Research Artifacts

SecaaS Category 4 // Email Security Implementation Guidance

SecaaS Category 4 // Email Security Implementation Guidance

Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends: sending and receiving. Email service is a well defined utility in the enterprise, and securing email in the cloud is similar to securing email in the enterprise. Email Security as a Service (SecaaS) has a few unique aspects, but most responses entail differences of degree, rather than instituting new methods of security.

Release Date: 10/08/2012
SecaaS Category 3 // Web Security Implementation Guidance

SecaaS Category 3 // Web Security Implementation Guidance

The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addresses one element focused on Web Security as a Service (Web SecaaS).

Release Date: 10/08/2012
SecaaS Category 2 // Data Loss Prevention Implementation Guidance

SecaaS Category 2 // Data Loss Prevention Implementation Guidance

DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. DLP has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective.

Release Date: 10/08/2012
SecaaS Category 10 // Network Security Implementation Guidance

SecaaS Category 10 // Network Security Implementation Guidance

In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical network devices. Tight integration with the underlying cloud software layer to ensure full visibility of all traffic on the virtual network layer is important.

Release Date: 10/08/2012
CSA/ISACA Cloud Market Maturity Study Results

CSA/ISACA Cloud Market Maturity Study Results

A collaborative project by ISACA and CSA, the Cloud Market Maturity study provides business and IT leaders with insight into the maturity of cloud computing and will help identify any changes in the market.

Release Date: 09/27/2012
SecaaS Category 1 // Identity and Access Management Implementation Guidance

SecaaS Category 1 // Identity and Access Management Implementation Guidance

This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particular interest to those with the responsibility of designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS.

Release Date: 09/26/2012
OCF Vision Statement

OCF Vision Statement

The CSA Open Certification Framework is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.

Release Date: 08/17/2012
Cloud Consumer Advocacy Questionnaire

Cloud Consumer Advocacy Questionnaire

The purpose of this survey was to capture the current state of data governance and data security capabilities offered by leading cloud service providers in the industry. The results of this survey are intended to be used for guidance and research conducted by CSA and its affiliates.

Release Date: 11/16/2011
Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.

Release Date: 11/14/2011
Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: 09/01/2011
CloudTrust Protocol Information Overview Powerpoint

CloudTrust Protocol Information Overview Powerpoint

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: 09/01/2011
CCAQIS v1.2

CCAQIS v1.2

The purpose of this survey is to capture the current state of data governance and data security capabilities offered by leading cloud service providers in the industry. The results of this survey will be aggregated and used for guidance and research conducted by CSA and its affiliates.

Release Date: 08/01/2011