New Guidance From Cloud Security Alliance Aims to Help Cloud Service Customers Better Evaluate Service Level Agreements

Document defines the roles and responsibilities of well-recognized, currently available security services across eight categories

SEATTLE – Nov. 30, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Roles and Responsibilities of Third-Party Security Services, which further expands on key areas covered in Guideline on Effectively Managing Security Service in the Cloud (2018), and aims to educate cloud service customers (CSCs) about services available to them based on their requirements and the functions and responsibilities that fall to cloud service providers (CSPs) and third-party security service providers (TPSSPs).

“Typically, security responsibilities are split between cloud service providers and customers, however increasingly, third-party security services providers are taking on the essential role of consultant or managed security services provider for small- and medium-sized businesses. It's hoped this paper will provide SMEs with the knowledge they need to select the appropriate security service," said Dr. Kai Chen, co-chair of the Cloud Security Services Management (CSSM) Working Group, which authored the paper.

The document outlines the roles and responsibilities of well-recognized and currently available security services over eight categories: Identity and Access Management (IAM), cloud workload protection platforms, network security, data and storage security, assessment, Security Analytics-as a-Service, application security to security support services, as well as 40 additional security services.

"With the broader adoption of cloud services, it's not surprising that third-party, outsourced services are also on the rise. Given the pivotal role these service providers are taking on in helping businesses navigate the security terrain, it’s important that their roles and responsibilities are clearly defined," said Dr. Liu, CSSM Working Group co-chair.

The Cloud Security Services Management Working Group aims to develop guidelines for cloud service providers (CSPs) to secure their cloud platform while providing cloud users with cloud security services and a better path to selecting security-qualified CSPs. Additionally, they hope to help security vendors develop their cloud-based security products and services. Those interested in participating in future research and initiatives involving cloud key management are invited to join the working group.

Download Roles and Responsibilities of Third-Party Security Services now.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.