CSA Official Press Release
Published 05/18/2021
Cloud Security Alliance Enterprise Architecture Reference Guide v2 Harmonizes Business, Security, and Technology
Guide provides a roadmap to a modern, identity-aware cloud infrastructure
SEATTLE – May 18, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the release of the Enterprise Architecture Reference Guide v2. Developed by the CSA Enterprise Architecture Working Group (EAWG), the reference guide provides users with a compilation of every domain and container within the CSA Enterprise Architecture v2.3, a comprehensive approach for the architecture of a secure, identity-aware cloud infrastructure.
“This reference guide is fundamentally important for risk managers in evaluating opportunities for improvement, creating road maps for technology adoption, identifying reusable security patterns, and assessing various cloud providers and security technology vendors against a common set of capabilities and serves as a launchpad for upcoming EAWG releases, including a CSA Cloud Controls Matrix to Enterprise Architecture mapping and a refresh to the Enterprise Architecture itself,” said Jon-Michael C. Brook, a lead author and Enterprise Architecture Working Group co-chair.
The CSA Enterprise Architecture Reference Guide is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions that allow them to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business. Requirements come from the Cloud Controls Matrix (CCM), guided by regulations such as Sarbanes-Oxley, standards frameworks such as ISO-27002, the Payment Card Industry Data Security Standards, and the IT Audit Frameworks, such as COBIT, all in the context of cloud delivery models such as SaaS, PaaS, and IaaS.
“Our goal in creating this guide is to provide users with a clear method of organizing their organization's technology standards portfolio, thereby allowing them to identify areas where multiple technologies exist for the same capability and conversely, areas which lack standard technology. From there, users can easily determine what warrants further investment based on the business needs of the company,” said Michael Roza, a lead author and Enterprise Architecture Working Group co-chair.
The Enterprise Architecture Working Group closely follows the CCM working group in order to map the architecture components that help enterprises identify critical elements that are key to their cloud security architecture. These components, when agreed upon to an adjacent CCM control, create a larger picture for easily implementing security strategies. Those interested in participating in the working group or its research should visit the Enterprise Architecture Working Group join page.
Download the free Enterprise Architecture Reference Guide v2.
Learn more about defining and implementing a secure enterprise cloud operating model at the upcoming CSA CISO Summit at RSAC 2021 (May 18). Register today.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.