CSA Continues to Drive Leadership in Cloud Security with New Research

RSA CONFERENCE 2020 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced three new publications that further CSA’s commitment to helping cloud security professionals successfully steer their enterprises on their journey to the cloud: Banking on the Cloud – Real-World Use in the Financial Services Sector, Best Practices in Implementing a Secure Microservices Architecture, and DevSecOps: Collective Responsibility. Additionally, CSA, in collaboration with McGraw-Hill, announced the release of “CCSK Certificate of Cloud Security Knowledge All-in-One Exam,” by CSA-authorized trainer Graham Thompson, as a comprehensive guide to version 4 of the CCSK.

The Cloud Usage in the Financial Services Sector report provides insight into the banking and finance sectors’ real-world use. Most strikingly, the survey, which was conducted by CSA’s Financial Services Stakeholder Platform (FSSP) Working Group, found that 91 percent of respondents are actively using cloud services or plan to use them in the next six to nine months — double the number since CSA’s last financial services sector survey four years ago. Among the survey’s other key findings:

  • The top 25 percent of respondents already have over half their regulated workloads in public cloud services;
  • 52 percent of respondents have a formal cloud security policy or standard as part of their overall Enterprise Risk Management Framework (ERMF); and
  • 90 percent of respondents have a key management policy applicable to regulated and critical data, and of them, 42 percent require "on-premise" key management for regulated data and 49 percent do so for critical data.

DevSecOps: Collective Responsibility is part of a planned series that will focus on the area of an organization’s security posture that is arguably the foundation for all others – collective responsibility. Drafted by CSA and SAFECode, the paper provides a set of considerations that should be taken into account and identifies methods for 1) creating and maintaining executive support and engagement, 2) building an inclusive cultural program based on cumulative experience, 3) creating deep engagement through security champions, and 4) using metrics to sustain, build, and help evolve the program. This paper addresses two key culture-related measurement issues:

  • How what you measure drives culture
  • The challenge of measuring something as intangible as culture

Best Practices for Implementing a Secure Microservices Architecture provides detailed guidance on secure application development with microservices architectures versus traditional architectures. The design of microservices architecture is intended to address the limitations of traditional application architectures. This technical guidance applies to the secure development and governance of cloud-native applications and the decomposing of applications for the cloud. Best Practices for Microservices is the third of four releases on the challenges and best practices related to application containers and microservices following Challenges in Securing Containers and Microservices, and Best Practices for Implementing Secure Containers.

“These diverse research projects paint a picture of cloud computing in 2020. Cloud adoption is accelerating within critical infrastructure industries where security is paramount, while organizations are embedding security into state-of-the-art cloud software development,” said John Yeoh, Global Vice President of Research at Cloud Security Alliance.

Mastery of CSA research is proven by obtaining the Certificate of Cloud Security Knowledge (CCSK). CSA is proud to collaborate with McGraw-Hill and announce the release of the “CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide,” written by CSA-authorized trainer Graham Thompson. The book offers exam-focused coverage of the latest cloud technologies, including virtualization, governance and security. Readers will receive real-world examples and best practices, online content that includes access to 120 additional practice questions, and a 10-percent discount code for the CCSK exam. Beyond exam preparation, the book also serves as a valuable on-the-job reference. Available for pre-order now with shipments starting March 13, 2020, the book can be purchased online for $50 through McGraw-Hill.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.