Carolina Ozán, profile picture
Uploaded byCarolina Ozán
66 views

Charting the Course Through Disruption with CSA Research

The document discusses the Cloud Security Alliance's (CSA) research activities. It notes that CSA has produced over 165 research artifacts through 34 active working groups. It highlights some of CSA's 2018 research releases and lists CSA's active and dormant working groups. The document promotes connecting with CSA and learning more about their research through various online resources.

Embed presentation

COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE CHARTING THE COURSE THROUGH DISRUPTION WITH CSA RESEARCH J.R. SANTOS, EXECUTIVE VICE PRESIDENT OF RESEARCH
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE I O T C O N N E C T E D D E V I C E S B Y 2 0 2 0 The total number of “things” in the Internet of Things (IoT) is forecast to reach 20.4 billion in 2020, which is lower than Gartner’s previous prediction of 20.8 billion, published in 2015. The consumer segment is tipped to make up 63 per cent of the total IoT application market in 2017 with 5.2 billion units. Businesses are on pace to employ 3.1 billion connected things in 2017. 20.4B 3 1 % UP FROM 2016 8 . 4 B FOR EC AST IN 2017 TITLE GOES H ER E Quis nostrud exercitation.
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE T HE ZET TABYTE E RA The document presents some of the main findings of Cisco’s global IP traffic forecast and explores the implications of IP traffic growth for service providers.
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE “The cyber security industry faces a massive problem: there are simply not enough highly-skilled cyber security professionals. This is already a massive issue, but fast-forward to 2020 and the shortfall is expected to reach 1.5 million” - ISC2 Workforce Study EX IST ING EMPLOYEES CAN’ T KEEP UP WIT H T HE CHANG ES IN OUR INDUST RY COLLEG E G RADUAT ES LACK T HE SKILL AND EX PERIENCE 1 .5 M ILLION C Y BE R SE C U RITY P RO FE SSIONA LS NE E D E D BY 2020
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE O UR ENVIRO NMENT IN C HANG ING TH E R EGU LATOR Y & STAN D AR D S LAN D SC APE W ILL C H AN GE AN D BEC OME MOR E C OMPLEX N EW ATTAC K SU R FAC ES TEC H N OLOGY LAN D SC APE C H AN GES R APID LY D ATA W ILL C ON TIN U E TO EXPLOD E 9 9 % TH R OU GH 2020, 99% OF VU LN ER ABILITIES EXPLOITED W ILL C ON TIN U E TO BE ON ES KN OW N BY SEC U R ITY AN D IT PR OFESSION ALS FOR AT LEAST ON E YEAR . 33.3 % BY 2020, A TH IR D OF SU C C ESSFU L ATTAC KS EXPER IEN C ED BY EN TER PR ISES W ILL BE ON TH EIR SH AD OW IT R ESOU R C ES 8 . 3 % GR OW TH R ATE FOR IN FOR MATION SEC U R ITY SPEN D . FOR C ASTED TO BR EAK 101 B BY 2020 2 5 % BY 2020, MOR E TH AN 25% OF ID EN TIFIED EN TER PR ISE ATTAC KS WILL INVOLVE IOT
