Last week, the Cloud Security Alliance (CSA) released its Security Guidance for Critical Areas of Focus in Cloud Computing V2.1.
This is a follow-on to first guidance document released only last April, which, gives you a sense of the speed at which cloud technology and techniques are moving. I was one of the contributors to this project.
The guidance explores the issues in cloud security from the perspective of 13 different domains:
Governing in the Cloud
Operating in the Cloud
I thought the domain classification was quite good because it serves to remind people that technology is only a small part of a cloud security strategy.
I know that’s become a terrible security cliche, but there’s a difference between saying this and understanding what it really means.
The CSA domain structure–even without the benefits of the guidance–at least serves as a concrete reminder of what’s behind the slogan.
Have a close look at the guidance. Read it; think about it; disagree with it; change it–but in the end, make it your own. Then share your experiences with the community.
The guidance is an evolving document that is a product of a collective, volunteer effort. It’s less political than a conventional standards effort (look though the contributors and you will find individuals, not companies). The group can move fast, and it doesn’t need to be proscriptive like a standard–it’s more a distillation of considerations and best practices.