Cloud Security Alliance (CSA) Non-Profit organization Promoting Best Practices for Cloud Security
15. What is the Cloud Security Alliance (CSA) and do you have information security documents that can assist with the various CSA requirements?
The Cloud Security Alliance - simply known as CSA to many in the industry - is a non-profit organization that actively promotes best standards for cloud computing security. It's gained quite a bit of notoriety in recent years as a large and growing group of practitioners, corporations, associations, and other interested parties have become actively involved with the CSA.
One of the more notable benefits of the CSA is that they provide a number of helpful documents, such as the well-known Cloud Controls Matrix (CCM), with is essentially a controls framework relating to security for cloud computing. Additionally, there are the CAIQ documents, which allow organizations to also document their controls in regards to many offerings, such as "IaaS, PaaS, and SaaS offerings", according to www.cloudsecurityalliance.org.
Cloud Security Alliance (CSA) Self Assessment Reporting
What's really interesting is that the CSA has launched a program whereby cloud computing providers can upload self-assessment reports that effectively document their compliance against the CSA best practices. It's an attempt by the CSA to create enhanced awareness and transparency regarding security in the cloud. A number of very well-known organizations have, and are continuing to participate in this endeavor, such as Amazon AWS Web services (https://www.aws.amazon.com/), Box.com (https://www.box.com/), and even various product lines from the tech giant Microsoft.
You can actually download their publications to see exactly what information - and answers – they’ve provided. It's definitely a move toward more transparency, and its being welcomed by many in the information technology and information security industry.
The CSA also has numerous conferences, while also providing education, certification, and other notable events. They're without question one of the leading associations for cloud security, thus it's highly recommended that information security professionals get involved with the CSA.
Our Security Policies Help Ensure Compliance with CSA
The FLANK21 of information security policies, procedures, forms, checklists, templates, and provisioning and hardening documents from FLANK can help assist with a number of areas relating to the CSA best practices. If you read through the actual CSA publications - such as the actual reports used by cloud security providers for submitting to the CSA Security, Trust & Assurance Registry (STAR), there are numerous requirements and mandates for information security policies and procedures. With the help of FLANK and the Global Information Security Compliance Packet (GISCP), compliance becomes that much easier!