- Identity and Access Management
- Data Loss Prevention
- Web Security
- Email Security
- Security Assessments
- Intrusion Management
- Security, Information and Event Management
- Business Continuity Disaster Recovery and Disaster Recovery as a Service
- Network Security
Discuss this topic in Circle
Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.View discussion community
Participate in Security as a Service Research
The purpose of this working group is to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.
|Five common cloud misconfiguration errors||SC Magazine||April 13, 2022|
Security as a Service Research
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Roles and Responsibilities of Third Party Security Services
The security responsibilities are typically split between the CSPs and Cloud Service Customers (CSCs). However, in reality, third-party security services providers increasingly play essential roles, such as providing consultancy or managing security services for CSCs. They have a part in securing the cloud platform as well. For example, some SMEs (Small and Medium Enterprises) without security professionals may be unsure of how to secure their services and thus engage a Third-Party Security Service Provider (TPSSP) for consultancy. The guidelines in this document will help cloud customers when signing Service Level Agreement (SLAs) with TPSSPs.
Implementation Guidance for Identity Access Management
Learn best practices for identifying and implementing IAM solutions in the cloud. We recommend reading this paper if you are responsible for designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS. This paper also provides direction for enterprise security stakeholders responsible for ensuring the security of IAM solutions in a corporate IT environment. This is the first in a series of ten papers where CSA provides implementation guidance for SecaaS.
Implementation Guidance for Data Loss Prevention
Data loss prevention must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. Data loss prevention has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective. This is the second paper in a series of ten papers where CSA provides implementation guidance for SecaaS.