CSA issues first Security as a Service white paper
The Cloud Security Alliance (CSA) announced that the Security as a Service working group has published its first white paper, “Defined Categories of Service 2011”. The purpose of this group’s research is to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.
Until now there has been limited research into the provision of security services in an elastic cloud model that scales as the client requirements change. This first white paper designed to provide clear definitions of the different categories of security services that can be provided via the cloud (e.g. elastic, on demand) model.
“Vendors have attempted to satisfy this demand for security by offering security services in a cloud platform, but because these services take many forms, they have caused market confusion and complicated the selection process,” said Kevin Fielder, co-chair of the working group. “This new research project aims to aid both cloud customers and cloud providers, to provide greater clarity on Security as a Service – and to help end users understand the unique nature of cloud-delivered security offerings so they can evaluate the offerings and understand if they will meet their needs.”
“The aim of this research is to enable enterprises to make use of security services in new ways, or in ways that would not be cost effective if provisioned locally,” said Cameron Smith, co-chair of the working group. “We’d like to thank Bernd Jaeger, Marlin Pohlman and Jens Laundrup, as well as our numerous other contributors, for their hard work on this project, and we look forward to continuing to produce innovative, much-needed research in this area.”
The Security as a Services Categories of Service 2011 white paper covers the following categories of service:
- Identity and Access Management
- Data Loss Prevention
- Web Security
- Email Security
- Security Assessments
- Intrusion Management
- Security Information and Event Management
- Business Continuity and Disaster Recovery
- Network Security.
This work has been proposed as the basis of the new Domain 14 of the CSA guidance, and the working group expects to produce further documentation covering areas such as implementation guidance / reference models for the various categories, along with how they can be used to mitigate the key threats identified by the CSA Top Threats Report and members of the SecaaS working group.
The complete report can be downloaded here.