By Frank Guanco, Research Project Manager, CSA Global
At the end of February, the Cloud Security Alliance (CSA) concluded its CSA Summit San Francisco 2016 with a full slate of presentations, releases, and announcements. CSA Summit kicked off the week with a full day of speakers and panels on the subject of ‘Cloudifying Information Security’ with a standing room only crowd. Throughout the week, CSA shared a number of updates, announcements, and releases that touched on the entire CSA portfolio. Below are links that recap some of the activity during CSA Summit San Francisco 2016.
Cloud Security Alliance Forms Global Enterprise Advisory Board
The Cloud Security Alliance announced the formation of the CSA Global Advisory Board, a 10-member body representing some the world’s most recognized experts within information technology, information security, risk management and cloud computing industries. The Global Advisory Board has been established to support CSA in further anticipating emerging trends, and as a result, increase the influence enterprises have over the future of the cloud industry’s ability to address dynamic and optimal cloud security requirements.
Cloud Security Alliance Establishes Research Fellowship Program
The Cloud Security Alliance announced the establishment of the CSA Research Fellowship Program designation, the highest honor and distinction awarded to a CSA Research Volunteer who has demonstrated significant contributions to CSA Research. The honor aims to recognize the talented and dedicated efforts of select CSA Research Volunteers whose work has led to groundbreaking and forward-thinking advancements of the CSA.
CCM Candidate Mapping update and CAIQ minor update
The CSA announced the release of the Candidate Mappings of ISO 27002/27017/27018 to version 3.0.1 of the CSA Cloud Controls Matrix (CCM). The ISO 27XXX series provides an overview of information security management systems. ISO 27002 provides further security techniques on controls based in ISO 27001. ISO 27017 adds this security code of conduct to the procurement of cloud services. Finally, ISO 27018 is the first international standard delivering security techniques on the privacy and protection of PII (Personally Identifiable Information).
Additionally, CSA’s Consensus Assessments Initiative Working Group has released an update to version 3.0.1 of the Consensus Assessments Initiative Questionnaire (CAIQ) that included minor updates and corrections.
Cloud Security Alliance Releases New Network Functional Virtualization Security Position Paper
The CSA’s Virtualization Working Group released a new position paper on Network Function Virtualization, which discusses some of the potential security issues and concerns, and offers guidance for securing a Network Virtual Function (NFV) based architecture, whereby security services are provisioned in the form of Virtual Network Functions (VNFs). We refer to such an NFV-based architecture as the NFV Security Framework. This paper also references Software-Defined Networking (SDN) concepts, since SDN is a critical virtualization-enabling technology. The paper is the first step in developing practical guidance on how to secure NFV and SDN environments.
Cloud Security Alliance Releases The Treacherous 12: Cloud Computing Top Threats in 2016
The CSA’s Top Threats Working Group released their latest report The Treacherous 12: Cloud Computing Top Threats in 2016, an important new research report developed to serve as an up-to-date guide to help cloud users and providers make informed decisions about risk mitigation within a cloud strategy. This report serves as an up-to-date guide that will help cloud users and providers make informed decisions about risk mitigation within a cloud strategy. While there are many security concerns in the cloud, this report focuses on 12 specifically related to the shared, on-demand nature of cloud computing.
Cloud Security Alliance Research Working Group Sessions
When CSA’s big events happen around the world, like CSA Summit San Francisco 2016, the CSA’s Research team hosts working group sessions for the various projects, groups, and initiatives that comprise the research portfolio. This year, about a dozen working groups shared their status updates and recent releases. The presentations from these sessions are available here.
Thanks to all that attended CSA Summit San Francisco 2016, those that visited our exhibition booth, and those we interacted with during the convention week. It was a successful event and we look forward to seeing everyone at next year’s CSA Summit San Francisco 2017.