Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Research Topic

Security as a Service

Disaster Recovery as a Service
Disaster Recovery as a Service

Download

Security as a Service
Security as a Service is a specialized area that has been growing rapidly and in unbound patterns. Vendors and consumers are struggling as each offering has its own path. Much work had been done regarding the security of the cloud and data within it, but there were no best practices to follow when developing or assessing security services in an elastic cloud model—a model that scales as client requirements change. 

CSA felt it was urgent to address the needs and concerns common to the implementation of Security as a Service in its many forms. To address these challenges CSA provided guidance around implementing each category of Security as a Service to aid both cloud customers and cloud providers. In this publication series, we hope to better define best practices in the design, development, assessment and implementation of today’s offerings. You can access the guidance for each category below: 
  1. Identity and Access Management
  2. Data Loss Prevention
  3. Web Security
  4. Email Security
  5. Security Assessments
  6. Intrusion Management
  7. Security, Information and Event Management
  8. Encryption
  9. Business Continuity Disaster Recovery and Disaster Recovery as a Service
  10. Network Security
Want to download all of the guidance together? Download the file here →

How has the use of security services changed since Covid?
In the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months. 


Security as a ServiceCloud Key ManagementEnterprise Resource PlanningSaaS GovernanceSoftware Defined Perimeter

Security as a Service Research

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Roles and Responsibilities of Third Party Security Services

Roles and Responsibilities of Third Party Security Services

The security responsibilities are typically split between the CSPs and Cloud Service Customers (CSCs). However, in reality, third-party security services providers increasingly play essential roles, such as providing consultancy or managing security services for CSCs. They have a part in securing the cloud platform as well. For example, some SMEs (Small and Medium Enterprises) without security professionals may be unsure of how to secure their services and thus engage a Third-Party Security Service Provider (TPSSP) for consultancy. The guidelines in this document will help cloud customers when signing Service Level Agreement (SLAs) with TPSSPs.

Implementation Guidance for Identity Access Management

Implementation Guidance for Identity Access Management

Learn best practices for identifying and implementing IAM solutions in the cloud. We recommend reading this paper if you are responsible for designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS. This paper also provides direction for enterprise security stakeholders responsible for ensuring the security of IAM solutions in a corporate IT environment. This is the first in a series of ten papers where CSA provides implementation guidance for SecaaS.

Implementation Guidance for Data Loss Prevention

Implementation Guidance for Data Loss Prevention

Data loss prevention must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. Data loss prevention has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective. This is the second paper in a series of ten papers where CSA provides implementation guidance for SecaaS.

Webinars

Using SDP-based Zero Trust to thwart ransomware attacks
Using SDP-based Zero Trust to thwart ransomware attacks

September 22 | Online

Learn more

Impact of Digital Transformation on Security Strategy
Impact of Digital Transformation on Security Strategy

October 28 | Online

Learn more

Security-as-Code:  What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

Key Considerations to Get Buy-in for a SaaS Data Security Program
Key Considerations to Get Buy-in for a SaaS Data Security Pr...

November 3 | Online

Learn more

Blog Posts

Overcoming Challenges in Governing Scanner Adoption - Step by Step
Priorities Beyond Email: How SOC Analysts Spend Their Time
Navigating Cloud Security Best Practices: A Strategic Guide