Cloud Security Alliance APAC
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice

Cloud Security Alliance Releases Cloud Operating System (OS) Security Specification Report

5/9/2019

 
The first international research report to define technical requirements for cloud OS security specifications and addresses their importance

​SINGAPORE – May 8, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its latest research report, Cloud Operating System (OS) Security Specification. The whitepaper, announced at the annual CSA APAC Summit held in Singapore today, aims to define the technical requirements of cloud OS security specifications, specifically the security functions and requirements (e.g. network, virtualization, data and management security) needed to maintain the smooth operation of the system, protect the data in the cloud, and provide secure and trusted cloud computing services to the cloud service customer. 
“This is an important step for the cloud computing industry. It will help the industry enhance the security foundation of cloud computing, especially as a reference for the private cloud customer to choose a secure cloud infrastructure vendor,” said Xiaoyu Ge, Co-Chair of the Cloud Component Specifications Working Group and Senior Security Standards Manager at Huawei.
​

​Authored by the CSA’s Cloud Component Specifications Working Group, the paper addresses the importance of specifying the technical security requirements of cloud OS. [Information security management systems (ISMS) are outside of the scope for this specification.] Currently, whereas the majority of standards related to cloud computing focus on ISMS, there is a lack of internationally recognized technical security specifications for cloud OS.

“This paper is pertinent in helping to clarify and specify technical security requirements of cloud OS that both cloud service providers and users can refer to in order to strengthen their security posture and guard against security threats,” said Dr. Hing-Yan Lee, Executive Vice President of Cloud Security Alliance APAC. “CSA believes the industry will benefit from such specifications and related certifications in order to regulate security requirements for the cloud OS to prevent future security threats.”

The whitepaper builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud-computing security. Security properties and functionalities presented by cloud service providers such as AWS, Google Cloud, Huawei and Microsoft Azure are referenced in this document. While the CSA research artifact “Security Guidance for Critical Areas of Focus in Cloud Computing” is one of the key baseline references in specifying this document, it differs from the other in that it takes the additional step to focus on a specific component in cloud computing—cloud OS.

CSA would like to extend thanks to the members of the Cloud Component Specifications Working Group, as well as to those who have contributed to the whitepaper in an effort to create a more inclusive and safer cloud community.

​Learn more about the Cloud Components Specifications Working Group. Those interested in contributing to the Working Group’s body of knowledge are invited to join the group.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

​Media Contacts 
Kari Walker for the CSA 
ZAG Communications 
703.928.9996 
[email protected]
© COPYRIGHT 2021. Cloud Security Alliance. All Right Reserved