Cloud Security Alliance; Security Guidance v3 released

The Cloud Security Alliance (CSA) has released the long awaited version 3 of the ‘Security Guidance for Critical Areas of Focus in Cloud Computing’.  This is the first update to the guidance since version 2.1 was released in 2009 and is a major overhaul bringing the guidance up to date in the new and fast moving world that is ‘cloud’ computing.

In addition to updating all of the existing domains of the guidance, there has been the addition of Domain 14 – Security as a Service (SecaaS), this is the domain I have contributed extensively to and has it’s basis in the white paper I co-chaired the publication or a few months ago.

As an overview version 3 comprises of the following domains in the context of cloud security;

Section I. Cloud Architecture

–          Domain 1: Cloud Computing Architectural Framework

Section II. Governing in the Cloud

–          Domain 2: Governance and Enterprise Risk Management

–          Domain 3: Legal Issues: Contracts and Electronic Discovery

–          Domain 4: Compliance and Audit Management

–          Domain 5: Information Management and Data Security

–          Domain 6: Interoperability and Portability

Section III. Operating in the Cloud

–          Domain 7: Traditional Security, Business Continuity, and Disaster Recovery

–          Domain 8: Data Centre Operations

–          Domain 9: Incident Response

–          Domain 10: Application Security

–          Domain 11: Encryption and Key Management

–          Domain 12: Identity, Entitlement, and Access Management

–          Domain 13: Virtualization

–          Domain 14: Security as a Service

The guidance can be freely downloaded from the CSA website here;

https://cloudsecurityalliance.org/research/initiatives/security-guidance/

It is relatively long, but covers a lot of what you need to know about cloud security and things you need to consider if you are planning to move your data to a ‘cloud’ type service.

K

Advertisements

Author: Kevin Fielder

Innovative and dynamic security professional, with a passion for driving change by successfully engaging with all levels of the business. I am a determined individual with proven ability to provide security insights to the business, in their language. These insights have gained board buy in for delivering security strategy aligned to key business goals. This is achieved by understanding the need to drive change through people, process and technology, rather than focusing exclusively on any one area. I take pride in being a highly articulate, motivational and persuasive team-builder. I have a strategic outlook with the ability to engage with and communicate innovative and effective security solutions to all levels of management. Along with a proven ability to translate security into business language and articulate the business benefits I am also passionate about leading security innovations and making security a key part of the business proposition to its customers. Security should be made a key differentiator to drive sales and customer retention, not just a cost centre! Outside of work I am a proud husband and father to an awesome family, and a passionate CrossFit coach and athlete.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s