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE CLOUDSECURITYALLIANCE SE C U RITY P RO FE SSIONA LS NE E D T O E VO LVE
1 9 ACT IVE WORKING G ROUPS 2009 CSA FOUNDED SIN GAPOR E // ASIA PAC IFIC H EAD QU AR TER S ED IN BU R GH // UK HEADQUARTERS SEATTLE/BELLIN GH AM, W A // U S H EAD QU AR TER S 9 0 , 0 0 0 + INDIVIDUAL MEMBERS 300+ CORPORAT E MEMBERS 75+ CHAPT ERS Strategic partnerships with governments, research institutions, professional associations and industry CSA research is FREE! OUR COMMUNITY
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 8 RESEARCH FOR THE INDUSTRY • CSA HAS PRODUCED OVER 165 RESEARCH ARTIFACTS • WE HAVE A TOTAL OF 34 RESEARCH WORKING GROUPS (26 CURRENTLY ACTIVE) • OVER 4500 SUBJECT MATTER EXPERTS PARTICIPATE HAVE BEEN INVOLVED • 50+ CONFERENCES IN 2018 * DOES NOT INCLUDED SOME REGIONAL RESEARCH, CCM MAPPINGS ACTIVITIES, GRANT DELIVERABLES, COMMISSIONED PROJECTS,
9 INDUSTRY COLLABORATION FORMAL: • ISO/IEC JTC 1 – IT AND CLOUD SECURITY TECHNIQUES • ITU-T – PROCEDURES AND STANDARDS IN TELECOM • IEEE – CYBERSECURITY AND PRIVACY STANDARDS COMMITTEE • NIST – CLOUD SECURITY WORKING GROUP • FCC - TECHNOLOGICAL ADVISORY COMMITTEE ON IOT • DISA DODIN (GIG) – CLOUD COMPUTING SERVICES GUIDANCE • DOD IC - CLOUD COMPUTING STANDARDS FOCUS GROUP • ATIS - PACKET TECHNOLOGY AND SYSTEMS COMMITTEE ON 5G • CIS – CLOUD SECURITY BENCHMARKS • CLOUD SECURITY INDUSTRY SUMMIT – EXECUTIVE COUNCIL OF CLOUD • ENISA – EU FUNDED RESEARCH ON RISK, INTEROPERABILITY, SLAS, AND MORE • ISC2 – TRAINING AND EDUCATION PARTNER FOR CLOUD SECURITY CERTIFICATION • ISACA – CONTINUING EDUCATION PARTNER FOR IT CERTIFICATION • CSA CORPORATE MEMBERS – COMMISSIONED WORK TO EXPLORE TRENDING TOPICS • AND MANY OTHERS INFORMAL: MPAA, SECURITY SMART CITIES, US FEDERAL HIGHWAY ADMINISTRATION, HIMSS, HC3, FFIEC, FDIC, OCC, EBA, AND MORE
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE • COMMON FRAMEWORK FOR TECHNOLOGY, IS MANAGEMENT • ASSESSES THE OVERALL SECURITY RISK OF A CLOUD SERVICE • PROVIDES STANDARDIZED SECURITY, OPERATIONAL RISK MANAGEMENT • HARMONIZES TO SECURITY STANDARDS AND COMPLIANCE FRAMEWORKS CLOUD SECURITY CONTROLS • QUESTIONS TO ENABLE CLOUD COMPUTING ASSESSMENTS • ESTABLISH THE PRESENCE AND TESTING OF SECURITY CONTROLS • DISCOVER PRESENCE OF SECURITY CAPABILITIES AND GAPS • DOCUMENT SECURITY CONTROLS IN IAAS, PAAS, SAAS PROVIDER ASSESSMENT QUESTIONS • PROVIDER LISTING OF SECURITY CONTROLS • TRANSPARENCY, AUDITING, AND HARMONIZATION OF STANDARDS • LEVEL OF ASSURANCE MEETING REQUIREMENTS • INDUSTRY ACCEPTABLE PROVIDER ASSESSMENT REPORTS • SOLUTION TO HELP ORGANIZATIONS MANAGE COMPLIANCE • ASSIGN MATURITY AND RELEVANCE SCORING • PROVISION AND MANAGE USER ACCESS TO ASSESSMENTS • COMPARE ASSESSMENTS BASED ON COMMON CRITERIA CLOUD SOLUTIONS MANAGEMENT DASHBOARD T O O L S F O R D U E D I L I G E N C E
