SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Ciso enterprise cloud ai security roadmap dashboard illustration
#
Cloud Security
#
AI Security
#
Risk & Compliance

CSA adds new enterprise tiers for cloud & AI security

Thu, 19th Mar 2026
Author image
By Catherine Knowles, News Editor

Cloud Security Alliance has expanded its Enterprise Corporate Membership programme, adding new tiers that give security leaders structured access to analyst support, workshops and operational maturity roadmaps.

The not-for-profit organisation, focused on cloud, AI and Zero Trust security education, has introduced three new levels-Accelerated, Premier and Elite. The expanded structure builds on its existing Corporate membership and targets CISOs and other senior security leaders seeking ongoing engagement with CSA analysts.

The new tiers add dedicated analyst access and more formal engagement models, including scheduled programme reviews, hands-on workshops and an annual progress report tracking improvements against agreed goals.

From frameworks

CSA is known for security frameworks and assessment tools used by technology teams and service providers. These include the Cloud Controls Matrix, the AI Controls Matrix, the Consensus Assessment Initiative Questionnaire, the STAR Registry, and Cloud and AI Security Maturity Models.

It positioned the expanded membership programme as a path from published research to operational change inside member organisations, combining its frameworks with a structured, analyst-led programme that works with member teams over time.

"For over 15 years, CSA has been the definitive source for cloud security research, frameworks, and best practices," said Jim Reavis, CEO and co-founder of Cloud Security Alliance.

"With these new Enterprise Membership tiers, we're taking the next step by working directly with our members to turn that research into action. We are incredibly excited to provide the hands-on expert guidance that organizations need to navigate the complexity of modern cloud and AI security," Reavis said.

Roadmap model

A central feature of the programme is an Operational Maturity Roadmap, described as a structured engagement in which analysts work alongside member teams. It covers assessment of current posture, definition of desired outcomes and a prioritised path to maturity across cloud security, AI security and Zero Trust.

The tiers vary the depth and frequency of engagement. Under Accelerated, members participate in the full Operational Maturity Roadmap programme, including structured assessments, dedicated analyst support and regular programme reviews.

Premier and Elite add more extensive assessments and monthly review sessions, and allow members to run multiple maturity programmes at the same time.

The focus on measurement reflects a common challenge in security governance. Many organisations adopt frameworks for policy alignment and audit readiness, but struggle to translate them into consistent implementation across teams, suppliers and technology estates. CSA's approach places analysts in a recurring role that resembles external assurance and programme management, rather than a one-off advisory engagement.

Rich Mogull, chief analyst at CSA, said the programme addresses operational barriers rather than information gaps.

"Organisations don't struggle because they lack access to good research-they struggle because translating that research into operational security improvements is hard," Mogull said. "This program is designed to bridge that gap. We're embedding our analysts directly into member organizations' security journeys, providing the ongoing guidance and accountability that makes the difference between a framework on a shelf and a measurable improvement in security outcomes."

Training included

The expanded Enterprise Membership structure includes training and certifications as part of the maturity journey. Members can select the Certificate of Cloud Security Knowledge for cloud security, the Trusted AI Safety Expert certificate for AI security, and the Certificate of Competence in Zero Trust for Zero Trust architecture.

Higher-tier memberships add workshops led by CSA analysts. These sessions can run for half a day or a full day and are tailored to an organisation's priorities and maturity level.

The programme's emphasis on cloud, AI and Zero Trust aligns with security priorities that extend beyond traditional perimeter controls. AI governance is becoming a board-level issue in many organisations as deployments move from experimentation into operational systems. Zero Trust remains a common architectural direction in large enterprises and government bodies, while cloud security programmes continue to evolve as firms spread workloads across multiple providers and adopt more managed services.

CSA plans to introduce the new membership tiers at the 2026 RSA Conference, where it expects current and prospective members to discuss the programme.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding