Research Artifacts

Cloud Security Complexity

Cloud Security Complexity

CSA’s latest survey examines information security concerns in complex cloud environment [Link Here]. The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud, or use of more than one public cloud platform. Topics covered include: • Types of cloud platforms in use • Proportion of workloads actively in the cloud • New workloads expected to be moved into the cloud • Anticipated risks and concerns about potential migrations to the cloud • Challenges managing security after adopting cloud technologies • Methods for addressing these security challenges • Challenges related to network or application outages • Methods for and results of addressing outages and security incidents

Release Date: 05/21/2019
Cloud OS Security Specification

Cloud OS Security Specification

This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security.

Release Date: 05/07/2019
SDP Architecture Guide v2

SDP Architecture Guide v2

Network security architectures, tools, and platforms are falling far short of meeting the challenges presented by today’s threat landscape. Whether you’re reading the headlines in mainstream media, working day-to-day as a network defender, or are a security vendor, it’s clear that our commercial enterprises, governmental organizations, and critical infrastructures are unable to successfully contend with the ongoing and persistent attacks from a wide variety of attackers.

Release Date: 05/07/2019
Hybrid Cloud Security Services Charter

Hybrid Cloud Security Services Charter

This initiative aims to develop a security white paper specifying hybrid cloud security risks and countermeasures, helping users identify and reduce the risks. This initiative proposes to provide hybrid cloud security evaluation suggestions, guiding both users and cloud service providers to choose and provide secure hybrid cloud solutions, and promoting security planning and implementation.

Release Date: 04/25/2019
Open Certification Framework Working Group Charter

Open Certification Framework Working Group Charter

The CSA Open Certification Framework (OCF) is an industry initiative to allow global, trusted independent evaluation of cloud providers. It is a program for flexible, incremental and multi-layered cloud provider certification and/or attestation according to the Cloud Security Alliance’s industry leading security guidance and control framework.

Release Date: 04/25/2019
Cloud Key Management Charter

Cloud Key Management Charter

The Cloud Key Management Working Group will facilitate the standards for seamless integration between CSPs and Key Broker vendor platforms. It will ensure that enterprise key policies are standardized and implemented in a consistent manner, and that standardization will take place across key management lifecycle operations and a common set of APIs.

Release Date: 04/09/2019
SecaaS Working Group Charter

SecaaS Working Group Charter

In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understood and to improve the adoption across industry sectors. This will ensure the market has a clear understanding of what SecaaS is, what it means, the services encompassed and how they can be implemented.

Release Date: 04/09/2019
Blockchain Demo

Blockchain Demo

Blockchain Demo - Kurt Seifried, Chief Blockchain Officer, Cloud Security Alliance

Release Date: 03/05/2019
Lessons From the Cloud

Lessons From the Cloud

Lessons from the Cloud - David Cass, Chief Information Security Officer Cloud and SaaS Operations & Global Partner Cloud Security Services, IBM

Release Date: 03/05/2019
Finally! Cloud Security for Unmanaged Devices…for All Apps

Finally! Cloud Security for Unmanaged Devices…for All Apps

Finally! Cloud Security for Unmanaged Devices…for All Apps - Nico Popp, Senior Vice President Information Protection, Symantec

Release Date: 03/05/2019
CSA STAR: The Leading Cloud Trust and Accountability Program

CSA STAR: The Leading Cloud Trust and Accountability Program

CSA STAR: The Leading Cloud Trust and Accountability Program - Daniele Cattaddu, Chief Technology Officer, CSA

Release Date: 03/05/2019
Taking Control of IoT

Taking Control of IoT

Taking Control of IoT - Hillary Baron, Research Analyst, CSA

Release Date: 03/05/2019
Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation

Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation - Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee & Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International

Release Date: 03/05/2019
From GDPR to California Privacy: Managing Cloud Vendor Risk

From GDPR to California Privacy: Managing Cloud Vendor Risk

From GDPR to California Privacy: Managing Cloud Vendor Risk - Kevin Kiley, Vice President of Sales & Business Development, OneTrust

Release Date: 03/05/2019
Securing your IT Transformation to the Cloud

Securing your IT Transformation to the Cloud

Securing your IT Transformation to the Cloud - Jay Chaudhry, CEO and Founder of Zscaler & Bob Varnadoe, CISO at NCR & Tom Filip, Director of Global Security Architecture, Kellogg Company

Release Date: 03/05/2019
Can you trust your eyes? Context as the basis for “Zero Trust” systems

Can you trust your eyes? Context as the basis for “Zero Trust” systems

Can you trust your eyes? Context as the basis for “Zero Trust” systems - Jason Garbis, Vice President of Cybersecurity Products, Cyxtera

Release Date: 03/05/2019
Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation

Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation

Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation - Jason Clark, Chief Strategy Officer, Netskope & Bob Schuetter, Chief Information Security Officer, Valvoline

Release Date: 03/05/2019
CSA Summit at RSA Conference Presentations 2019

CSA Summit at RSA Conference Presentations 2019

CSA Summit at RSA Conference Presentations 2019.

Release Date: 03/05/2019
CSA Guide to the IoT Security Controls Framework

CSA Guide to the IoT Security Controls Framework

The Guide to the IoT Security Controls Framework provides instructions for using the companion CSA IoT Security Controls Framework spreadsheet. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.

Release Date: 03/05/2019
CSA IoT Security Controls Framework

CSA IoT Security Controls Framework

The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system.

Release Date: 03/05/2019
CAIQ-Lite

CAIQ-Lite

CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enable cybersecurity professionals to more easily engage with cloud vendors. CAIQ-Lite was developed to meet the demands of an increasingly fast-paced cybersecurity environment where adoption is becoming paramount when selecting a vendor security questionnaire. CAIQ-Lite contains 73 questions compared to the 295 found in the CAIQ, while maintaining representation of 100% of the original 16 control domains present in The Cloud Controls Matrix (CCM) 3.0.1.

Release Date: 03/01/2019
High Performance Computing (HPC) Cloud Security Working Group Charter

High Performance Computing (HPC) Cloud Security Working Group Charter

To develop a holistic security framework for cloud infrastructure architected for High Performance Computing needs, with the aim of securing where the cloud environment and High-Performance Computing (HPC) cross paths.

Release Date: 02/26/2019
Requirements for Bodies Providing STAR Certification

Requirements for Bodies Providing STAR Certification

This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment.

Release Date: 02/22/2019