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE About Security Guidance V4• FUNDAMENTAL CLOUD SECURITY RESEARCHTHAT STARTED CSA • 4TH VERSION, RELEASED JULY 2017 • ARCHITECTURE • GOVERNING INTHE CLOUD • GOVERNANCE AND ENTERPRISE RISK MANAGEMENT • LEGAL • COMPLIANCE & AUDIT MANAGEMENT • INFORMATION GOVERNANCE • OPERATING INTHE CLOUD • MANAGEMENT PLANE & BUSINESS CONTINUITY • INFRASTRUCTURE SECURITY • VIRTUALIZATION & CONTAINERS • INCIDENT RESPONSE • APPLICATION SECURITY • DATA SECURITY & ENCRYPTION • IDENTITY MANAGEMENT • SECURITY AS A SERVICE • RELATEDTECHNOLOGIES
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCECOPYRIGHT © 2018 CLOUD SECURITY ALLIANCE Active Working Groups • BLOCKCHAIN/DISTRIBUTED LEDGER • CLOUD CYBER INCIDENT SHARING • CLOUD COMPONENT SPECIFICATIONS • CLOUD CONTROLS MATRIX • CLOUD SECURITY SERVICES MANAGEMENT • CONSENSUS ASSESSMENTS • CONTAINERS AND MICROSERVICES • ENTERPRISE ARCHITECTURE • ERP SECURITY • FINANCIAL SERVICES • INTERNET OF THINGS • MOBILE • OPEN CERTIFICATION • PRIVACY LEVEL AGREEMENT • QUANTUM-SAFE SECURITY • SECURITY AS A SERVICE • SECURITY GUIDANCE • SOFTWARE DEFINED PERIMETER • TOP THREATS
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCECOPYRIGHT © 2018 CLOUD SECURITY ALLIANCE Paused Working Groups • BIG DATA • CLOUD DATA CENTER SECURITY • CLOUD DATA GOVERNANCE • HEALTH INFORMATION MANAGEMENT • INCIDENT MANAGEMENT AND FORENSICS • SAAS GOVERNANCE
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCECOPYRIGHT © 2018 CLOUD SECURITY ALLIANCE Dormant Working Groups • CLOUDAUDIT • CLOUDTRUST • CLOUDTRUST PROTOCOL • CLOUD VULNERABILITIES • INNOVATION • LEGAL • OPEN API • TELECOM • VIRTUALIZATION
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 1 5 CREATING GUIDANCE AND SECURITY CONTROLS FOR NEW TYPES OF DEVICES, SYSTEMS, AND DATA. INTERNET OF THINGS STRIVES TO AUTOMATE SECURITY TASKS BY EMBEDDING SECURITY INTO THE DEVOPS WORKFLOW. DEV(SEC)OPS PROMISES TO TRANSFORM SOCIETY ON THE SCALE OF THE INDUSTRIAL REVOLUTION BEFORE IT. BIG DATA, AI, AUTOMATION ORCHESTRATION, INTEROPERABILITY, CONNECTIVITY AND ANALYTICS AT THE EDGE.. FOG COMPUTING TO SOLVE THE PROBLEM OF STOPPING NETWORK ATTACKS ON APPLICATION INFRASTRUCTURE THE SDP WORKGROUP DEVELOPED A CLEAN SHEET APPROACH THAT COMBINES ON DEVICE AUTHENTICATION, IDENTITY- BASED ACCESS AND DYNAMICALLY PROVISIONED CONNECTIVITY. SOFTWARE DEFINED PERIMETER ACTED AS A DIGITAL LEDGER FOR CRYPTOCURRENCY BUT CAN NOW BE APPLIED IN NEW USE CASES. BLOCKCHAIN
