Circle
Events
Blog

Enterprise Architecture

Latest ResearchJoin Group
Enterprise Architecture Reference Diagram
Enterprise Architecture Reference Diagram

Download

Join this working group
Enterprise Architecture
Cloud security architecture helps cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. The CSA Enterprise Architecture creates a common roadmap to meet the cloud security needs of your business. It is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to fulfill a set of common requirements that risk managers must use to assess the operational status of internal IT security and cloud provider controls. 

The CSA cloud computing architecture is guided by business requirements. In the case of the CSA Enterprise Architecture, these requirements come from the Cloud Controls Matrix (CCM) guided by regulations such as Sarbanes-Oxley, standards frameworks such as ISO-27002, the Payment Card Industry Data Security Standards, and the IT Audit Frameworks, such as COBIT, all in the context of cloud delivery models such as SaaS, PaaS and IaaS.

The CSA Enterprise Architecture was used as the basis for NIST security reference architecture (SP500-299, SP500-292). 

*This working group also developed an interactive website for the previous version of the enterprise architecture.  

Enterprise ArchitectureConsensus AssessmentsCCAKCloud Controls Matrix

This group follows closely to the CCM working group in order to map the architecture domains that help enterprises identify critical components that are key to their cloud security architecture. These domains, when agreed upon to an adjacent CCM control domain, create a larger picture for easily implementing strategies.

Next Meeting

Dec 10, 2021, 12:00PM PST
Join the Meeting



Working Group Leadership

Jon-Michael Brook Headshot
Jon-Michael Brook
Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Read more

Michael Roza Headshot
Michael Roza
Michael Roza

Risk, Audit, Control and Compliance Professional

Michael Roza is a risk, audit, control and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson and Johnson Inc., and Baxter, Inc. Within CSA, he has served as lead author/contributor for 11 projects completed by CSA’s Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, and Software-Defined P...

Read more

Join this working group

Cloud Security Research for Enterprise Architecture

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Enterprise Architecture to CCM Mapping Guide

Enterprise Architecture to CCM Mapping Guide

This document serves as an overview and explanation of the Enterprise Architecture v2 to CCM v3.0.1 Mapping. We first define the CSA Enterprise Architecture and CSA CCM, then demonstrate through example how the mapping was accomplished. After this, the mapping results are provided and explained in a summary.

Enterprise Architecture Reference Guide v2

Enterprise Architecture Reference Guide v2

This guide is your deep dive into each domain of CSA’s Enterprise Architecture (EA). CSA’s EA is both a methodology and a set of tools. It is a framework, a comprehensive approach for the architecture of a secure cloud infrastructure, and can be used to assess opportunities for improvement, create roadmaps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities. To create the CSA Enterprise Architecture, the EA Working Group leveraged four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho, therefore combining the best of breed architecture paradigms into a comprehensive approach to cloud security. By merging business drivers with security infrastructure, the EA increases the value proposition of cloud services within an enterprise business model. 

Enterprise Architecture v2 to CCM v3 Mapping

Enterprise Architecture v2 to CCM v3 Mapping

The Enterprise Architecture (EA) is CSA’s standard cloud reference architecture, while the Cloud Controls Matrix (CCM) is CSA’s standard control set. By applying the CCM controls, an organization ensures that the EA is operating securely. However, until now, the link between the EA and CCM has never been demonstrated. This spreadsheet by CSA’s EA Working Group provides a mapping between the Enterprise Architecture 2.0 and Cloud Controls Matrix 3.0.1, showing how they can be used together to secure an enterprise architecture.

Blog Posts

Enterprise Architecture Cloud Delivery Model - CCM Mapping
CSA Issues Top 20 Critical Controls for Cloud Enterprise Resource Planning Customers

Press Coverage

Article TitleSourceDate
The New Enterprise Architecture Is Zero TrustOODALoopJune 07, 2021