In my work with Pondurance’s compliance clients, questions about the Cloud Security Alliance (CSA) are frequent. What is it? Why does it exist? How can I get involved? I’m guessing a few of our readers might have similar questions, so allow me to shed some light on the topic.
What Is CSA?
CSA is a worldwide organization that focuses on sharing IT security best practices for cloud computing environments. As more organizations move their IT networks into entirely virtualized environments, these best practices provide increasingly significant value to organizations with cloud-based architectures.
Why Does CSA Exist?
According to the Cloud Security Alliance, its mission is “to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
When it comes to information that needs to be protected, cardholder data (CHD), personally identifiable information (PII), and protected health information (PHI) are typically the three primary categories that come to mind. The security frameworks that have provided best practices to protect these data types—including Payment Cardholder Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA)—will continue to be the leading sources for this knowledge. In addition to these foundational standards, CSA provides a risk-based perspective on the additional threats facing cloud computing environments with CHD, PII, or PHI.
How Can I Get Involved?
Based on the latest version of the PCI DSS (version 3.2) published in April 2016, CSA has introduced a peer review document that maps CSA controls to PCI DSS requirements. While CSA is in peer-review status, anyone can fill out a form on their site, review the mapping document, and provide suggestions to improve it. Access the form here.
CSA also has ongoing open initiatives to continue building their knowledge base. By visiting their site and reviewing the initiatives, contributors can add to them now. The latest topics include:
- Domain 10 – Application Security
- Domain 12 – Identity, Entitlement, and Access Management
- Domain 13 – Security as a Service
In the quest for security and compliance, collaboration and open dialogue are vital. To learn more about CSA or to talk with one of Pondurance’s security or compliance experts, drop us a line.
About the author: Caitlin Crow is a security consultant at Pondurance with more than two years of IT consulting experience in compliance, risk management, and information security. Caitlin currently resides in Indianapolis and likes to spend her free time checking out new, local restaurants and getting involved in the Indy community.