CSA Guidance V.4: Domain 1 Ready for Review and Comments
Getting and staying smart about cloud security is becoming truly “mission critical” for IT security professionals as anyone can understand from just reading the now daily headlines about cybersecurity challenges. It is for this reason that The Cloud Security Alliance (CSA) performs a valuable function by defining and raising awareness of best practices that help ensure a secure cloud computing environment.
For those not familiar with CSA, it operates the popular cloud security provider certification program, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance program of self-assessment, third-party auditing and continuous monitoring.
As the headline says, the CSA has released is Guidance V.4 for review and comment. What CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing is designed for is to “establish a stable, secure baseline for cloud operations. It acts as a practical, actionable roadmap to individuals looking to safely and securely adopt the cloud paradigm.”
CSA explains that a tremendous amount has changed since its last revision of the Guidance back in 2011. This includes almost everything relating to the cloud landscape as the pace of innovation has accelerated thanks to things like software-defined networking (SDN), virtualization, the desirability of open source solutions, the need to accommodate mobility, new orchestration and compliance requirements, etc.
In short, while the landscape has become more complex, the need for better tools, more visibility, greater control and having the ability to use data to be proactive as well as reactive, have security professionals looking for solutions that provide the functionality they need while hiding the complexity and simplifying the tasks they must perform.
A draft of Domain 1 is now available for review. It covers Cloud Computing Concepts and Architecture and it provides the conceptual framework for the rest of CSA’s guidance. The domain:
- Describes and defines cloud computing
- Sets out baseline terminology
- Details the overall logical and architectural frameworks used in the rest of the document
If you are an IT cloud security expert, CSA is inviting you to contribute to refining the Guidance. This is a community effort, and CSA has made it simple for you to add to the communal wisdom. In fact, all feedback and edits will be managed via GitHub so that all parts of the process are open and public.
Edited by Kyle Piscioniere