Cloud Security Services Management
|
Although leading cloud providers are developing their security services management platform aggressively, the gap between cloud providers and security vendors still exists. As such, it is necessary and valuable to set up a platform for cloud providers and security vendors to develop a best practice guideline on how to build and, more importantly, to manage cloud security services. This is especially the case for small and medium business (SMB) vendors, which have no resource doing comprehensive research on geographical and legal requirements in different regions and countries. These SMBs may have no capability to perform compatibility development and testing with multiple partners, either. Hence, we propose to set up the Cloud Security Services Management Working Group (WG), which will look into developing a guideline to solve the need. This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services. Subsequently, this initiative hopes to develop a platform for cloud providers to publish their security requirements, for security vendors to share their security products and services, and to provide a platform for interoperability testing. This initiative will be especially beneficial to SMBs which are cloud service providers, security vendors and cloud customers. As a result, cloud security service management will become a part of Governance, Risk and Compliance (GRC) implementation. |
Scope |
|
Goals |
The objectives of the Cloud Security Services Management (CSSM) will include:
|
Ongoing Deliverables |
Third Party Security Roles and Responsibilities
The Cloud Security Service Management (CSSM) Working Group published the whitepaper “Guideline on Effectively Managing Security Service in the Cloud” (referred to as the ‘Guideline’) in 2018. The Guideline provides an easy-to-understand guideline to cloud customers on how to design, deploy, and operate a secure cloud service for different cloud service models. In the guideline, it described the third party security service providers providing professional security services on behalf of CSP and/or cloud customers via business contract and agreement.
Is this true or is it the real business best practice? As the next step, the CSSM WG plans to conduct research and to develop a whitepaper “Third Party Security Roles and Responsibilities”. To contribute, join the CSSM WG here. |
Artifacts |
|