Cloud Security Alliance Issues First Security as a Service White Paper

San Francisco, CA –September 26, 2011 – The Cloud Security Alliance (CSA) today announced that the Security as a Service working group has published its first white paper, “Defined Categories of Service 2011”. The purpose of this group’s research is to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices. Until now there has been limited research into the provision of security services in an elastic cloud model that scales as the client requirements change. This first white paper designed to provide clear definitions of the different categories of security services that can be provided via the cloud (e.g. elastic, on demand) model. “Vendors have attempted to satisfy this demand for security by offering security services in a cloud platform, but because these services take many forms, they have caused market confusion and complicated the selection process,” said Kevin Fielder, co-chair of the working group. “This new research project aims to aid both cloud customers and cloud providers, to provide greater clarity on Security as a Service – and to help end users understand the unique nature of cloud-delivered security offerings so they can evaluate the offerings and understand if they will meet their needs.” “The aim of this research is to enable enterprises to make use of security services in new ways, or in ways that would not be cost effective if provisioned locally,” said Cameron Smith, co-chair of the working group. “We’d like to thank Bernd Jaeger, Marlin Pohlman and Jens Laundrup, as well as our numerous other contributors, for their hard work on this project, and we look forward to continuing to produce innovative, much-needed research in this area.” The Security as a Services Categories of Service 2011 white paper covers the following categories of service; * Identity and Access Management * Data Loss Prevention * Web Security * Email Security * Security Assessments * Intrusion Management * Security Information and Event Management * Encryption * Business Continuity and Disaster Recovery * Network Security This work has been proposed as the basis of the new Domain 14 of the CSA guidance, and the working group expects to produce further documentation covering areas such as implementation guidance / reference models for the various categories, along with how they can be used to mitigate the key threats identified by the CSA Top Threats Report and members of the SecaaS working group. The complete report can be downloaded

here (pdf). For more information on the SecaaS Working group, it can be found here. Tweet this: Cloud Security Alliance Security as a Service Working Group Releases Defined Categories of Service White Paper http://bit.ly/mZyetI About the Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing , and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa. Media Contacts: Zenobia Godschalk [email protected] 650.269.8315