Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Initiative
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups
Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Initiative
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups
Circle
Events
Blog

Cloud Component Specifications

Latest ResearchJoin Group
Cloud OS Security Specification v2.0
Cloud OS Security Specification v2.0

Download

Research Home
View Working Groups
Contribute
Download Publications
Join this working group
Home
Research
Working Groups
Cloud Component Specifications
What are Cloud Components?
From a user perspective, the cloud is a service. However, for Cloud Service Providers (CSPs), integrators and channel partners who construct or build the cloud, the cloud architecture consists of many cloud computing components. Examples of these cloud components are: hypervisors, cloud operating systems components such as “Swift”, “Glance” for OpenStack, virtual desktop infrastructure platforms, cloud dedicated firewalls and so on. 

Current standards are insufficient to evaluate the security of cloud components.  Currently, most of the security standards related to cloud computing focus on the information security management system. However, these standards are insufficient to evaluate cloud component security because they focus on management security rather than the technical security requirements of the components. 

The most basic cloud component is the cloud OS—a feature with functionality that closely resembles the relationship between Linux and a computer. Through the utilization of virtualization technology, cloud OS virtualizes hardware resources of physical servers and storage area network devices and supports software-defined networking. Along with virtualization, cloud OS also provides management and configuration capabilities on virtualized hardware resources. Furthermore, it affords many other capabilities and functions like disaster recovery, firewalls, load balancers, access control, and backup control to enhance the performance and security of cloud computing systems as well as the user experience of administrators and users. 

CSA started addressing this gap by creating security specifications for Cloud Os.
In order to start addressing the gap in security best practices for cloud components, this group started by creating technical security specifications for cloud OS.

Cloud Component SpecificationsCloud Security Services ManagementEnterprise ArchitectureHybrid Cloud Security

In order to address the gap in industry best practices for cloud components this working group proposes to develop internationally recognized technical security specifications for cloud components.

Join Group

Next Meeting

No Meetings Currently Scheduled


Working Group Leadership

Xiaoyu Ge Headshot
Xiaoyu Ge
Xiaoyu Ge

Senior Security Standards Manager of Huawei IT

Xiaoyu Ge is the Senior Security Standards Manager of Huawei IT Product Line which include cloud computing, big data, storage, and server products and services. He is also active as security expert in SDOs, He is the ISO/IEC JTC1 SC27 WG expert of China Nation Body, he is the rapporteur of several SC27 project such as “Requirements for establishing roots of trust for virtualized environment”. He participated in CSA several years ago, he is ...

Read more

Join this working group

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Cloud OS Security Specification v2.0

Cloud OS Security Specification v2.0

There is a lack of internationally recognized technical security specifications and certifications for cloud components such as the cloud operating system (OS). CSA believes the guidance provided in this paper will be useful to help regulate security requirements for the cloud OS to prevent security threats and improve security capabilities of cloud OS products. This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000,NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security. New requirements were also added in v2 in view of cloud security technology developments, including micro segmentation, hardware-based encryption, VM High availability, backup & recovery capability, key management service, cloud bastion host.

Request to download
CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications

CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications

This document is an addendum to the CCM V3.0.1 and contains a controls mapping and gap analysis between the CSA CCM and CSA's research artifact "Cloud OS Security Specifications". It aims to help organizations adhering to the Cloud OS Security Specifications to also meet CCM requirements.

Request to download
View All Research

Blog Posts

How to Address the Security Risks of Cloud OS
Read Now