The IT Law Wiki

Cloud Security Alliance

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

The Cloud Security Alliance is a nonprofit organization formed to promote the use of leading practices for providing security assurance when using cloud computing.

Recommendations Edit

In December 2009, the alliance issued "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1.[1] The guidance provides recommendations in 13 cloud computing domains:

  • Architectural framework: provides a conceptual framework focusing on cloud computing.
  • Governance and enterprise risk management: ability of an organization to govern and measure.
  • Legal and electronic discovery: potential legal issues including protection requirements for information and computer systems.
  • Compliance and audit: proving compliance when using cloud computing during an audit.
  • Information life cycle management: managing data that is placed in the cloud and determining responsibility for data confidentiality, integrity, and availability.
  • Portability and interoperability: the ability to move data and services from one provider to another or bring it back in-house.
  • Traditional security, business continuity, and disaster recovery: identifying where cloud computing may assist in lowering security risks, while potentially increasing it in other areas.
  • Data center operations: common data center characteristics that could be detrimental to ongoing services, and those that are fundamental to long-term stability.
  • Incident response, notification, and remediation: addresses complexities that cloud computing brings to an incident handling program and forensics for both the provider and customer.
  • Application security: securing application software that is either running on or being developed in the cloud.
  • Encryption and key management: identifying proper encryption usage and scalable key management.
  • Identity and access management: focuses on issues encountered when extending an organization’s identity into the cloud.
  • Virtualization: risks associated with items such as multitenancy, or the sharing of computing resources by different organizations.

On November 14, 2011, the CSA issued the Security Guidance for Critical Areas of Focus in Cloud Computing Version 3.0.

References Edit

  1. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (Dec. 2009) (full-text).

Also on Fandom

Random Wiki