CSA Official Press Release
Cloud Security Alliance Releases Report on Corda Blockchain Framework and Security Controls
Report offers security and risk management leaders and financial regulators ways to proactively prevent, detect, and respond to potential risks
SEATTLE – Dec. 15, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Corda Enterprise 4.8 – Architecture Security Report and an accompanying security controls checklist. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report examines the security of r3’s blockchain framework, Corda Enterprise 4.8 Permissioned Network, and offers ways to mitigate negative business impacts that could arise from such threats as improper business logic flow and insecure network implementation, among others.
“Our aim when drafting this paper was to bring security and risk management leaders new to Corda DLT implementations quickly up to speed with respect to associated organizational risks so that they, in turn, can better estimate operational costs while simultaneously balancing their security needs with business priorities,” said Bill Izzo, chair of the Blockchain/DLT Working Group.
The researchers, led by Urmila Nagvekar, one of the paper’s co-authors, sought ways to help security and risk management leaders, as well as regulators in the financial sector, proactively prevent, detect, and respond to potential risks, by:
- identifying Corda’s architectural risks to cybersecurity attributes (privacy, confidentiality, integrity, availability) when implemented as a permissioned enterprise network for a trade finance business in a cloud-based environment
- delivering a fully implementable security controls checklist aligned with the NIST Cybersecurity Framework’s Controls.
Key takeaways from the report include an overview of how Corda 4.8 was used to depict a transaction within a trade finance workflow; the steps, method, and results of the Corda 4.8 risk identification process; and cryptography module recommendations for a Corda 4.8 permissioned network.
The Blockchain/Distributed Ledger Working Group works to produce useful content to educate different industries on blockchain and its proper use, as well as define blockchain security and compliance requirements based upon different industries and use cases. Individuals interested in becoming involved in Blockchain/Distributed Ledger future research and initiatives are invited to join the working group.
Learn more about this blockchain framework and its use in this pre-recorded webinar or download the full Corda Enterprise 4.8 – Architecture Security Report and the accompanying security controls checklist.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.