CSA Official Press Release
Cloud Security Alliance Releases Guidance for Crypto-Asset Exchange Security
Document outlines effective exchange security to help educate users, policymakers, cybersecurity professionals on secure crypto-exchanges
SEATTLE – April 13, 2021 – The Cloud Security Alliance® (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of the Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security. Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersecurity professionals on the pros and cons of further securing cryptocurrency exchanges, including both Decentralized Exchanges (DEX) and hosted wallets at cloud-based exchanges, OTC desks, and cryptocurrency swap services.
Cryptocurrency exchanges are increasingly becoming targets of hackers. For instance, last December, U.K.-based cryptocurrency exchange Exmo “detected suspicious withdrawal activity” to the tune of more than $10 million. Months earlier, a secure hardware wallet provider, Ledger, was hacked and lost 272,000 customer records.
The document includes a model that identifies the 10 top threats to crypto exchanges, plus a reference architecture and set of security best practices for the end-user, exchange operators, and auditors. Also covered are security control measures across a wide area of administrative and physical domains.
“As the digital assets industry evolves and matures, crypto-asset exchanges increasingly cover areas that were, for decades, the sole dominion of long-established financial service institutions,” said Bill Izzo, co-chair of CSA’s Blockchain/Distributed Ledger Working Group. “It’s our hope that this document will provide a roadmap for those tasked with ushering new and existing financial services organizations into the future in a controlled and secure manner.”
The Blockchain/Distributed Ledger Technology Working Group works to produce useful content to educate different industries on blockchain and its proper use, as well as define blockchain security and compliance requirements based upon different industries and use cases. Individuals interested in becoming involved in the future research and initiatives are invited to do so by visiting the Blockchain/Distributed Ledger Working Group join page.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.