Cloud Security Alliance APAC
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice

International Effort with Collaboration Between Cloud Security Alliance and Huawei Culminated in International Standard ISO/IEC 21878

11/26/2018

 
Singapore – November 26, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce that the international standard ISO/IEC 21878 – Security Guidelines for Design and Implementation of Virtualized Servers has been published as of November 2018 .
​
The purpose of this document is to provide security guidelines for the design and implementation of virtual servers (VSs). Design considerations focusing on identifying and mitigating risks, and implementation recommendations with respect to typical VSs are covered in this document.

“This publication of ISO/IEC 21878 reinforces Singapore as one of the leading countries in Asia Pacific on the cutting edge of developing best practices for the cloud ecosystem. CSA APAC will continue to work closely with APAC countries to demonstrate standardization and technical expertise at the international level.” said Dr. Hing-Yan Lee, Executive Vice President for Asia Pacific, CSA.

This was a result of a joint project formalized in June 2013 between CSA and SPRING Singapore (now Enterprise Singapore) to integrate Singapore’s TR 30 : 2012 – Virtualization Security for Servers and CSA’s Cloud Controls Matrix into a CSA whitepaper. The whitepaper titled ‘Best Practices for Mitigating Risks in Virtualized Environment’ was published in April 2015, and was subsequently submitted in the same year as an input document to ISO to help steer international standardization efforts.
In November 2018, ISO approved the publication of the effort as ISO21878 “Security Guidelines for Design and Implementation of Virtualized Servers”. The Co-Editors of this international effort include Mr Xiaoyu Ge, IT Security and Cloud Services Standards Director from Huawei as CSA’s representative. Further information can be found here and here.

The intended goal of this document is to facilitate informed decisions with respect to architecting VS configurations. Such design and implementation configuration is expected to assure the appropriate protection for all virtual machines (VMs) and the application workloads running in them in the entire virtualized infrastructure of the organization.

Data center infrastructures are rapidly becoming virtualized due to increasing deployment of VSs for cloud computing services and for internal IT services. Since VSs are compute engines hosting many business-critical applications, they are key resources to be protected in virtualized data center infrastructure. As VSs are becoming mainstream in typical data center infrastructure setups, the secure design and implementation of VSs forms an important element in the overall security strategy.

The motivation for this document is the global trend in enterprises and government agencies deploying server virtualization technologies within their internal IT infrastructure as well as the use of VSs by cloud service providers. Hence the target audience is any organization using and/or providing VSs.
“IT Security is always an important consideration for customers and the industry. Huawei has been involved in CSA and ISO/IEC JTC1 SC27 standardization activities for a long time, and we look forward to continuing work with CSA and other standards organizations for a better and more secure IT industry” said Yolanda You, Senior Standards Director, Huawei IT Product Line. The scope of this document specifies security guideline for the design and implementation of VSs.  This document is not applicable to Desktop, OS, network, and storage virtualization, and vendor attestation.  It will benefit any organization using and/or providing VSs.
 
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
 
About Huawei
Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organization for a fully connected, intelligent world.
Huawei's end-to-end portfolio of products, solutions and services are both competitive and secure. Through open collaboration with ecosystem partners, we create lasting value for our customers, working to empower people, enrich home life, and inspire innovation in organizations of all shapes and sizes.
At Huawei, innovation focuses on customer needs. We invest heavily in basic research, concentrating on technological breakthroughs that drive the world forward. We have more than 180,000 employees, and we operate in more than 170 countries and regions. Founded in 1987, Huawei is a private company fully owned by its employees.
For more information, please visit Huawei online at www.huawei.com or follow us on:
http://www.linkedin.com/company/Huawei
http://www.twitter.com/Huawei
http://www.facebook.com/Huawei
http://www.google.com/+Huawei
http://www.youtube.com/Huawei
 
Contacts
Kari Walker for the CSA
ZAG Communications
703.928.9996
[email protected]
© COPYRIGHT 2021. Cloud Security Alliance. All Right Reserved