Singapore – 11 December, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, will be developing a holistic Cloud Incident Response Whitepaper. The framework will cover key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies. This will help serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud outages, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud outage response practices.
Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains, Jointly Developed by MDEC and CSA
The Cloud Security Alliance Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the CSA CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service attestations and control reports provided by cloud providers.
As a framework, the CSA CCM provides organizations with the needed structure, detail, and clarity relating to information security tailored to the cloud industry. The CSA CCM strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardized security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.
International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878
Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Guidelines for Design and Implementation of Virtualized Servers has been published as of November 2018 .
The purpose of this document is to provide security guidelines for the design and implementation of virtual servers (VSs). Design considerations focusing on identifying and mitigating risks, and implementation recommendations with respect to typical VSs are covered in this document.
“This publication of ISO/IEC 21878 reinforces Singapore as one of the leading countries in Asia Pacific on the cutting edge of developing best practices for the cloud ecosystem. CSA APAC will continue to work closely with APAC countries to demonstrate standardization and technical expertise at the international level.” said Dr. Hing-Yan Lee, Executive Vice President for Asia Pacific, CSA.
This was a result of a joint project formalized in June 2013 between CSA and SPRING Singapore (now Enterprise Singapore) to integrate Singapore’s TR 30 : 2012 – Virtualization Security for Servers and CSA’s Cloud Controls Matrix into a CSA whitepaper. The whitepaper titled ‘Best Practices for Mitigating Risks in Virtualized Environment’ was published in April 2015, and was subsequently submitted in the same year as an input document to ISO to help steer international standardization efforts.
Newest paper offers clearly defined security responsibilities for vendors, customers across various cloud-service models
SINGAPORE – October 11, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its latest research report, “Guidelines on Effectively Managing the Security Service in the Cloud.” The paper was announced at the annual APAC Summit held in conjunction with Cloud Expo Asia 2018 and provides cloud service providers (CSP) and their customers with clear-cut recommendations for building and managing cloud security services.
Authored by the Cloud Security Services Management (CSSM) Working Group, the new guidelines address a critical need stemming from today’s widespread usage of cloud—clearly defined security responsibilities for both vendors and their customers across various cloud-service models. While the shared responsibility model provides excellent guidance, many of the standards and specifications it touches upon target CSPs’ security responsibilities rather than those of customers, especially those with little to no cloud security knowledge.
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, hosted its Inaugural CSA Hyderabad Summit on 26 September 2018 at the Lemon Tree Premier Hotel. The Summit attracted over 320 C-levels, government dignitaries, and decision makers and featured a launch of the CSA Hyderabad Chapter. CSA regional chapters are essential to CSA’s mission to promote the secure adoption of cloud computing.
Dr. Lee Hing-Yan, Executive Vice President of CSA APAC, and Dr. Amar Prasad Reddy, Director General National at Cyber Safety & Security Standards opened the Summit addressing both international and local insights on Cloud Security respectively. The event was also attended by high-profile individuals in the tech and IT industry. The Summit delivered a total of 11 presentations from renowned speakers, experts, and thought leaders, addressing hot topics such as Cloud Adoption in Enterprises, DevSecOps approach to Cloud Security, Can Blockchain deliver on IoT and Cloud Security?, Data Privacy in Cloud, Cloud Access Security Brokers (CASBs) and Connected Vehicle Security.
Survey offers insight into areas of cloud adoption, IT security budgets, cloud computing, cyber security skills
KUALA LUMPUR, MALAYSIA – August 20, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Malaysia Digital Economy Corporation (MDEC) today released the results of a joint survey, Cloud Adoption in the Malaysia FSI Sector, which surveyed IT and security professionals in Malaysia’s FSI about their cloud service adoption plans and priorities. The results were announced in Kuala Lumpur at the inaugural CSA Malaysia Summit, where Dato’ Ng Wan Peng, COO of MDEC; Jim Reavis, co-founder & CEO of CSA; and Ramesh Narayanaswamy, CIOO of CIMB Group Holdings were among the keynote speakers.
As a part of the Summit, CSA also organized a Roundtable on “Banking 4.0 – Digital Transformation, Opportunities & Challenges” aimed to work on the next level study of the survey conducted. This Roundtable was sponsored by Microsoft.
Although heavily regulated internationally, today’s financial services institutions (FSI) face similar pressures experienced by their compatriots in lesser-regulated sectors. There is an urgent need to embrace digital transformation to leapfrog competitors, enhance agility, and increase efficiency to better serve the modern digital consumer in this fast-paced economy. Significantly higher confidence levels in cloud security today have rendered the cloud a key enabler in overcoming these challenges. Seeing this trend, CSA and MDEC jointly conducted the “Cloud Adoption in the Malaysia FSI Sector” survey to gain a deeper understanding of the current and future state of cloud adoption in the region.
Bangalore, India - June 15, 2018. Source: https://eandt.theiet.org/content/articles/2018/06/view-from-india-cloud-computing-on-the-rise-in-india/
India's role as a major stakeholder in cloud computing is increasing, with Bangalore identified as the country's IT hub.
India’s role as a major stakeholder in cloud computing is increasing. Since Bangalore is identified as the country’s IT hub, it is only natural that the Bangalore Chapter of the Cloud Security Alliance (CSA) is in the process of formalising its chapter deeper and further strengthening its position in Bangalore. The CSA defines itself as a global organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment.
Cloud represents the future of an agile enterprise and its benefits are being passed on to consumers through which new technologies such as Internet of Things (IoT) and quantum computing.
“The requirements in cloud are growing globally and this opens out opportunities for building a professionally trained workforce that can handle the emerging requirements of the cloud security system”, said Sandip Kumar Panda, chairman, CSA Bangalore Chapter, speaking at the CSA Bangalore Summit held on June 14, 2018.
FinTech services are all the rage at the moment, and one reason for that is the prevalence of cloud computing platforms that enable such services. Which is ironic, given that traditional banks and financial institutions have been famously conservative about cloud adoption – even private clouds seemed risky compared to closed proprietary networks under their control. FinTech start-ups, on the other hand, have wholeheartedly embraced cloud as an enabler to break into the finance business quickly.
Dr Hing-Yan Lee, executive vice president of APAC for the Cloud Security Alliance, talks to Disruptive.Asia editor John C Tanner about the role of cloud in the FinTech explosion, and the security and compliance challenges that come with the territory.
Singaporeans can now receive subsidies for CCSK training
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that its Certificate of Cloud Security Knowledge (CCSK) course has successfully completed course mapping under CITREP+
Through this recognition, attendees who are Singapore citizens and permanent residents can attend the 3-day CCSK training course at subsidised costs under the Critical Infocomm Technology Resource Programme Plus (CITREP+) as a part of TechSkills Accelerator (TeSA), a programme which supports local professionals and working professionals to continuously reskill and stay abreast of the latest in-demand technical skills, to remain valued and competitive in Singapore. Singaporeans and permanent residents are also eligible for CITREP+ funding to take the CCSK examination.
ISO/IEC DIS 21878(en)Information technology — Security techniques — Security guidelines for design and implementation of virtualized servers
The document is now under preparation for its final publication. Visit the above link for more details.