Having trouble seeing this email?  view it online or unsubscribe

Cloud Security Alliance

August 3, 2015

CSA Research Update

Welcome to the
CSA Research Update!

The CSA Research Team has begun development on the next update to CSA's Security Guidance for Critical Areas of Focus. Read about that initiative and other Research projects in this edition of the CSA Research Update.

Research News

Stay up to date with our latest research projects.

Call for Volunteers: Security Guidance for Critical Areas of Focus in Cloud Computing

The Cloud Security Alliance's (CSA) Security Guidance for Critical Areas of Focus leverages the CSA Cloud Control Matrix and seeks to establish a stable, secure baseline for cloud operations. Since its last revision in 2011, the cloud landscape, tools and technologies have changed and so we want to reflect that in an updated version of the Guidance. CSA is currently seeking volunteers to provide in-depth feedback and insight for the next version of the Security Guidance.

Read More

IT and the Line of Business – Security vs Usability Survey

In this survey we plan to explore how these trends are reshaping the role of IT and its relationship to the line of business. After numerous high profile data breaches in recent years starting with the Target payment card theft and culminating in the Sony breach, we also seek to investigate how organizations are preparing for mega-breaches.

Take the Survey

CipherCloud and Cloud Security Alliance Forge Cloud Security Working Group

Recognized as the fastest-growing segment of cloud security, the cloud access security broker space (CASB) is still an emerging one where standards have yet to coalesce. To fill this gap, CipherCloud and the Cloud Security Alliance are forming a Cloud Security Open API Working Group to jointly define protocols and best practices for implementing cloud data security as a part of the CASB framework.

Read More

Learn about our research at https://cloudsecurityalliance.org/research/.


Recent publications from our ongoing research initiatives.

The Mandate for Meaningful Cyber Incident Sharing for the Cloud

New and increasingly significant cybersecurity breaches are reported practically every day. For most companies, it is no longer a matter of whether they will be attacked, but rather how long ago they were attacked. Enterprises and cloud providers alike need to understand the types of incidents that peers and technology partners are experiencing so that they can better protect themselves and their customers.

Download now

Privacy Level Agreement [V2]: A Compliance Tool for Providing Cloud Services in the European Union

PLA [V2] is intended to be used as an appendix to a Cloud Services Agreement, and to describe the level of privacy protection that the CSP will provide. While Service Level Agreements (SLA) are generally used to provide metrics and other information on the performance of the services, PLAs will address information privacy and personal data protection practices.

Download now

Security Considerations for Private vs. Public Clouds

The Cloud Security Alliance teamed up with Palo Alto Networks to produce a new whitepaper titled, “Security Considerations for Private vs. Public Clouds.” A public cloud deployment occurs when a cloud’s entire infrastructure is owned, operated and physically housed by an independent Cloud Service Provider. A private cloud deployment consists of a cloud’s entire infrastructure owned, operated and physically housed by the tenant business itself, generally managed by its own IT infrastructure organization.

Download now

Find more publications at https://cloudsecurityalliance.org/download/.