Guidance for Critical Areas of Focus in Cloud Computing Has Been Updated
Blog Article Published: 07/26/2017
Newest version reflects real-world security practices, future of cloud computing securityBy J.R. Santos, Executive Vice President of Research, Cloud Security Alliance Today marks a momentous day not only for CSA but for all IT and information security professionals as we release Guidance for Critical Areas of Focus in Cloud Computing 4.0, the first major update to the Guidance since 2011. As anyone involved in cloud security knows, the landscape we face today is a far cry from what was going on 10, even five, years ago. To keep pace with those changes almost every aspect of the Guidance was reworked. In fact, almost 80 percent of it was rewritten from the ground up, and domains were restructured to better reflect the current state of cloud computing, as well as the direction in which this critical sector is heading. For those unfamiliar with what is widely considered to be the definitive guide for cloud security, the Guidance acts as a practical, actionable roadmap for individuals and organizations looking to safely and securely adopt the cloud paradigm. This newest version includes significant content updates to address leading-edge cloud security practices and incorporates more of the various applications used in the security environment today. Guidance 4.0 covers such topics as:
- DevOps, continuous delivery, and secure software development;
- Software Defined Networks, the Software Defined Perimeter and cloud network security.
- Microservices and containers;
- New regulatory guidance and evolving roles of audits and compliance inheritance;
- Using CSA tools such as the CCM, CAIQ, and STAR Registry to inform cloud risk decisions;
- Securing the cloud management plane;
- More practical guidance for hybrid cloud;
- Compute security guidance for containers and serverless, plus updates to managing virtual machine security; and
- The use of immutable, serverless, and “new” cloud architectures.