CSA Official Press Release
International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878
Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Guidelines for Design and Implementation of Virtualized Servers has been published as of November 2018 .
The purpose of this document is to provide security guidelines for the design and implementation of virtual servers (VSs). Design considerations focusing on identifying and mitigating risks, and implementation recommendations with respect to typical VSs are covered in this document.
“This publication of ISO/IEC 21878 reinforces Singapore as one of the leading countries in Asia Pacific on the cutting edge of developing best practices for the cloud ecosystem. CSA APAC will continue to work closely with APAC countries to demonstrate standardization and technical expertise at the international level.” said Dr. Hing-Yan Lee, Executive Vice President for Asia Pacific, CSA.
This was a result of a joint project formalized in June 2013 between CSA and SPRING Singapore (now Enterprise Singapore) to integrate Singapore’s TR 30 : 2012 – Virtualization Security for Servers and CSA’s Cloud Controls Matrix into a CSA whitepaper. The whitepaper titled ‘Best Practices for Mitigating Risks in Virtualized Environment’ was published in April 2015, and was subsequently submitted in the same year as an input document to ISO to help steer international standardization efforts.
In November 2018, ISO approved the publication of the effort as ISO21878 “Security Guidelines for Design and Implementation of Virtualized Servers”. The Co-Editors of this international effort include Mr Xiaoyu Ge, IT Security and Cloud Services Standards Director from Huawei as CSA’s representative. Further information can be found here and here.
The intended goal of this document is to facilitate informed decisions with respect to architecting VS configurations. Such design and implementation configuration is expected to assure the appropriate protection for all virtual machines (VMs) and the application workloads running in them in the entire virtualized infrastructure of the organization.
Data center infrastructures are rapidly becoming virtualized due to increasing deployment of VSs for cloud computing services and for internal IT services. Since VSs are compute engines hosting many business-critical applications, they are key resources to be protected in virtualized data center infrastructure. As VSs are becoming mainstream in typical data center infrastructure setups, the secure design and implementation of VSs forms an important element in the overall security strategy.
The motivation for this document is the global trend in enterprises and government agencies deploying server virtualization technologies within their internal IT infrastructure as well as the use of VSs by cloud service providers. Hence the target audience is any organization using and/or providing VSs.
“IT Security is always an important consideration for customers and the industry. Huawei has been involved in CSA and ISO/IEC JTC1 SC27 standardization activities for a long time, and we look forward to continuing work with CSA and other standards organizations for a better and more secure IT industry” said Yolanda You, Senior Standards Director, Huawei IT Product Line. The scope of this document specifies security guideline for the design and implementation of VSs.This document is not applicable to Desktop, OS, network, and storage virtualization, and vendor attestation.It will benefit any organization using and/or providing VSs.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organization for a fully connected, intelligent world.
Huawei's end-to-end portfolio of products, solutions and services are both competitive and secure. Through open collaboration with ecosystem partners, we create lasting value for our customers, working to empower people, enrich home life, and inspire innovation in organizations of all shapes and sizes.
At Huawei, innovation focuses on customer needs. We invest heavily in basic research, concentrating on technological breakthroughs that drive the world forward. We have more than 180,000 employees, and we operate in more than 170 countries and regions. Founded in 1987, Huawei is a private company fully owned by its employees.
For more information, please visit Huawei online at www.huawei.com or follow us on:
Kari Walker for the CSA
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.