tie cloud event - becky swain - cloud security alliance (csa)
DESCRIPTION
Feb 2nd - TiE Cloud EventTRANSCRIPT
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
STANDARDS DEVELOPMENT
CSA’s Leading Role in the Development of Emerging Cloud Security Standards
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
About Us• Global, not-for-profit, 501(c)6 organization• Over 29,000 individual members, 120 corporate members, 60 chapters• Building best practices and a trusted cloud ecosystem• Agile philosophy, rapid development of applied research• Balance compliance with risk management• Reference models: build using existing standards• Identity: a key foundation of a functioning cloud economy• Champion interoperability• Enable innovation• Advocacy of prudent public policy
• Launching Innovation Initiative at RSA 2012
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Tools CSA Provides Today
• Assessment• User Certifications• Best Practices• Provider Assessments• Procurement• Standards Creations
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Cloud Standards Landscape
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
SAJACCUSGFedRAMP• Chapter 1 – Security Requirements (SP 800-53 R3
++)• Chapter 2 – Continuous Monitoring• Chapter 3 – Assessment & Authorization (SP 800-
37 R1)
SCAP & XCCDFPublications:• SP 800-144 (Security & Privacy Guidelines)• SP 800-145 (Definition)• SP 800-146 DRAFT (Synopsis & Recommendations)
Standards Collaboration
InternationalStandards Council
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
JTC 1/SC 27 Cloud Security & Privacy Joint WG• WG 1 – 27017 (Controls)• WG 4 – NWIP 27036-5 (Supplier Risk Requirements)• WG 5 – NWIP 27xxxx (Data Protection Guidelines for Public Cloud)
JTC 1/SC 38 Cloud Computing Study Group (SGCC) WG3• cloud-o-0079 (Ecosystem)• cloud-o-0080 (Reference Architecture)• cloud-o-0081 (Infrastructure)• cloud-o-0082 (Resource Management)• cloud-o-0083 (Security)• cloud-o-0084 (SDO Overview)• cloud-o-0085 (Benefits)
Standards Collaboration
InternationalStandards Council
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Standards Collaboration
Focus Group on Cloud Computing (FG Cloud)• WG 1 (Benefits & Requirements)• WG 2 (SDO Gap Analysis & Roadmap)
SG 13 CloudSG 17 Telecom Security• X.ccsec (Security Guidelines)• X.srfcts (Security Requirements & Framework)• X.sfcse (Security Functional Requirements for SaaS)
InternationalStandards Council
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Help Us Secure Cloud Computing• www.cloudsecurityalliance.org
• LinkedIn: www.linkedin.com/groups?gid=1864210
• Twitter: @cloudsa
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Thank You