CSA Research Update (August 3, 2015) - The CSA Research Team has begun development on the next update to CSA's Security Guidance for Critical Areas of Focus. Read about that initiative and other Research projects in this edition of the CSA Research Update.
The CSA Research Team has begun development on the next update to CSA's Security Guidance for Critical Areas of Focus. Read about that initiative and other Research projects in this edition of the CSA Research Update.
Research News
Stay up to date with our latest research projects.
The Cloud Security Alliance's (CSA) Security Guidance for Critical Areas of Focus leverages the CSA Cloud Control Matrix and seeks to establish a stable, secure baseline for cloud operations. Since its last revision in 2011, the cloud landscape, tools and technologies have changed and so we want to reflect that in an updated version of the Guidance. CSA is currently seeking volunteers to provide in-depth feedback and insight for the next version of the Security Guidance.
In this survey we plan to explore how these trends are reshaping the role of IT and its relationship to the line of business. After numerous high profile data breaches in recent years starting with the Target payment card theft and culminating in the Sony breach, we also seek to investigate how organizations are preparing for mega-breaches.
Recognized as the fastest-growing segment of cloud security, the cloud access security broker space (CASB) is still an emerging one where standards have yet to coalesce. To fill this gap, CipherCloud and the Cloud Security Alliance are forming a Cloud Security Open API Working Group to jointly define protocols and best practices for implementing cloud data security as a part of the CASB framework.
New and increasingly significant cybersecurity breaches are reported practically every day. For most companies, it is no longer a matter of whether they will be attacked, but rather how long ago they were attacked. Enterprises and cloud providers alike need to understand the types of incidents that peers and technology partners are experiencing so that they can better protect themselves and their customers.
PLA [V2] is intended to be used as an appendix to a Cloud Services Agreement, and to describe the level of privacy protection that the CSP will provide. While Service Level Agreements (SLA) are generally used to provide metrics and other information on the performance of the services, PLAs will address information privacy and personal data protection practices.
The Cloud Security Alliance teamed up with Palo Alto Networks to produce a new whitepaper titled, “Security Considerations for Private vs. Public Clouds.” A public cloud deployment occurs when a cloud’s entire infrastructure is owned, operated and physically housed by an independent Cloud Service Provider. A private cloud deployment consists of a cloud’s entire infrastructure owned, operated and physically housed by the tenant business itself, generally managed by its own IT infrastructure organization.