CSA Official Press Release
Published 07/26/2017
Cloud Security Alliance Announces Major Updates to Guidance v4.0
Domains Restructured and Rewritten to Better Represent the Current State and Future of Cloud Computing Security
LAS VEGAS, NV – Blackhat 2017 – July 26, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0, the first major update to the Guidance since 2011. Guidance 4.0, which acts as a practical, actionable roadmap for individuals and organizations looking to safely and securely adopt the cloud paradigm, includes significant content updates to address leading-edge cloud security practices.
“Approximately 80 percent of the Guidance was rewritten from the ground up with domains restructured to better represent the current state and future of cloud computing security,” said Luciano “J.R.” Santos, Executive Vice President of Research, CSA. “Guidance 4.0 incorporates more of the various applications used in the security environment today to better reflect real-world security practices.”
“Guidance 4.0 is the culmination of more than a year of dedicated research and public participation from the CSA community, working groups and the public at large,” said Rich Mogull, Analyst & CEO, Securosis. "The landscape has changed dramatically since 2011, and we felt the timing was right to make the changes we did. We worked hard with the community to ensure that the Guidance was not only updated to reflect the latest cloud security practices, but to ensure it provides practical, actionable advice along with the background material to support the CSA’s recommendations. We’re extremely proud of the work that went into this and the contributions of everyone involved.”
Guidance 4.0 integrates the latest CSA research projects, such as the Cloud Controls Matrix (CCM) and the Consensus Assessments Initiative Questionnaire (CAIQ), and covers such topics as DevOps, IoT, Mobile and Big Data. Among the topics covered are:
- DevOps, continuous delivery, and secure software development;
- Software Defined Networks, the Software Defined Perimeter and cloud network security.
- Microservices and containers;
- New regulatory guidance and evolving roles of audits and compliance inheritance;
- Using CSA tools such as the CCM, CAIQ, and STAR Registry to inform cloud risk decisions;
- Securing the cloud management plane;
- More practical guidance for hybrid cloud;
- Compute security guidance for containers and serverless, plus updates to managing virtual machine security; and
- The use of immutable, serverless, and “new” cloud architectures.
The oversight of the development of Guidance 4.0 was conducted by the professional research analysts at Securosis and based on an open research model relying on community contributions and feedback during all phases of the project. The entire history of contributions and research development is available online for complete transparency.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.