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 201 8 RE SE A RCH RE LE A SES APPLICATION CONTAINERS AND MICROSERVICES NIST Guidance for Containers and Microservices CLOUD CONTROLS MATRIX (CCM) Mapping Methodology ISO 27001, 27002, 27017, 27018 ENTERPRISE RESOURCE PLANNING State of ERP Security in the Cloud TOP THREATS Deep Dive Analysis INTERNET OF THINGS Blockchain for the IoT CYBER INCIDENT SHARING Best Practices for Cyber Incident Exchange
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 201 8 RE SE A RCH RE LE A SES HEALTH INFORMATION MANAGEMENT State of Cloud in Healthcare SOFTWARE DEFINED PERIMETER (SDP) SDP Architecture Overview Document Glossary of SDP Terminology Awareness Poll/Survey (infographic) QUANTUM SAFE SECURITY A Day without RSA Whitepaper Quantum Safe Security Awareness Post Quantum Cryptography
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 201 8 RE SE A RCH RE LE A SES NEW WORKING GROUPS ARTIFICIAL INTELLIGENCE DEVOPS CLOUD DATA GOVERNANCE • Data Classification HEALTHCARE INTERNET OF THINGS • Fog Computing
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 201 8 R E SE A R CH RE LE A SES SECURITY AS A SERVICE SecaaS Categories of Services Document V.2 CASB Implementation Guidance CLOUD SECURITY CONTROLS FRAMEWORK (CCM) AICPA TSP 2017 NIST SP 800-53 Rev 5 Candidate Mapping CONTAINERS AND MICROSERVICES NIST 800 Level Document w/ Use Cases INTERNET OF THINGS IoT Security Controls for the Enterprise OPEN CERTIFICATION FRAMEWORK Benefits of STAR STAR Level 3 (Continuous Monitoring) FINANCIAL SERVICES Key Management for SaaS Entitlement Management Risk Assessment Guide
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 201 8 R E SE A R CH RE LE A SES SOFTWARE DEFINED PERIMETER (SDP) State of SDP SDP Specification v2.0 ENTERPRISE RESOURCE PLANNING IaaS considerations for implementing ERP COMMISSIONED RESEARCH GDPR Survey BLOCKCHAIN Use Cases for Blockchain
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE U SE FU L C SA LINKS CLOUD CONTROLS MATRIX (CCM) https://cloudsecurityalliance.org/group/cloud-controls-matrix/ CONSENSUS ASSESSMENT INITIATIVE QUESTIONNAIRE (CAIQ) https://cloudsecurityalliance.org/group/consensus-assessments/ CSA STAR (Security, Trust and Assurance Registry), Provider Assurance Program https://cloudsecurityalliance.org/star/ CSA CloudBytes Channel https://cloudsecurityalliance.org/research/cloudbytes/#_overview STARWatch https://cloudsecurityalliance.org/star/watch/ DOWNLOAD CSA RESEARCH ARTIFACTS https://cloudsecurityalliance.org/download
COPYRIGHT © 2018 CLOUD SECURITY ALLIANCE 22 T H A N K Y O U Let’s Connect Email: lsantos@cloudsecurityalliance.org Twitter: @CSAResearchGuy LinkedIn: https://linkedin.com/in/lucianojrsantos Our Workgroups: www.cloudsecurityalliance.org/research Learn: www.cloudsecurityalliance.org/research/cloudbytes Download: www.cloudsecurityalliance.org/download

