Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CSA Official Press Release

Published 05/04/2021

Cloud Security Alliance’s New Cloud Incident Response Framework Serves as Transparent, Common Blueprint Through Which to Share Best Practices

Cloud Security Alliance’s New Cloud Incident Response Framework Serves as Transparent, Common Blueprint Through Which to Share Best Practices

SEATTLE May 4, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the publication of the Cloud Incident Response (CIR) Framework, a new guide that explores the CIR framework and the preparation required to respond to incidents effectively. Created by the CSA Cloud Incident Response (CIR) Working Group, this framework guides cloud service customers (CSC) in determining their organization’s security requirements and, thus, opting for the appropriate level of incident protection.

“In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower its risk profile. Many organizations and enterprises without a solid incident response plan have been rudely awakened after their first cloud incident encounter. With this framework, cloud service customers can negotiate with cloud security providers or select security capabilities that are made-to-measure — thus providing a clear understanding of the division of security roles and responsibilities,” said CIR Working Group Co-chair and lead author Alex Siow.

The CIR framework is presented in four phases, plus a final section covering coordination and information sharing:

  • Preparation addresses the strategies and actions required in advance of a cloud incident.
  • Detection and analysis cover the various signs and possible causes of cloud incidents for early detection.
  • Containment, eradication, and recovery explain the importance of choosing the right strategy to stop the attacker from doing further systems damage while investigations and forensics are undertaken.
  • Postmortem identifies gaps in personnel, processes, or technology and translates these into “lessons learned” that must be ingested in the preparation phase.
  • Coordination and information describe how the complexities of threats to the cloud require stakeholders to coordinate and share security information to mitigate losses.

“Significant downtime can occur for numerous reasons, such as a natural disaster, human error, or cyberattacks. A good incident response plan helps ensure organizations are well-prepared at all times, however, there are several key aspects of a CIR system that differentiate it from a non-cloud incident response (IR) system, such as governance, shared responsibility, and visibility. Organizations should develop a solid understanding of the incident response process — and its incident response capabilities — to prepare for any potential incidents,” said CIR Working Group Co-chair and lead author Soon Tein Lim.

Download the full Cloud Incident Response Framework.

The Cloud Incident Response Working Group aims to develop a holistic CIR framework that comprehensively covers fundamental causes of cloud incidents (both security and non-security related) and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare their detailed plan to respond and manage the aftermath of cloud incidents. Individuals interested in becoming involved in future CIR research and initiatives are invited to visit the Cloud Incident Response Working Group.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.