Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Working Group

Serverless

The Serverless working group seeks to develop best practices to help organizations that want to run their business with a serverless business model. With the complexity of this business model, it is imperative that industry best practices are established to provide companies with guidelines to achieve compliance and security.
View Current Projects
How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture

Download

Working Group Overview
The goal of this group is to develop best practices to help organizations that want to run their business with a serverless business model. With the complexity of this business model, it is imperative that industry best practices are established to provide companies with guidelines to achieve compliance and security. 


What do we discuss during our meetings? 
During these meetings we typically discuss changes in the industry and collaborate on projects the group is currently working on. We welcome anyone who would like to join, even if you would like to just listen-in on your first call.


Drafts & Important Docs

Working Group Leadership

Aradhna Chetal
Aradhna Chetal

Aradhna Chetal

Senior Director Executive- Cloud Security

Aradhna serves as a Senior Director Executive- Cloud Security at TIAA, a financial services company. She is responsible for the cloud security vision, strategy, standards, security patterns for a multi-cloud hybrid enterprise and engineer security solutions, to support the vision. Aradhna has worked in various Cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft & T-Mobile.

Aradhna is an active member in the cy...

Read more

Vishwas Manral
Vishwas Manral

Vishwas Manral

Founder at Precize Inc & Fellow at Cloud Security Alliance

Vishwas is the Founder at Precize Inc, a stealth Cloud and AI security startup. Vishwas is also the co-chair of CSA’s Serverless Working Group and the Chair of Cloud Security Alliance in Silicon Valley. He was the head of Cloud Native security and Chief Technologist at McAfee Enterprise + FireEye. Vishwas joined McAfee Enterprise when his com...

Read more

Publications in ReviewOpen Until
CSA Large Language Model (LLM) Threats TaxonomyApr 19, 2024
Data Security - CCSK v5 Study GuideApr 22, 2024
Information Technology Governance, Risk, and Compliance in Healthcare v2Apr 26, 2024
Enterprise Authority To Operate (EATO) Controls FrameworkMay 12, 2024
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

CSA Large Language Model (LLM) Threats Taxonomy

Open Until: 04/19/2024

This document establishes a common taxonomy and definitions for key terms related to AI risk scenarios, threats, and contro...

Data Security - CCSK v5 Study Guide

Open Until: 04/22/2024

Data security stands as a cornerstone of maintaining organizational integrity and confidentiality. The rapid expansion of c...

Information Technology Governance, Risk, and Compliance in Healthcare v2

Open Until: 04/26/2024

Cloud GRC is an effective means for organizations to gather important risk data, validate compliance, and report results. O...

Enterprise Authority To Operate (EATO) Controls Framework

Open Until: 05/12/2024

The Enterprise Authority To Operate (EATO) working group is opening their Controls Framework for open peer review.<...