UK website: http://www.cloud-security.org.uk/

This is the US website: https://www.cloudsecurityalliance.org/

And this is that famous questionnaire which vendors might prefer you didn’t see: https://www.cloudsecurityalliance.org/research/initiatives/cai/