Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
CxO Initiative
Contact Us
Current Business Members
Cloud Customers
Cloud Solution Providers
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups

Security as a Service

Latest ResearchJoin Group
Disaster Recovery as a Service
Disaster Recovery as a Service

Download

Research Home
View Working Groups
Contribute
Download Publications
Join this working group
Home
Research
Working Groups
Security as a Service
Security as a Service is a specialized area that has been growing rapidly and in unbound patterns. Vendors and consumers are struggling as each offering has its own path. Much work had been done regarding the security of the cloud and data within it, but there were no best practices to follow when developing or assessing security services in an elastic cloud model—a model that scales as client requirements change. 

CSA felt it was urgent to address the needs and concerns common to the implementation of Security as a Service in its many forms. To address these challenges CSA provided guidance around implementing each category of Security as a Service to aid both cloud customers and cloud providers. In this publication series, we hope to better define best practices in the design, development, assessment and implementation of today’s offerings. You can access the guidance for each category below: 
  1. Identity and Access Management
  2. Data Loss Prevention
  3. Web Security
  4. Email Security
  5. Security Assessments
  6. Intrusion Management
  7. Security, Information and Event Management
  8. Encryption
  9. Business Continuity Disaster Recovery and Disaster Recovery as a Service
  10. Network Security
Want to download all of the guidance together? Download the file here

How has the use of security services changed since Covid?
In the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months. 

Security as a ServiceCloud Key ManagementEnterprise Resource PlanningSaaS GovernanceSoftware Defined Perimeter

The purpose of this working group is to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.

Join Group

Next Meeting

No Meetings Currently Scheduled


Working Group Leadership

Jens Laundrup Headshot
Jens Laundrup
Jens Laundrup

Chief Security Engineer and Executive Consultant, Emagined Security Inc.

Jens Laundrup, Chief Security Engineer and Executive Consultant, Emagined Security Inc., has spent over 30 years in the Information Security space to include numerous security engineering disciplines including Military, Government and Corporate Information Security, Compliance Program Design, Architecture Design, and Network & Physical Security. Mr. Laundrup has led the development and design of cutting-edge risk-based security programs and...

Read more

Michael Roza Headshot
Michael Roza
Michael Roza

Risk, Audit, Control and Compliance Professional

Michael Roza is a risk, audit, control and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson and Johnson Inc., and Baxter, Inc. Within CSA, he has served as lead author/contributor for 11 projects completed by CSA’s Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, and Software-Defined P...

Read more

Join this working group

Security as a Service Research

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

The 2020 State of Identity Security in the Cloud

The 2020 State of Identity Security in the Cloud

The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months. The goals of the study included understanding cloud IAM challenges (specifically human and machine identity challenges) and identifying the teams and roles responsible for cloud IAM.

Download the results
Implementation Guidance for Identity Access Management

Implementation Guidance for Identity Access Management

Learn best practices for identifying and implementing IAM solutions in the cloud. We recommend reading this paper if you are responsible for designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS. This paper also provides direction for enterprise security stakeholders responsible for ensuring the security of IAM solutions in a corporate IT environment. This is the first in a series of ten papers where CSA provides implementation guidance for SecaaS.

Download implementation guidance
Implementation Guidance for Data Loss Prevention

Implementation Guidance for Data Loss Prevention

Data loss prevention must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. Data loss prevention has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective. This is the second paper in a series of ten papers where CSA provides implementation guidance for SecaaS.

Download implementation guidance
View All Research

Blog Posts

CSA Survey Finds Organizations are Shifting their Use of IAM Capabilities in 2021
Read Now
SaaS Security Series: Salesforce Guest User Log Analysis
Read Now
Why is Cloud DLP the most important technology for SaaS apps?
Read Now

Press Coverage

Article TitleSourceDate
SaaS security in 2021Help Net SecurityDecember 28, 2020