Research Artifacts

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends: sending and receiving. Email service is a well defined utility in the enterprise, and securing email in the cloud is similar to securing email in the enterprise. Email Security as a Service (SecaaS) has a few unique aspects, but most responses entail differences of degree, rather than instituting new methods of security.

The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addresses one element focused on Web Security as a Service (Web SecaaS).

DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. DLP has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective.

In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical network devices. Tight integration with the underlying cloud software layer to ensure full visibility of all traffic on the virtual network layer is important.

A collaborative project by ISACA and CSA, the Cloud Market Maturity study provides business and IT leaders with insight into the maturity of cloud computing and will help identify any changes in the market.

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particular interest to those with the responsibility of designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS.

The CSA Open Certification Framework is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.

The purpose of this survey was to capture the current state of data governance and data security capabilities offered by leading cloud service providers in the industry. The results of this survey are intended to be used for guidance and research conducted by CSA and its affiliates.

This domain highlights some of the legal aspects raised by cloud computing. It provides general background on legal issues that can be raised by moving data to the cloud, some issues for consideration in a cloud services agreement, and the special issues presented by electronic discovery under Western litigation.

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

The purpose of this survey is to capture the current state of data governance and data security capabilities offered by leading cloud service providers in the industry. The results of this survey will be aggregated and used for guidance and research conducted by CSA and its affiliates.