More Related Content

PDF
Five Big Bets in a Blockchain World (June 2018)
byMike Wons
 
PDF
Blockchain - ISG Future Network Summit Presentation, 2018
byAlex Manders
 
PDF
Network Security‬ and Big ‪‎Data Analytics‬
byAllot Communications
 
PDF
Security, Compliance and Cloud - Jelecos
byErin_Jelecos
 
PDF
Cyber response to insider threats 3.1
byDavid Spinks
 
PPT
Growing need for cyber security
byGAVS Technologies
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
byMITRE - ATT&CKcon
 
PPT
RSA大会2009-2010分析
byJordan Pan
 
Five Big Bets in a Blockchain World (June 2018)
byMike Wons
 
Blockchain - ISG Future Network Summit Presentation, 2018
byAlex Manders
 
Network Security‬ and Big ‪‎Data Analytics‬
byAllot Communications
 
Security, Compliance and Cloud - Jelecos
byErin_Jelecos
 
Cyber response to insider threats 3.1
byDavid Spinks
 
Growing need for cyber security
byGAVS Technologies
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
byMITRE - ATT&CKcon
 
RSA大会2009-2010分析
byJordan Pan
 

What's hot

PDF
Webinar: Securing Mobile Banking Apps
byWultra
 
PDF
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
byTaiye Lambo
 
PDF
Digital Energy 2018 Day 2
byRay Bugg
 
PDF
Cybersecurity Threats - NI Business Continuity Forum
byDavid Crozier
 
PDF
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
PDF
Luncheon 2016-04-21- Data Security and Privacy Issues in Cloud Contracts by R...
byNorth Texas Chapter of the ISSA
 
PPTX
PCM Vision 2019 Keynote: Gary Miglicco
byPCM
 
PDF
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
bySplunk
 
PPTX
GDPR Complaince: Don't Let SIEM BE Your Downfall
bySplunk
 
PPTX
GDPR Compliance: The challenge for HR and how Cezanne HR helps
byCezanne HR
 
PDF
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
byMITRE - ATT&CKcon
 
PDF
Finsec innov-acts-open banking-london080319-4web
byinnov-acts-ltd
 
PPTX
Threat Intelligence Market
byDatsun Arnold
 
PDF
Accelerating Digital Leadership
byM2M Alliance e.V.
 
PDF
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
byMITRE - ATT&CKcon
 
PDF
Implementing a Security Management Framework
byJoseph Wynn
 
PDF
The 2018 Threat Landscape
byColloqueRISQ
 
PPTX
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
bySplunk
 
Webinar: Securing Mobile Banking Apps
byWultra
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
byTaiye Lambo
 
Digital Energy 2018 Day 2
byRay Bugg
 
Cybersecurity Threats - NI Business Continuity Forum
byDavid Crozier
 
Identity Live Singapore: Transform Your Cybersecurity Capability
byForgeRock
 
Luncheon 2016-04-21- Data Security and Privacy Issues in Cloud Contracts by R...
byNorth Texas Chapter of the ISSA
 
PCM Vision 2019 Keynote: Gary Miglicco
byPCM
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
bySplunk
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
bySplunk
 
GDPR Compliance: The challenge for HR and how Cezanne HR helps
byCezanne HR
 
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
byMITRE - ATT&CKcon
 
Finsec innov-acts-open banking-london080319-4web
byinnov-acts-ltd
 
Threat Intelligence Market
byDatsun Arnold
 
Accelerating Digital Leadership
byM2M Alliance e.V.
 
MITRE ATT&CKcon 2.0: attckr - A Toolkit for Analysis and Visualization of ATT...
byMITRE - ATT&CKcon
 
Implementing a Security Management Framework
byJoseph Wynn
 
The 2018 Threat Landscape
byColloqueRISQ
 
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
bySplunk
 

Similar to Charting the Course Through Disruption with CSA Research

PPTX
093049ov4.pptx
byNguyenNM
 
PDF
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
byCloud Security Alliance Lviv Chapter
 
PDF
Presd1 10
byNiels Groeneveld
 
PDF
EuroCACS 2016 There are giants in the sky
byCarlos Chalico
 
PDF
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
byUnited States Cybersecurity Institute (USCSI®)
 
PDF
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
byUnited States Cybersecurity Institute (USCSI®)
 
PPTX
Unc charlotte prezo2016
bySanjay R. Gupta
 
PPT
2011 Digital Summit - Not So Cloudy - Agcaoili
byPhil Agcaoili
 
PPTX
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
byKhazret Sapenov
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PDF
The state of the cloud csa survey webinar
byAlgoSec
 
PDF
G-Clouds Architecture and Security (fragment of course materials)
byВячеслав Аксёнов
 
PPTX
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
PDF
Resetting Your Security Thinking for the Public Cloud
byMighty Guides, Inc.
 
