Nieuwe publicaties CSA november 2011 Arrow to Content

The Cloud Security Alliance (CSA) has had a pretty busy month with the CSA Congress in Orlando, the release of V.3 of the Security Guidance for Critical Areas of Focus in Cloud Computing and a flurry of press releases of recent CSA activity. As Research Director of CSA Global, I wanted to highlight some of the great work from our volunteers, CSA staff, Corporate Members and CSA Chapters and provide locations of where you can download recently published documents and obtain additional information about the highlighted CSA research initiatives.

V.3 Security Guidance for Critical Areas of Focus in Cloud Computing
The CSA Guidance, in its third edition, was published and released at CSA Congress 2011. Version 3.0 is a collection of acts and opinions gathered from over seventy industry experts worldwide seeking to establish a stable, secure baseline for cloud operations. This effort provides practical direction for adopting the cloud paradigm safely and securely. The Guidance is structured in parallel with multinational cloud standards and extends content from previous versions with recommendations and requirements for all use cases we could envision, thereby aligning with similar well accepted documents. The 14 Domains emphasize security, stability, and privacy, ensuring corporate privacy in a multi-tenant environment.

Download V.3 here: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
Visit the V.3 website at: https://cloudsecurityalliance.org/research/initiatives/security-guidance/

Trusted Cloud Initiative
Recently, the Trusted Cloud Initiative released the TCI Reference Architecture Model, published a quick guide to take a user through the architecture, and released the TCI Reference Architecture Mapping, which links the Control Matrix to the TCI architecture. TCI’s reference model is a vendor-neutral architecture to be used for secure design and assessment of cloud infrastructure. TCI helps cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management designs.

Download the TCI Reference Architecture Model here:https://cloudsecurityalliance.org/wp-content/uploads/2011/11/TCI-Reference-Architecture-1.1.pdf
Download the TCI Reference Architecture Quick Guide here:https://cloudsecurityalliance.org/wp-content/uploads/2011/10/TCI_Whitepaper.pdf
Download the TCI Reference Architecture Mapping here: https://cloudsecurityalliance.org/wp-content/uploads/2011/11/CSA-Controls-Ref-Arch-Mapping-v1.9.xls
Visit the Trusted Cloud Initiative website at: https://cloudsecurityalliance.org/research/initiatives/tci/

Security as a Service
In September, the Security as a Service working group published its first white paper, “Defined Categories of Service 2011” in an effort to provide clear definitions of the different categories of security services that can be provided via the cloud (e.g.elastic, on demand) model. Due to its thorough research, this white paper has led to the inclusion of SecaaS as a domain in the CSA Guidance V.3. In addition to the categories, the project also aims to help end users understand the unique nature of cloud-delivered security offerings in order to evaluate the offerings for their specific needs.

Download the Defined Categories of Service Document here: https://cloudsecurityalliance.org/wp-content/uploads/2011/09/SecaaS_V1_0.pdf
Visit the Security as a Service (SecaaS) website at: https://cloudsecurityalliance.org/research/working-groups/secaas/

Cloud Data Governance
In November, the Cloud Data Governance (CDG) working group introduced the results of its Cloud Consumer Advocacy Questionnaire and Information Survey (CCAQIS). The results of this survey have been aggregated and used for guidance and research conducted by CSA and its affiliates. The survey is the first deliverable for the CDG working group, which will now turn its focus to delivering best practices recommendations, prioritizing and answering the key problems and questions identified by cloud stakeholders in the survey.

Download the CDG CCAQIS Report here: https://cloudsecurityalliance.org/wp-content/uploads/2011/11/CSA_CCAQIS_Survey.pdf
Visit the Cloud Data Governance website at: https://cloudsecurityalliance.org/research/working-groups/cdg/

CSA STAR
The CSA Security, Trust & Assurance Registry (STAR) is the launch of a new initiative to encourage transparency of security practices within cloud providers. STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings. Cloud providers can submit two different types of reports to indicate their compliance with CSA best practices, the CAIQ or the CCM. STAR will be online in Q4 of 2011, representing a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.

Visit the CSA STAR website at: https://cloudsecurityalliance.org/star/
CSA STAR faq: https://cloudsecurityalliance.org/star/faq/
Ask STAR related Question at our CSA STAR Support Forum: http://www.linkedin.com/groups?home=&gid=4066598
Watch the STAR briefing online: https://cloudsecurityalliance.org/education/online-learning/star-registry-briefing/

Page Dividing Line