Introduction to Security as a Service

The mission statement of the Cloud Security Alliance is “… a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” In order to provide greater focus on the second part of our mission statement, the CSA is embarking on a new research project to provide greater clarity on the area of Security as a Service. A whitepaper will be produced as a result of this research, which will also be considered to be a candidate new domain for version 3 of the CSA guidance.
Numerous security vendors are now leveraging cloud based models to deliver security solutions. This shift has occurred for a variety of reasons including greater economies of scale and streamlined delivery mechanisms. Regardless of the motivations for offering such services, consumers are now faced with evaluating security solutions which do not run on premises. Consumers need to understand the unique nature of cloud delivered security offerings so that they are in a position to evaluate the offerings and to understand if they will meet their needs.
The purpose of this research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices. Other research purposes will be identified by the working group.

[PDF Paper]

Leave a Reply

Your email address will not be published. Required fields are marked *