CSA Community Spotlight: Promoting Data Security Best Practices with Compliance Officer Rocco Alfonzetti, Jr.

Celebrating 15 years of advancing cloud security, CSA has established itself as a leader in defining best practices and fostering collaboration within the industry. Since its founding in 2009, CSA's success has been deeply rooted in the innovative work of its research working groups, which drive the creation of cutting-edge frameworks and research publications. These working groups are powered by a network of dedicated experts and volunteers. In honor of our milestone anniversary, we’re shining a spotlight on the partners whose expertise and commitment have propelled CSA’s growth and impact over the years.

Today we’re chatting with Rocco Alfonzetti, Jr., Compliance Officer at Paperclip, Inc., a CSA Member organization. Rocco is Paperclip’s CSA liaison and has spent the last few years getting certified with his CCSK and CCAK, training and certifying his employees, and promoting CSA both within his organization and without. Below, learn about Rocco’s contributions to CSA and how the educational goals of CSA and Paperclip align and work together.

What are the various ways you’ve been involved with CSA?

I have been working with CSA for a few years now. I am involved in the Data Security Working Group and use CSA’s CAIQ, as well as guidelines, templates, and CCM to help portray Paperclip's commitment to cloud security. We offer cloud born SaaS services which support our customers’ document management and secure archive needs. I contribute articles and papers to CSA and enjoy being part of the working groups and the Circle community where many experts gather to exchange ideas.

What’s one of your favorite experiences with CSA?

I enjoy the collective group "think" that occurs when like-minded individuals gather together. The events and frequent CSA research papers keep myself and others in my position in-the-know about recent IT landscape changes and news. The training and exams are an enjoyable challenge that keeps me and my coworkers learning throughout our IT security careers.

Why do you continue to support CSA?

The guidance of CSA is helping to shape the future of the secure Internet. The educational goals of CSA align with the educational goals of Paperclip, Inc.

How have your contributions to CSA impacted you and your career?

I feel as if the technology we have developed at Paperclip has been greatly impacted and designed with security in mind, in part due to CSA’s teachings, guidelines, and whitepapers. Combining the professional knowledge of CSA Members pushes forward the cybersecurity landscape and helps Paperclip develop SaaS offerings further, bringing cutting-edge secure solutions to our customers.

This is especially true when it comes to encryption in use and our Paperclip SAFE platform. Paperclip is nurturing our relationship with CSA in order to educate IT professionals, CIOs, CISOs, and all interested parties on the benefits of encryption in use.

Paperclip's approach of securing critical data using off-the-shelf encryption and applying our patented shredding technology is the best security strategy for the future; especially archiving of critical data.

What are your predictions for CSA in the next 15 years?

I foresee CSA:

• Helping to establish a baseline of understanding and guidance around the secure Internet, using well known frameworks.
• Helping IT professionals navigate the complexity of cybersecurity at this point in time - growing and adapting as the environment matures.
• Assisting professionals to navigate compliance and security by fostering the CAIQ, CCM, and Security Guidance, gathered by experts in their respective fields.

Question from interviewee Rick Doten: What is the one thing you tell people is different about cloud security as opposed to traditional on-premise security?

One major thing to note is that the lack of LAN environments creates an even playing field for hackers and service providers. Both entities are considered external in a cloud environment, and it is the job of a PAM (Privileged Access Management) to disallow the bad actors to gain entry alongside the permitted users. That is a critical job which needs constant auditing. However, the current auditing landscape is still asking questions about traditional LAN security, ignoring the cloud aspect.

Do you have a question for the next interviewee to answer?

Have you heard of encryption in use? Is there any confidential or private information category within your organization that would benefit from being protected by this technology?

Make sure to check out more insights from the CSA community here.