Cloud Security Services Management
  • Subject matter experts are also welcomed to join the Cloud Security Services Management WG by submitting your request HERE.
  • Read more about Cloud Security Services Management on our CSA Global page HERE.

It is well acknowledged that collaboration and coordination among all stakeholders are critical to secure the cloud platform. The current gap is that there is no defined guideline dividing the security roles and responsibilities between the cloud service providers and cloud customers; on how to secure cloud services in different cloud deployment models. This is especially the case for those who have little cloud security knowledge. Therefore, there is a need to develop a guideline on how to build and manage cloud security services within the cloud computing industry. Cloud security services management is complex and multi-disciplinary; a successful cloud security services management platform should address technical, business, geographical, regulatory/compliance and legal considerations.

Although leading cloud providers are developing their security services management platform aggressively, the gap between cloud providers and security vendors still exists. As such, it is necessary and valuable to set up a platform for cloud providers and security vendors to develop a best practice guideline on how to build and, more importantly, to manage cloud security services. This is especially the case for small and medium business (SMB) vendors, which have no resource doing comprehensive research on geographical and legal requirements in different regions and countries. These SMBs may have no capability to perform compatibility development and testing with multiple partners, either. Hence, we propose to set up the Cloud Security Services Management Working Group (WG), which will look into developing a guideline to solve the need.

​This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services. Subsequently, this initiative hopes to develop a platform for cloud providers to publish their security requirements, for security vendors to share their security products and services, and to provide a platform for interoperability testing. This initiative will be especially beneficial to SMBs which are cloud service providers, security vendors and cloud customers. As a result, cloud security service management will become a part of Governance, Risk and Compliance (GRC) implementation.

Scope
  • This initiative will focus on cloud security services management research and best practice guideline development for managing cloud security services.
  • Certification is out of scope in this initiative.
  • This initiative will develop a platform for information sharing among cloud providers and security vendors.
  • This initiative will develop a platform for cloud service providers and security vendors to perform interoperability and conformance testing.

Goals
The objectives of the Cloud Security Services Management (CSSM) will include:
  • To develop a research paper (whitepaper), proposing a method to manage cloud security services. This paper will serve as a best practice guideline for those who wish to select a cloud service provider or a vendor;
  • To develop a platform for information sharing among cloud providers and security vendors and consumers;
  • To develop a platform for cloud service providers and security vendors to perform interoperability and conformance testing.