Cloud Security Alliance Releases Guidelines on Effectively Managing Security Service in the Cloud

Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service models

SINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its latest research report, “Guidelines on Effectively Managing the Security Service in the Cloud.” The paper was announced at the annual APAC Summit held in conjunction with Cloud Expo Asia 2018 and provides cloud service providers (CSP) and their customers with clear-cut recommendations for building and managing cloud security services.

Authored by the Cloud Security Services Management (CSSM) Working Group, the new guidelines address a critical need stemming from today’s widespread usage of cloud—clearly defined security responsibilities for both vendors and their customers across various cloud-service models. While the shared responsibility model provides excellent guidance, many of the standards and specifications it touches upon target CSPs’ security responsibilities rather than those of customers, especially those with little to no cloud security knowledge.

With this latest set of guidelines, organizations can establish a baseline to:

• ensure the secure running of service systems;
• clarify their own security responsibilities, as well as those of their CSPs;
• better understand what security assurance features should be enacted in response to those responsibilities; and
• identify existing gaps and best practices for addressing them.

“We developed the guidelines with cloud customers in mind, especially for small and medium enterprises that lack professional security teams to design, deploy, and operate secure cloud services in various cloud environments. At the same time, CSPs can leverage the guidelines to better understand and build their shared-responsibility security capabilities,” said Dr. Chen Kai, cybersecurity ecosystem specialist for Huawei Technologies Co. Ltd., and chair of the CSSM Working Group.

“Since no two CSPs are the same, selecting the right CSP is crucial to customers’ long-term success. These guidelines will help cloud customers make informed decisions on selecting CSPs that best complement their organizations’ specific needs. For CSPs and cloud service security integrators, it provides guidance to building cloud platform security assurance systems, augmenting reliability and assurance to customers,” added Dr. Chen.

CSA would like to extend thanks to all CSSM Working Group members, as well as those who have contributed to the guidelines in an effort to create a more inclusive and safer cloud community.