CSA Activities Update (August 21, 2015) - Register for our many events happening this fall and catch up on industry news by watching our latest CloudBytes.
Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, CSA Summit NYC 2015 carries the theme "Enterprise Lessons Learned in Cloud Security" and will feature subject matter experts from financial services and other key industries.
Building on the success of achievements in the areas of research, education, policy support and certification, CSA will host the 4th annual CSA Congress EMEA.
Data security for cloud applications is a perennial challenge due to the lost of control and oversight over data placed within clouds. As cloud becomes mainstream, various industries need to comply with an increasing number of regulations and stipulations for its cloud application portfolio. To manage these evolving challenges, we need to (1) address immediate challenges with a defensive, in-depth and resilient Cloud security strategy based on a robust Governance, Risk and Compliance (GRC) framework and (2) address long-term challenges via researching on the returning control of data to users.
The Cloud Security Alliance (CSA) has chosen to specifically focus on the problem of cyber incident information sharing and find innovative approaches that break down the barriers inhibiting sharing. CSA has selected a partner, TruSTAR Technology, to create what we are calling the industry’s first Cloud CISC (Cyber Incident Sharing Center). We believe it is very important that we educate the government as to our information sharing capabilities to assure that any new legislation is appropriate, proportionate, and synergistic to the private sector.
The typical cloud customer easily grasps perceived advantages and user-friendliness in the cloud, but they are not security experts. Matching an customer's security requirements with what is being offered by CSPs can be the biggest challenge. Even though most CSPs include security provisions in their SLAs (Service Level Agreements), the variety of customer requirements make it all too easy to over/undershoot the security target. This is where the benefits of a template SLA kicks in.