By JR Santos, Executive Vice President of Research, Cloud Security Alliance.
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Guidance for Critical Areas of Focus in Cloud Computing 4.0 in Spanish. This is the second major translation release since Guidance 4.0 was released in July of 2017 (Previous version was released in 2011).
An actionable cloud adoption roadmap
Guidance 4.0, which acts as a practical, actionable roadmap for individuals and organizations looking to safely and securely adopt the cloud paradigm, includes significant content updates to address leading-edge cloud security practices.
Approximately 80 percent of the Guidance was rewritten from the ground up with domains restructured to better represent the current state and future of cloud computing security. Guidance 4.0 incorporates more of the various applications used in the security environment today to better reflect real-world security practices.
“Guidance 4.0 is the culmination of more than a year of dedicated research and public participation from the CSA community, working groups and the public at large,” said Rich Mogull, Founder & VP of Product, DisruptOPS. “The landscape has changed dramatically since 2011, and we felt the timing was right to make the changes we did. We worked hard with the community to ensure that the Guidance was not only updated to reflect the latest cloud security practices, but to ensure it provides practical, actionable advice along with the background material to support the CSA’s recommendations. We’re extremely proud of the work that went into this and the contributions of everyone involved.”
CCM, CAIQ, DevOps and more
Guidance 4.0 integrates the latest CSA research projects, such as the Cloud Controls Matrix (CCM) and the Consensus Assessments Initiative Questionnaire (CAIQ), and covers such topics as DevOps, IoT, Mobile and Big Data. Among the other topics covered are:
- DevOps, continuous delivery, and secure software development;
- Software Defined Networks, the Software Defined Perimeter and cloud network security.
- Microservices and containers;
- New regulatory guidance and evolving roles of audits and compliance inheritance;
- Using CSA tools such as the CCM, CAIQ, and STAR Registry to inform cloud risk decisions;
- Securing the cloud management plane;
- More practical guidance for hybrid cloud;
- Compute security guidance for containers and serverless, plus updates to managing virtual machine security; and
- The use of immutable, serverless, and “new” cloud architectures.
The oversight of the development of Guidance 4.0 was conducted by the professional research analysts at Securosis and based on an open research model relying on community contributions and feedback during all phases of the project. The entire history of contributions and research development is available online for complete transparency.