Telecom Working Group Arrow to Content

Upcoming Work Group Meetings & Volunteer Opportunities

Introduction to the Telecom Working Group

The Telecom Working Group (TWG) within the Cloud Security Alliance (CSA) has been designated to provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications. The TWG Co -Chairs are responsible for governance and oversight of the TWG. The efforts are jointly executed by CSA Global, Telecom cloud communities (i.e. focus groups, associations, research institutes, forums, academia), Solution Providers and relevant working group responsible for authoring CSA’s Guidance V.3. The Telecom Working Group has been formed to coordinate research and the execution of this work.

Telecom Working Group Leadership

Co-Chairs

Xavier Guerin, Orange (France)
Bernd Jaeger, Colt (Germany)

TWG Research Initiative Roadmap

How does the Telecom Industry meet the GRC Stack?

Objective: The GRC stack currently provides a detailed framework regarding governance, risk, and compliance control within a cloud environment. However, it primarily addresses the cloud customer requirements rather than the business plans of the telecom industry or cloud provider in general. The objective of this initiative is to evaluate and document the current adoption/acceptance/perception of the GRC stack within the industry.

Work plan:

  • Create short questionnaire evaluating the adoption/acceptance/perception of the GRC stack – Dec 2011
  • Utilize all available industry contacts to perform interviews (in person as much as possible) – Q1 2012
  • Publish a report – Q2 2012
  • Feedback findings into GRC projects – Q2 2012

The Telecom Industry GRC Stack Implementation/adoption guidance

Objective: Provide guidance about how to implement the GRC stack

Work plan:

  • Use results from the GRC industry questionnaire to identify the most significant issues preventing adoption

ISO 27017 – Telecom Carrier Liaison

Objective: Support drafting the new standard and give industry specific feedback.

Work plan:

  • Participate in ISO 27017 (Cloud Security Controls) standards drafting (CSA is contributor to 27017-2)
  • Develop questionnaire based on DoC of 27017 meetings
  • Draft questions to be tested on telco to validate
  • Draft a cover letter to accompany questionnaire
  • Target Jan. 15th for release of cover letter and questionnaire

How to achieve effective security event management in a provider grade cloud environment

Objective: Discuss today’s available detection, correlation and response technologies and how they are currently used within the industry. Create a WP of best practices to implement an effective security event management.

Create a whitepaper that includes:

  • Identify available technologies
  • Do research on what is used today and how
  • Rate effectiveness
  • Identify successful strategies and the best way to implement them
  • Give an overview over future prospects and emerging technologies/strategies

How to provide compliance monitoring to cloud customer?

Objective: Proof of compliance in the cloud will become increasingly important for cloud user. How can compliance monitoring be implemented meeting the customer requirements and the CSPs business plan?

Work plan:

  • Identify most common compliance requirements (likely related to industry verticals markets)
  • Identify current compliance monitoring strategies and how this is or could be implemented in a cloud environment. If not, try to identify now approaches.
  • What are effective (function + costs) implementation strategies?

How to provide forensic support in a multi-tenant, provider grade cloud infrastructure?

Objective: How can provider support forensics investigation in a multi tenant environment without violating customers privacy?

Work plan:

  • Identify available technologies
  • Identify current common strategies
  • Create whitepaper on forensic support in a CSP environment
  • What are effective (function + costs) implementation strategies?

Join the Telecom Working Group

VOLUNTEER NOW!

We are inviting all motivated individuals who want to contribute to any of the five new research initiatives being introduced for the coming year:

  1. How does the Telecom Industry meet the GRC Stack?
  2. The Telecom Industry GRC Stack Implementation/adoption guidance
  3. ISO 27017 - Telecom Carrier Liaison
  4. How to achieve effective security event management in a provider grade cloud environment?
  5. How to provide compliance monitoring to cloud customers?
  6. How to provide forensic support in a multi-tenant, provider grade cloud infrastructure?

Join us on our bi-weekly calls scheduled on the calendar below.

Your interests and expertise are welcome!

Download Telecom Working Group Related Documents

Document Version Release Date Download
Telecom Working Group Charter 1.3 05/21/2012 Download (pdf)

Telecom Working Group News

January 05, 2012

VOLUNTEER OPPORTUNITY: Telecom Working Group 2012

The Cloud Security Alliance’s (CSA) Telecom Working Group is having it’s 2012 Kickoff call on January 12th. We are inviting all motivated individuals who want to contribute to any of the six new research initiatives being introduced for the coming year.

June 21, 2011

Telecom Working Group Charter Finalized

The Cloud Security Alliance would like to announce that a finalized Telecom Working Group (TWG) Charter is available to download on the Telecom Working Group page. The working group’s web page has also been updated to include current leadership and contributing members.

May 26, 2011

Updated Telecom Working Group Charter Available for Review

The Cloud Security Alliance would like to announce that a draft of the updated Telecom Working Group (TWG) Charter is now available for review. The new charter re-defines the scope of the TWG to allow more differentiation and synergy with the Security as a Service (SecaaS – Work Group 9) Working Group.

Page Dividing Line