Security as a Service Arrow to Content


Introduction to Security as a Service

The mission statement of the Cloud Security Alliance is "… a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing." In order to provide greater focus on the second part of our mission statement, the CSA is embarking on a new research project to provide greater clarity on the area of Security as a Service.

Numerous security vendors are now leveraging cloud based models to deliver security solutions. This shift has occurred for a variety of reasons including greater economies of scale and streamlined delivery mechanisms. Regardless of the motivations for offering such services, consumers are now faced with evaluating security solutions which do not run on premises. Consumers need to understand the unique nature of cloud delivered security offerings so that they are in a position to evaluate the offerings and to understand if they will meet their needs.

The purpose of this research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices. Other research purposes will be identified by the working group.

Security as a Service Leadership


Kevin Fielder, WorldPay
Cameron Smith, Pertino

Join the Security as a Service Working Group


The Security as a Service Working Group is inviting all motivated individuals to contribute in the expansion of our Defined Categories of Service research. A few months ago, we published our first white paper "Defined Categories of Service" (See downloads tab). We are now ready to expand each category into an implementation guide. We are seeking experts who can contribute in any of the implementation guides for Security as a Service in all defined categories:

  1. Identity Access Management
  2. Data Loss Prevention
  3. Web Security
  4. Email Security
  5. Security Assessments
  6. Intrusion Management
  7. Security Information and Event Manager
  8. Encryption
  9. Business Continuity and Disaster Recovery
  10. Network Security

Join us on our bi-weekly calls scheduled on the calendar below.

We welcome all and look forward to your contributions!

Biweekly Working Group Call Calendar

Sponsors of CSA SecaaS Research

The Cloud Security Alliance would like to thank the corporate sponsors that make our research possible. Their continued support enables our working groups to produce the high-quality research products you've come to expect from the Cloud Security Alliance.

Security as a Service News

February 12, 2013

CSA Announces Working Group Sessions at RSA in San Francisco

CSA is hosting sessions during the week for some of our active working groups. These are free events that will be held outside of the regular conference on Thursday, February 28th.

October 29, 2012

CSA Releases Security Information and Event Management (SIEM) Guidance

New Security-as-a-Service Implementation Report provides guidance for deployment of cloud-based SIEM

October 09, 2012

Cloud Security Alliance Releases (SecaaS) Implementation Guidance

CSA today announced that its Security as a Service (SecaaS) Working Group has completed its peer review process and has published implementation guidance documents expanding upon their “Defined Categories of Service” document that was first made available in August of 2011.

September 26, 2012

CSA Security as a Service (SecaaS) Working Group Completes Implementation Guidance

New Identity and Access Management research provides business and technical considerations for implementation of SecaaS as part of the cloud.

July 18, 2012

CSA Research Sponsorship Opportunities Available

CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.

August 18, 2011

Open Review Period for the Draft of SecaaS Defined Categories of Service Whitepaper Starts Today

The Security as a Service (SecaaS) working group would like to invite you to review and comment on the Security as a Service “Defined Categories of Service” whitepaper. Your expertise will ensure that the white paper has accurate content.

June 30, 2011

Security as a Service Initial Group Call set for July 5th

The CSA Security as a Service (SecaaS) Working Group will have their first group call on July 5th. The purpose of their research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

June 21, 2011

SecaaS Seeks Additional Input on Working Group Proposal

Thank you to those who have contributed to the “Categories of Service” section of our working group proposal. We are still seeking input to all categories. For those who have recently expressed interest in getting involved, send me an email at [email protected] (Subject line: SecaaS Categories).

June 07, 2011

SecaaS Seeks Input on Working Group Proposal

The Cloud Security Alliance is now soliciting input for the Security as a Service (SecaaS) Working Group’s “Categories of Service” section of their working group proposal.

Page Dividing Line