Research, guidance reports and working groups scheduled for release include:
Big Data Security Taxonomy and Framework
The new report from the Big Data Working Group evolved from the idea of mapping different varieties of big data such as graphs and streaming video to ten facets of data derived from the groups previously released top-ten list. The group's motivation for coming up with this taxonomy is to help big data services to determine what kind of big data infrastructures they need to deploy and metrics they need to employ for getting the best value out of the data.
Consensus Assessments Initiative Questionnaire (CAIQ) V.3 Open Review Period
In 2010, the CSA released a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider, which can then be tailored to suit each unique cloud customer's evidentiary requirements. Now in its third version, the Cloud Assessments Initiative Working Group will start the open review period for a set of new questions intended to help organizations further build the necessary assessment processes for engaging with cloud providers.
The CSA Mobile Working Group will release a new report that outlines key factors in determining recommended authentication processes, trust boundary identification approaches, guidelines to improve usability of mobile authentication in enterprise / bring-your-own-device (BYOD) environments, and authentication threats and risks identification approaches to conduct an appropriate risk assessment.
Cloud Trust Protocol Technical Model and API
The Cloud Trust Protocol Working Group is releasing a new document that proposes a technical model and API for the CloudTrust Protocol. The CloudTrust Protocol (CTP) is designed to be a mechanism by which cloud service clients can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust.
Secure Development of Cloud Applications
In conjunction with the Software Assurance Forum for Excellence in Code (SAFECode), the CSA will release a new set of guidelines on Practices for Secure Development of Cloud Applications. The report aims to address how the emergence and maturation of cloud computing has impacted the security development lifecycles of leading technology providers, and help readers better understand and implement best practices for secure cloud software development.
Virtualization Working Group Launch
The Cloud Security Alliance will be announcing the formation and associated details of a reconstituted version of the CSA Virtualization Working Group. Virtualization is a critical part of cloud computing as it provides an important layer of abstraction from physical hardware, enabling the elasticity and resource pooling commonly associated with cloud. Recent developments in software defined networking (SDN) show great potential to virtualize data networks in the same way that operating systems have been virtualized. The future integration and potential convergence of virtualization of operating systems and networks promise to greatly impact the next generation of cloud architectures. The security issues and recommended best practices of this broader view of virtualization merit additional focused research from this group.
Anti-Bot Working Group Launch
Botnets have long been a favored attack mechanism of malicious actors. As cloud computing is rapidly becoming the primary option for server-based computing and hosted IT infrastructure, CSA as the industry leader has an obligation to articulate solutions to prevent, respond and mitigate against botnets occurring on cloud infrastructure. The CSA Anti-Bot Working Group will be the primary stakeholder for coordinating these activities.
Cloud Security Alliance Congresses continue to be the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, this year's fourth annual U.S. CSA Congress will focus on emerging areas of growth and concern in cloud security. Attendees will gain exposure to industry-specific case studies that will help them learn and leverage best practices used by their peers in moving to a secure cloud.