Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

Research Topic

Security as a Service

Latest ResearchWorking Group
Disaster Recovery as a Service
Disaster Recovery as a Service

Download

Security as a Service
Security as a Service is a specialized area that has been growing rapidly and in unbound patterns. Vendors and consumers are struggling as each offering has its own path. Much work had been done regarding the security of the cloud and data within it, but there were no best practices to follow when developing or assessing security services in an elastic cloud model—a model that scales as client requirements change. 

CSA felt it was urgent to address the needs and concerns common to the implementation of Security as a Service in its many forms. To address these challenges CSA provided guidance around implementing each category of Security as a Service to aid both cloud customers and cloud providers. In this publication series, we hope to better define best practices in the design, development, assessment and implementation of today’s offerings. You can access the guidance for each category below: 
  1. Identity and Access Management
  2. Data Loss Prevention
  3. Web Security
  4. Email Security
  5. Security Assessments
  6. Intrusion Management
  7. Security, Information and Event Management
  8. Encryption
  9. Business Continuity Disaster Recovery and Disaster Recovery as a Service
  10. Network Security
Want to download all of the guidance together? Download the file here →

How has the use of security services changed since Covid?
In the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months. 


Security as a ServiceCloud Key ManagementEnterprise Resource PlanningSaaS GovernanceSoftware Defined Perimeter

Discuss this topic in Circle

Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.

View discussion community

Participate in Security as a Service Research

The purpose of this working group is to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

View the working group

Press MentionSourceDate
Five common cloud misconfiguration errorsSC MagazineApril 13, 2022
View all

Security as a Service Research

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Roles and Responsibilities of Third Party Security Services

Roles and Responsibilities of Third Party Security Services

The security responsibilities are typically split between the CSPs and Cloud Service Customers (CSCs). However, in reality, third-party security services providers increasingly play essential roles, such as providing consultancy or managing security services for CSCs. They have a part in securing the cloud platform as well. For example, some SMEs (Small and Medium Enterprises) without security professionals may be unsure of how to secure their services and thus engage a Third-Party Security Service Provider (TPSSP) for consultancy. The guidelines in this document will help cloud customers when signing Service Level Agreement (SLAs) with TPSSPs.

Implementation Guidance for Identity Access Management

Implementation Guidance for Identity Access Management

Learn best practices for identifying and implementing IAM solutions in the cloud. We recommend reading this paper if you are responsible for designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS. This paper also provides direction for enterprise security stakeholders responsible for ensuring the security of IAM solutions in a corporate IT environment. This is the first in a series of ten papers where CSA provides implementation guidance for SecaaS.

Implementation Guidance for Data Loss Prevention

Implementation Guidance for Data Loss Prevention

Data loss prevention must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. Data loss prevention has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective. This is the second paper in a series of ten papers where CSA provides implementation guidance for SecaaS.

Webinars

SASE: Transformación de seguridad para una transformación digital
SASE: Transformación de seguridad para una transformación di...

July 14 | online

Learn more

A Guided Approach to Support Your Zero Trust Strategy
A Guided Approach to Support Your Zero Trust Strategy

June 29 | online

Learn more

Is the security team the bottleneck to remediation?
Is the security team the bottleneck to remediation?

June 20 | online

Learn more

The Journey to SSE
The Journey to SSE

May 17 | Online

Learn more

Blog Posts

What is CSA STAR Certification and Why it is Important for ISO/IEC 27001 Certified Organizations?
Gatekeepers to Gateopeners
The SASE Journey: A Head of IT Talks Shop