Cloud Security Alliance; Security Guidance v3 released

The Cloud Security Alliance (CSA) has released the long awaited version 3 of the ‘Security Guidance for Critical Areas of Focus in Cloud Computing’.  This is the first update to the guidance since version 2.1 was released in 2009 and is a major overhaul bringing the guidance up to date in the new and fast moving world that is ‘cloud’ computing.

In addition to updating all of the existing domains of the guidance, there has been the addition of Domain 14 – Security as a Service (SecaaS), this is the domain I have contributed extensively to and has it’s basis in the white paper I co-chaired the publication or a few months ago.

As an overview version 3 comprises of the following domains in the context of cloud security;

Section I. Cloud Architecture

–          Domain 1: Cloud Computing Architectural Framework

Section II. Governing in the Cloud

–          Domain 2: Governance and Enterprise Risk Management

–          Domain 3: Legal Issues: Contracts and Electronic Discovery

–          Domain 4: Compliance and Audit Management

–          Domain 5: Information Management and Data Security

–          Domain 6: Interoperability and Portability

Section III. Operating in the Cloud

–          Domain 7: Traditional Security, Business Continuity, and Disaster Recovery

–          Domain 8: Data Centre Operations

–          Domain 9: Incident Response

–          Domain 10: Application Security

–          Domain 11: Encryption and Key Management

–          Domain 12: Identity, Entitlement, and Access Management

–          Domain 13: Virtualization

–          Domain 14: Security as a Service

The guidance can be freely downloaded from the CSA website here;

https://cloudsecurityalliance.org/research/initiatives/security-guidance/

It is relatively long, but covers a lot of what you need to know about cloud security and things you need to consider if you are planning to move your data to a ‘cloud’ type service.

K

SecaaS overview webinar – recording available

For anyone interested there is a recording of the webinar session available from the Credant website here;

https://credantevents.webex.com/credantevents/lsr.php?AT=pb&SP=EC&rID=4463592&rKey=a659de63f39288e9

 

It’s a little dry as it was mostly me presenting, but there is an overview of cloud and Security as a Service.

Happy viewing and feel free to ask any questions!

If you want to get involved in the work we are doing around Security as a Service check out;

https://cloudsecurityalliance.org/research/working-groups/secaas/

K

SecaaS overview webinar with Credant

For anyone who would like an overview of;

– What the ‘Cloud’ is

– Who the Cloud Security Alliance is and their mission

– What Security as a Service (SecaaS) is

– The work of the SecaaS working group so far and what is coming up

I am presenting a Webinar in association with Credant tomorrow (10/11/2011) at 1pm Central US time / 7pm UK time.

To register for this event please follow this link;

https://credantevents.webex.com/credantevents/onstage/g.php?t=a&d=668393321

This should be an interesting event, and there will be a Q&A session included should there be anything you want to know about Security as a Service, the CSA or Credant that we don’t cover in the pitch.

For those not familiar with them Credant are one of the leaders in Data Protection.  From their website they describe themselves as;

Your Trusted Data Protection Experts

We help you protect critical corporate data by mitigating the risk of data breaches and managing the complexity of securing data with a single, management framework. Our Data Protection Platform comprehensively addresses the unique security challenges of your enterprise organization’s data to ensure you’re compliant.

Our comprehensive Data Protection Platform helps you control, manage and protect data holistically at your enterprise organization from endpoints to servers, to storage, to applications and in the cloud.

For further details or to contact them Credant can be found here;

http://www.credant.com/

For reference I am in no way affiliated with Credant and the opinions expressed both here and in tomorrows presentation are 100% my own.

If you have data to be protected I would recommend checking Credants solutions out.

K

 

 

 

ISEB Enterprise and Solutions Architecture – update

Following from my previous post I can confirm that the exam was pretty easy having got a pretty reasonable passing mark after completing the exam in ~25 minutes.

I have yet to see many job specs that require this certification so I don’t know how CV enhancing it really is.  However many job specs want knowledge of or familiarity with architecture frameworks such as TOGAF and Zachman, if you are not already fairly familiar with these then this course does provide a good overview and comparison of some frameworks.

Overall my assessment of the course / exam is as before – I think well worth while from the point of view of getting an overview of various architecture frameworks and the terminologies used, as well as meeting people from a variety of business backgrounds.  This should assist with any requirement for knowledge of architecture frameworks / methodologies your current or future roles have.  The caveat in terms of career value is that the certification itself seems to be in very low demand.

K