CSA Official Press Release
Cloud Security Alliance to Develop Holistic Cloud Incident Response Whitepaper
Singapore – 11 December, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, will be developing a holistic Cloud Incident Response Whitepaper. The framework will cover key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies. This will help serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud outages, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud outage response practices.
The framework will draw references from (but not limited to) the following guidelines & best practices:
- CSA’s Security Guidance Domain 9 on incident response
- Singapore’s Technical Reference TR 62 : 2018 – Guidelines for Cloud Outage Incident Response
- National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide
- ISO / IEC 27035:2016 – Information Security Incident Management Part 1 & Part 2
- European Union Agency for Network and Information Security (ENISA) Strategies
Earlier on 1 November 2018, CSA signed a Memorandum of Understanding (MOU) with Enterprise Singapore to collaborate and support CSA’s effort in the development of a holistic Cloud Incident Response Whitepaper. The collaboration allows CSA to make reference to the TR 62 for the development of the said Whitepaper and correspondingly, Enterprise Singapore can use it to develop the Singapore Standard for Cloud Outage Incident Response at a later stage.
The MOU was signed by Dr. Hing-Yan Lee, Executive Vice President for Asia Pacific, CSA and Mr. Tak-Leong Cheong, Director (Standards), Enterprise Singapore. This collaboration follows an MOU previously signed between CSA APAC and Enterprise Singapore (then SPRING Singapore) in June 2013 which helped CSA to develop a whitepaper titled ‘Best Practices for Mitigating Risks in Virtualized Environments’ based on Singapore’s TR 30 : 2012 – Virtualization Security for Servers and CSA’s Cloud Controls Matrix. This whitepaper was published in May 2015, and subsequently provided as input to steer international standardization efforts at the International Organization for Standardization (ISO). The resulting ISO / IEC 21878 – Security Guidelines for Design and Implementation of Virtualized Servers was published on 12 November 2018.
Similarly, CSA hopes for the holistic cloud incident response framework to play a role in driving international efforts in cloud incident handling and management. “Singapore has been at the forefront in the region in driving innovative cloud-related standards and best practices such as the Multi-Tier Cloud Security Standard. We look forward to working closely with Enterprise Singapore once again to bring Singapore’s thought leadership in the cloud-space to the international arena,” said Dr. Hing-Yan Lee.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Kari Walker for the CSA
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.