Cloud Security Alliance

Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing”.[1]

The CSA has over 80,000 individual members worldwide.[2] CSA gained significant reputability in 2011 when the White House selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy.[3]

History

The CSA was formed in December 2008 as a coalition by individuals who saw a need to provide objective enterprise user guidance on the adoption and use of cloud computing.[4] Its initial work product “Security Guidance for Critical Areas of Focus in Cloud Computing,” was put together Wiki-style, by dozens of volunteers.[5]

In 2014, the Chairman of the Board of the CSA was Dave Cullinane, VP of Global Security and Privacy for Catalina Marketing, St Petersburg, Florida, and former CISO for eBay. Cullinane has said, "If you have an application exposed to the Internet that will allow people to make money, it will be probed."[6]

Profile

In 2009 the Cloud Security Alliance incorporated in Nevada as a Corporation and achieved US Federal 501(c)6 non-profit status. It is registered as a Foreign Non-Profit Corporation in Washington.[7]

Policy maker support

The CSA works to support a number of global policy makers in their focus on cloud security initiatives including the National Institute of Standards and Technology (NIST),[8] European Commission,[9] Singapore Government[10] and the various data protection authorities. In March 2012, the CSA was selected to partner with three of Europe’s largest research centers (CERN, EMBL and ESA) to launch “Helix Nebula – the Science Cloud”.[11]

Size

The Cloud Security Alliance employs roughly sixteen full-time and contract staff worldwide. It has over 400 active volunteers participating in research at any time.

Membership

According to CSA, they are a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing, and providing education on the uses of Cloud Computing to help secure all other forms of computing.

Individuals

Individuals who are interested in cloud computing and have experience to assist in making it more secure receive a complimentary individual membership based on a minimum level of participation.

Chapters

The Cloud Security Alliance has a network of Chapters worldwide.[12] Chapters are separate legal entities from the Cloud Security Alliance, but operate within guidelines set down by the Cloud Security Alliance In the United States, Chapters may elect to benefit from the non-profit tax shield that the Cloud Security Alliance has.

Chapters are encouraged to hold local meetings and participate in areas of research. Chapter activities are coordinated by the Cloud Security Alliance worldwide.

International scope

There are separate legal entities in Europe and Asia Pacific, called Cloud Security Alliance (Europe), a Scottish company in the United Kingdom, and Cloud Security Alliance Asia Pacific Ltd,[13] in Singapore. Each legal entity is responsible for overseeing all Cloud Security Alliance-related activities in their respective regions.

These legal entities operate under an agreement with Cloud Security Alliance that give it oversight power and have separate Boards of Directors. Both are companies Limited By Guarantee. The Managing Directors of each are members of the Executive Team of Cloud Security Alliance.

Areas of research

The Cloud Security Alliance has 25+ active working groups.[14] Key areas of research include cloud standards, certification, education and training, guidance and tools, global reach, and driving innovation.

