Cloud 101CircleEventsBlog
Mark your calendar for CSA's 2024 Cyber Monday: CCSK + CCZT tokens for the price of one!

Download Publication

Enterprise Architecture Reference Diagram
Enterprise Architecture Reference Diagram
Who it's for:
  • Cybersecurity architects
  • Cloud engineers
  • Cloud security professionals
  • Compliance professionals

Enterprise Architecture Reference Diagram

Release Date: 05/18/2021

The CSA Enterprise Architecture (EA) is both a methodology and a set of tools. It is a framework, a comprehensive approach for the architecture of a secure cloud infrastructure and can be used to assess opportunities for improvement, create roadmaps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities.

To create the CSA Enterprise Architecture, the EA Working Group leveraged four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho, therefore combining the best of breed architecture paradigms into a comprehensive approach to cloud security. By merging business drivers with security infrastructure, the EA increases the value proposition of cloud services within an enterprise business model. The CSA Enterprise Architecture was adopted by the National Institute of Standards and Technologies in NIST SP 500-299 and NIST SP 500-292.

This diagram provides a broad overview and visual representation of the Enterprise Architecture. It is intended as your quick reference guide. For a full explanation of each domain and its components, refer to the Enterprise Architecture v2 Reference Guide. 

To learn how the EA maps to CSA’s standard controls set, refer to the Enterprise Architecture v2 to CCM v3.01 Mapping.

Key Takeaways:
  • A visualization of CSA’s Enterprise Architecture
  • The key components of a secure, identity-aware cloud infrastructure
Download this Resource

Bookmark
Share
Related resources
Top Concerns With Vulnerability Data
Top Concerns With Vulnerability Data
Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives
Using Asymmetric Cryptography to Help Achieve Z...
Zero Trust Guidance for Critical Infrastructure
Zero Trust Guidance for Critical Infrastructure
Modernization Strategies for Identity and Access Management
Modernization Strategies for Identity and Access Management
Published: 11/04/2024
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Published: 11/04/2024
Zero Standing Privileges: The Essentials
Zero Standing Privileges: The Essentials
Published: 11/01/2024
How to Get your Cyber Essentials Certification: A Process Guide
How to Get your Cyber Essentials Certification: A Process Guide
Published: 10/31/2024

Acknowledgements

Shawn Harris
Shawn Harris
Director of Information Security

Shawn Harris

Director of Information Security

With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments ...

Read more

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction...

Read more

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

John Yeoh
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

Jim Reavis
Jim Reavis
Co-founder and Chief Executive Officer, CSA

Jim Reavis

Co-founder and Chief Executive Officer, CSA

For over 30 years, Jim Reavis has worked in cybersecurity industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging trends have been published and presented widely throughout the industry and have influenced many.
Jim launched Cloud Security Alliance (CSA) in 2009 and has led its global growth and position as among the most vital cybersecurity communities worldwide. Under...

Read more

Michael Theriault Headshot Missing
Michael Theriault

Michael Theriault

Rolando Marcelo Vallejos Headshot Missing
Rolando Marcelo Vallejos

Rolando Marcelo Vallejos

Henry Werchan Headshot Missing
Henry Werchan

Henry Werchan

Sunil Shanthi Headshot Missing
Sunil Shanthi

Sunil Shanthi

Suri Venkat Headshot Missing
Suri Venkat

Suri Venkat

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training