The Cloud Security Alliance is a global not-for-profit organisation dedicated to defining and raising awareness of best practices for secure cloud computing. Its most prominent contribution is the Cloud Controls Matrix (CCM), a comprehensive cybersecurity controls framework specifically designed for cloud environments, mapped to leading standards including ISO 27001, SOC 2 and NIST.
The CSA also administers the Security, Trust, Assurance and Risk (STAR) programme, which provides a publicly accessible registry where cloud providers can publish their security posture. For organisations evaluating cloud services, CSA resources offer a structured approach to assessing provider security and ensuring that cloud adoption does not introduce unacceptable risks.