Working groups and initiatives

References

  1. Messmer, Ellen (March 31, 2009). "Cloud Security Alliance formed to promote best practices". Computerworld. Retrieved March 14, 2013.
  2. Čeština (2009-03-24). "Cloud Security Alliance". LinkedIn. Retrieved 2013-08-22.
  3. Roiter, Neil (February 14, 2011). "White House CIO Lays Out 'Cloud First' Strategy To Streamline Bloated Government IT". Dark Reading. Retrieved March 14, 2013.
  4. Harris, Derrick (March 31, 2009). "Experts Get Serious About Cloud Security". GigaOm. Retrieved March 14, 2013.
  5. "Security Guidance for Critical Areas of Focus in Cloud Computing". Cloud Security Alliance. Retrieved 2013-08-22.
  6. C. Wysopol, et al, "The Art of Software Security Testing: Identifying Software Security Flaws" Symantec, 2007
  7. "Corporations Division - Registration Data Search". Washington Secretary of State Corporations Division. Retrieved 2015-03-21.
  8. "NIST formalizes cloud computing definition, issues security and privacy guidance - CSO Online - Security and Risk". CSO Online. 2011-02-03. Retrieved 2013-08-22.
  9. "Infosecurity - Cloud security is a shared responsibility". Infosecurity-magazine.com. 2012-07-26. Retrieved 2013-08-22.
  10. "Cloud Security Alliance picks S'pore for corporate HQ". Asia Cloud Forum. 2012-07-20. Retrieved 2013-08-22.
  11. "Helix Nebula - Helix Nebula Supporters". Helix-nebula.eu. 2013-07-30. Retrieved 2013-08-22.
  12. "Chapters". Cloud Security Alliance. 2012-11-02. Retrieved 2013-08-22.
  13. "APAC Leadership". Cloud Security Alliance. 2012-11-02. Retrieved 2013-10-14.
  14. "CSA : Cloud Security Alliance : Homepage". Cloudsecurityalliance.org. Retrieved 2013-10-14.
  15. "Security Guidance for Critical Areas of Focus in Cloud Computing | Cloud Computing Journal". Cloudcomputing.sys-con.com. Retrieved 2013-08-22.
  16. Gardner, Dana (2010-03-02). "Cloud Security Alliance research defines top threats and best paths to secure cloud computing". ZDNet. Retrieved 2013-08-22.
  17. "Cloud Security Alliance Unveils GRC Stack". Dark Reading. 2010-11-18. Retrieved 2013-10-14.
  18. "Infosecurity - Cloud Security Alliance intros new version of cloud controls matrix". Infosecurity-magazine.com. 2011-08-31. Retrieved 2013-08-22.
  19. "Infosecurity - CSC licences cloud trust protocol to Cloud Security Alliance". Infosecurity-magazine.com. 2011-07-07. Retrieved 2013-08-22.
  20. Help Net Security. "Toolkit to implement and assess cloud security". Net-security.org. Retrieved 2013-08-22.
  21. Paoli, Chris (2013-08-16). "CSA Security Guidance for Mobile Devices". Redmondmag.com. Retrieved 2013-08-22.
  22. "The Evil Eight: Top Mobile Security Threats | How-To | Mobile Enterprise(ME)". Mobileenterprise.edgl.com. Retrieved 2013-08-22.
  23. Brenner, Bill (2012-08-30). "Cloud Security Alliance takes on big data | CSO Blogs". Blogs.csoonline.com. Retrieved 2013-08-22.
  24. Marcia Savage (2012-08-31). "Cloud Security Alliance tackles big data security". Searchcloudsecurity.techtarget.com. Retrieved 2013-08-22.
  25. "Cloud Security Alliance addresses Security-as-a-Service market". Simply Security. 2011-10-07. Retrieved 2013-08-22.
  26. "TCI Reference Architecture". cloudsecurityalliance.org. 2011. Retrieved 2016-10-05.
  27. "CloudAudit Joins Cloud Security Alliance". Data Center Knowledge. Retrieved 2013-08-22.
  28. Nathan Eddy (2012-09-05). "Cloud Security Alliance Presents Privacy Level Agreement Initiative - Cloud Computing - News & Reviews". eWeek.com. Retrieved 2013-08-22.
  29. "Computerworld - The Cloud Security Checklist". Computerworld-digital.com. 2011-09-11. Retrieved 2013-10-14.
  30. "Clear Metrics for Cloud Security? Yes, Seriously - CSO Online - Security and Risk". CSO Online. 2009-11-17. Retrieved 2013-10-14.
  31. "Push your cloud supplier to participate in CSA STAR". Networkworld.com. 2012-03-26. Retrieved 2013-10-14.
  32. "Cloud Computing Forces Data Governance Issue | Blogs". ITBusinessEdge.com. Retrieved 2013-10-14.

External links

This article is issued from Wikipedia - version of the 10/15/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.