Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing”.
The CSA has over 48,000 individual members worldwide. CSA gained significant reputability in 2011 when the White House selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy.
The CSA was formed in December 2008 as a coalition by individuals who saw a need to provide objective enterprise user guidance on the adoption and use of cloud computing. Its initial work product “Security Guidance for Critical Areas of Focus in Cloud Computing,” was put together Wiki-style, by dozens of volunteers.
The Cloud Security Alliance has 25+ active working groups. Key areas of research include cloud standards, certification, education and training, guidance and tools, global reach, and driving innovation.
- Security Guidance for Critical Areas of Focus in Cloud Computing - Foundational best practices for securing cloud computing.
- Top Threats to Cloud Computing - Helps organizations make educated risk management decisions regarding their cloud adoption strategies.
- GRC (Governance, Risk and Compliance) Stack - A toolkit for key stakeholders to instrument and assess clouds against industry established best practices, standards and critical compliance requirements.
- Cloud Controls Matrix (CCM) - Security controls framework for cloud provider and cloud consumers.
- CloudTrust Protocol - The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
- Consensus Assessments Initiative Research - Tools and processes to perform consistent measurements of cloud providers.
- "Software Defined Perimeter" - A proposed security framework that can be deployed to protect application infrastructure from network-based attacks. It will incorporate standards from organizations such as OASIS and NIST and security concepts from organizations like the U.S. DoD into an integrated framework.




No comments :
Speak Your Mind:
Dear Readers,
Thank you for reading this article. Hope you found the post informative. Please post your feedback in the comments section. Comments are moderated and may take some time to appear.