Security as a Service (Implementation Guides) Research Sponsorship

Transcription

1 Security as a Service (Implementation Guides) Research Sponsorship

2 Overview The purpose of the Security as a Service (SecaaS) Working Group will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices. In October 2011 the work group published its first white paper titled "Defined Categories of Service. We are now ready to expand each category into a series of implementation guides that cover the defined categories of service outlined in the work group s first whitepaper. About the Cloud Security Alliance The Cloud Security Alliance is a not for profit, vendor neutral organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. CSA has grown tremendously since we publicly launched in April 2009, and we continue to set the pace as the industry leader in research and best practices for developing the trusted cloud ecosystem. 35,000 members worldwide, in over 60 chapters Not for profit organization registered as a 501(c)6 corporation with the US Internal Revenue Service Developed first comprehensive best practices for secure cloud computing, Security Guidance for Critical Areas of Focus for Cloud Computing (April 2009, updated December 2010 and October 2011) First and only user certification for cloud security, the CCSK (Certificate of Cloud Security Knowledge, September 2010) Tools for managing Governance, Risk and Compliance in the Cloud (GRC Stack) Registry of cloud provider security practices, the CSA STAR (Security, Trust & Assurance Registry, Q4 2011) Industry leading security practices, education and tools developed by 20 working groups Selection of CSA venue by US White House to announce the US Federal Cloud Strategy in 2011 Leadership in developing new security standards addressing cloud computing Trusted advisor to governments and Global 2000 firms around the world Copyright 2012 Cloud Security Alliance 1

3 The CSA Portfolio CSA quickly captured industry thought leadership by being the first mover in several areas due to our philosophy of agility, community and meritocracy. Cloud computing can be seen as a generation shift towards creating a global compute utility,, even if it will create several different global and local clouds. Cloud s dynamism and the criticall decisions being made by the public and private sector today with a long tail of impact have createdd a growing sense of urgency within CSA to continue our aggressive production of critical research, education and tools. Our research includes fundamental projects needed to define and implement trust within the future of information technology, which include cloud computing, mobile and big data. Copyright 2012 Cloud Security Alliance 2

4 Security as a Service Research Initiative Cloud Computing represents one of the most significant shifts in information technology many of us are likely to see in our lifetimes. Reaching the point where computing functions as a utility has great potential, promising innovations we cannot yet imagine. Vendors have attempted to satisfy this demand for security by offering security services in a cloud platform, but because these services take many forms, they have caused market confusion and complicated the selection process. This has led to limited adoption of cloud based security services thus far. To aid both cloud customers and cloud providers, CSA has embarked on a new research project to provide greater clarity on the area of Security as a Service. Security as a Service refers to the provision of security applications and services via the cloud either to cloud based infrastructure and software or from the cloud to the customers on premise systems. This will enable enterprises to make use of security services in new ways, or in ways that would not be cost effective if provisioned locally. Numerous security vendors are now leveraging cloud based models to deliver security solutions. This shift has occurred for a variety of reasons, including greater economies of scale and streamlined delivery mechanisms. Consumers are increasingly faced with evaluating security solutions, which do not run on premises. Consumers need to understand the unique nature of cloud delivered security offerings so they can evaluate the offerings and understand if they will meet their needs. As part of our effort to provide guidance to organizations on reasonable implementation practices the SecaaS Work Group is publishing a series of implementation guides that cover the following defined categories of service: Identity and Access Management (IAM) Data Loss Prevention (DLP) Web Security Security Security Assessments Intrusion Management Security Information and Event Management (SIEM) Encryption Business Continuity and Disaster Recovery Network Security Copyright 2012 Cloud Security Alliance 3

5 SecaaS Implementation Guide Milestones and Activities Implementation Guide Format Each Implementation Guide is developed by industry experts and will provide useful information for organizations interested in procuring the given security as a service offering. The guides cover the key issues, threats and solution benefits. Each guide will be between pages, with the following format: Introduction Requirements Addressed Implementation Considerations and Concerns Detailed Implementation References and Useful Links SecaaS Research Sponsorship Benefits Branding of Project Deliverables The implementation guide, presentations and related project deliverables will include an acknowledgement of sponsor and will include sponsor logo. Sponsor will also be allowed to incorporate project deliverables into sponsor s own whitepapers and related collateral with appropriate acknowledgements to CSA. Sponsored Research Listing Sponsor will be permanently listed as a charter sponsor with logo and URL link at the CSA Security as a Service website and related areas, such as printed collateral. Copyright 2012 Cloud Security Alliance 4

6 Whitepaper Download Information Sponsor will receive monthly list of individuals opting in when downloading the individual SecaaS whitepaper. Press activity Sponsor will be included in press release activity related to key project milestones, including the opportunity to provide supporting quotes for the project. Blogging, Twitter & Webcasts Sponsor will participate in communications related to the project, including project blogs and use of the CSA corporate Twitter account. Project Observer Status Sponsor will be allowed the opportunity to monitor the project and will be provided regular updates from the project leadership. Sponsor will also be allowed the opportunity to interview customer participants. Events The CSA SecaaS Research Initiative will be highlighted in CSA events, providing exposure for sponsors of the initiative. Signing Up Interested parties can select to sponsor one or two SecaaS Categories that are listed below: Identity and Access Management (IAM) Data Loss Prevention (DLP) Web Security Security Security Assessments Intrusion Management Security Information and Event Management (SIEM) Encryption Business Continuity and Disaster Recovery Network Security Please contact Jim Reavis at for more information, pricing and terms for SecaaS Research Sponsorship. Copyright 2012 Cloud Security Alliance 5