Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join AT&T Cybersecurity in Chicago to learn top 2024 resilience tactics on May 21st!

CSA’s Enterprise Architecture: Technology Solution Services (TSS)

Home
Industry Insights
CSA’s Enterprise Architecture: Technology Solution Services (TSS)

Blog Article Published: 06/16/2023

Written by CSA’s Enterprise Architecture Working Group.

The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess opportunities for improvement, create road maps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities.

This blog describes the third of four domains from CSA’s Enterprise Architecture: Technology Solution Services (TSS). Read about the first domain, the second domain, and check back for the last blog on domain four.

IT solutions can be thought of as a technology stack: at the top are actual interactions the users have, with applications that accept the interactions and push data down where it may be manipulated, followed by the data that runs on them, with the computers and networks at the bottom layer. The four technology solution domains are Presentation Services, Application Services, Information Services, and Infrastructure Services:

Presentation Services

Presentation is the website you see when you go to an online bank, the voice on the phone when you call the airline reservation system, or the mobile platform you order remotely from. It is the domain where the end-user interacts with an IT solution.

The requirements for the domain vary on the type of user and type of service being provided. For example, a B2C website will have different security concerns than a social media website. The security requirements will also vary based on the types of endpoints being used by the end-user.

Example

A mobile device provides the risk of locally-stored data being lost with the device, and a shared public kiosk provides the risk of subsequent end-users having access to prior users’ data.

Application Services

Application Services are the processes that developers use to write code, as well as the code itself. They are the rules and processes behind the user interface that manipulate the data and perform translations for the user. In an online bank, this might be a bill payment transaction that deducts the payment amount from the user’s account and sends a check to the payee. In addition, the Application Services domain also represents the development processes that programmers go through when creating applications.

Example

A developer is writing an API that allows a banking system to exchange transactions with other banks. He scans the code with a source code analyzer that identifies a section of code that was not protected against invalid input that could corrupt the system. The change is made immediately, and the new API is now safe to use.

Information Services

One of the most common pain points across organizations is the amount of data generated across the company, sometimes including redundant data. Information Services refers to the storage of data, usually in databases, but sometimes just in files.

All the data needs to be transformed into useful information that business asset owners can use to prioritize, strategize, and manage the risk portfolio they own. All data containers are allocated on this domain, where eventually they can be extracted, transformed, and loaded into an operational data store and a data warehouse.

Example

When an administrator creates a user account, the ID and Password are stored in a user directory. When that user logs into the system, a log entry showing the data and time of that log-in is stored in the security-monitoring database.

Infrastructure Services

Infrastructure Services are the layered basic core capabilities that support higher-level capabilities in other architecture areas. These levels include virtual machines, applications, and databases, as well as networking, physical hardware, and facilities.

As they provide a foundation, Infrastructure Services are mostly invisible to end-users of the cloud service. For example, a customer will likely be required by due diligence to assure that cloud facilities provide physical security to match the risk characteristics of the uses they make of cloud services.

Example

Even the cloud needs to reside somewhere physically, i.e., at a data center. These data centers are physically secured with fences, cameras, security guards, man-traps, and badge-activated doors. Availability of the Infrastructure is ensured with lines to multiple internet service providers, power generators in case of a power failure, and multiple computers to do the same job in case one fails.

Read more in the CSA Enterprise Architecture Reference Guide.

Enterprise Architecture

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Virtual Cloud Trust Summit 2024
AT&T Cybersecurity in Seattle
This Year’s Zero Trust Opportunity for Security Professionals
Trending This Week
#1 CCSK vs CCSP: Unbiased Comparison
#2 Demystifying Secure Architecture: Review of Generative AI Based Products and Services
#3 Managing Cloud Misconfiguration Risks
#4 Five Approaches for Securing Identity in Cloud Infrastructure
#5 Clarifying 10 Cybersecurity Terms
Enhance your cloud security skills with CSA's online training options.
Related Articles:
The Modern Data Stack Has Changed the Security Landscape

Published: 04/05/2024

UN AI Resolution, EU AI Act, and Cloud Security Alliance's Recent Efforts: Draft White Paper on AI Organizational Responsibility for Core Security

Published: 04/01/2024

Architecting Cloud Instrumentation

Published: 10/05/2023

Reducing IT Complexity with Cloud Options

Published: 09/28/2023