Home > Cloud Security Alliance > Introducing the Cloud Security Alliance

Introducing the Cloud Security Alliance

I’m a founding member and serve as the technical advisor for the Cloud Security Alliance (CSA.)  This is an organization you may not have heard of yet, so I wanted to introduce you.

The more formal definition of the role and goals of the CSA appears below, but it’s most easily described as a member-driven forum for both industry, providers and “consumers” of Cloud Computing services to discuss issues and opportunities for security in this emerging space and help craft awareness, guidance and best practices for secure Cloud adoption.  It’s not a standards body. It’s not a secret cabal of industry-only players shuffling for position.  

It’s a good mix of vendors, practitioners and interested parties who are concerned with framing the most pressing concerns related to Cloud security and working together to bring ideas to life on how we can address them. 

From the website, here’s the more formal definition:

The CSA is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

The Cloud Security Alliance is comprised of many subject matter experts from a wide variety disciplines, united in our objectives:

  • Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
  • Promote independent research into best practices for cloud computing security.
  • Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.
  • Create consensus lists of issues and guidance for cloud security assurance.

The Cloud Security Alliance will be launched at the RSA Conference 2009 in San Francisco, April 20-24, 2009.

It’s clear that people will likely draw parallels between the CSA and the Open Cloud Manifesto given the recent announcement of the latter.  

The key difference between the two efforts relates to the CSA’s engagement and membership by both providers and consumers of Cloud Services and the organized non-profit structure of the CSA.  The groups are complimentary in nature and goals.

You can see who is participating in the CSA now based upon the pre-release of the working draft of our initial whitepaper.  Full attribution of company affiliation will be posted as the website is updated:



Nils Puhlmann
Jim Reavis

Founding Members and Contributors

Todd Barbee
Alan Boehme
Jon Callas
Sean Catlett
Shawn Chaput
Dave Cullinane
Ken Fauth
Pam Fusco
Francoise Gilbert
Christofer Hoff
Dennis Hurst
Michael Johnson
Shail Khiyara
Subra Kumaraswamy
Paul Kurtz
Mark Leary
Liam Lynch
Tim Mather
Scott Matsumoto
Luis Morales
Dave Morrow
Izak Mutlu
Jean Pawluk
George Reese
Jeff Reich
Jeffrey Ritter
Ward Spangenberg
Jeff Spivey
Michael Sutton
Lynn Terwoerds
Dave Tyson
John Viega
Dov Yoran
Josh Zachry

Founding Charter Companies


If you’d like to get involved, here’s how:


Individuals with an interest in cloud computing and expertise to help make it more secure receive a complimentary individual membership based on a minimum level of participation. If you are interested in becoming a member, apply to join our LinkedIn Group


Not-for-profit associations and industry groups may form an affiliate partnership with the Cloud Security Alliance to collaborate on initiatives of mutual concern. Contact us at affiliates@cloudsecurityalliance.org for more information.


Information on corporate memberships and sponsorship programs will be available soon. Contact info@cloudsecurityalliance.org for more information.


  1. March 31st, 2009 at 06:48 | #1

    You absolutely must name a server or conference room or regular meeting place, "Bespin." I beg of you!

  2. March 31st, 2009 at 10:53 | #2

    Congrats you guys – big news!

  3. March 31st, 2009 at 13:05 | #3

    @Jesse Silver


    Looking forward to working with the CCIF and everyone interested in tackling the sizable opportunities we have for moving the ball forward in regards to security and Cloud.


  4. Davide Giordano
    April 1st, 2009 at 01:57 | #4

    Really good news. Very interesting!

  5. April 1st, 2009 at 06:12 | #5

    Like it! Love the diversity of the strategic areas. I'm glad you're looking soup-to-nuts at this, since I reckon many of the problems with this are less to do with the technology and more to do with the people who are running it.

  1. April 2nd, 2009 at 14:18 | #1
  2. May 11th, 2009 at 03:45 | #2