PDF
CCSK, cloud security framework, Indonesia
byWise Pacific Venture
 
PDF
Cloud Security 101 by Madhav Chablani
byOWASP Delhi
 
PPT
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
PDF
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
byNorm Barber
 
PDF
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
byUnifyCloud
 
093049ov4.pptx
byNguyenNM
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
byCloud Security Alliance Lviv Chapter
 
Presd1 10
byNiels Groeneveld
 
EuroCACS 2016 There are giants in the sky
byCarlos Chalico
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
byUnited States Cybersecurity Institute (USCSI®)
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
byUnited States Cybersecurity Institute (USCSI®)
 
Unc charlotte prezo2016
bySanjay R. Gupta
 
2011 Digital Summit - Not So Cloudy - Agcaoili
byPhil Agcaoili
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
byKhazret Sapenov
 
Cloud Security
byAWS User Group Bengaluru
 
Cloud Security
byAWS User Group Bengaluru
 
The state of the cloud csa survey webinar
byAlgoSec
 
G-Clouds Architecture and Security (fragment of course materials)
byВячеслав Аксёнов
 
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
Resetting Your Security Thinking for the Public Cloud
byMighty Guides, Inc.
 
CCSK, cloud security framework, Indonesia
byWise Pacific Venture
 
Cloud Security 101 by Madhav Chablani
byOWASP Delhi
 
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
byNorm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
byUnifyCloud
 

Recently uploaded

PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Workflow and decision Automation with Flowable
bychakib ch
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 

Charting the Course Through Disruption with CSA Research

  • 1.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE CHARTING THE COURSE THROUGH DISRUPTION WITH CSA RESEARCH J.R. SANTOS, EXECUTIVE VICE PRESIDENT OF RESEARCH
  • 2.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE I O T C O N N E C T E D D E V I C E S B Y 2 0 2 0 The total number of “things” in the Internet of Things (IoT) is forecast to reach 20.4 billion in 2020, which is lower than Gartner’s previous prediction of 20.8 billion, published in 2015. The consumer segment is tipped to make up 63 per cent of the total IoT application market in 2017 with 5.2 billion units. Businesses are on pace to employ 3.1 billion connected things in 2017. 20.4B 3 1 % UP FROM 2016 8 . 4 B FOR EC AST IN 2017 TITLE GOES H ER E Quis nostrud exercitation.
  • 3.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE T HE ZET TABYTE E RA The document presents some of the main findings of Cisco’s global IP traffic forecast and explores the implications of IP traffic growth for service providers.
  • 4.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE “The cyber security industry faces a massive problem: there are simply not enough highly-skilled cyber security professionals. This is already a massive issue, but fast-forward to 2020 and the shortfall is expected to reach 1.5 million” - ISC2 Workforce Study EX IST ING EMPLOYEES CAN’ T KEEP UP WIT H T HE CHANG ES IN OUR INDUST RY COLLEG E G RADUAT ES LACK T HE SKILL AND EX PERIENCE 1 .5 M ILLION C Y BE R SE C U RITY P RO FE SSIONA LS NE E D E D BY 2020
  • 5.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE O UR ENVIRO NMENT IN C HANG ING TH E R EGU LATOR Y & STAN D AR D S LAN D SC APE W ILL C H AN GE AN D BEC OME MOR E C OMPLEX N EW ATTAC K SU R FAC ES TEC H N OLOGY LAN D SC APE C H AN GES R APID LY D ATA W ILL C ON TIN U E TO EXPLOD E 9 9 % TH R OU GH 2020, 99% OF VU LN ER ABILITIES EXPLOITED W ILL C ON TIN U E TO BE ON ES KN OW N BY SEC U R ITY AN D IT PR OFESSION ALS FOR AT LEAST ON E YEAR . 33.3 % BY 2020, A TH IR D OF SU C C ESSFU L ATTAC KS EXPER IEN C ED BY EN TER PR ISES W ILL BE ON TH EIR SH AD OW IT R ESOU R C ES 8 . 3 % GR OW TH R ATE FOR IN FOR MATION SEC U R ITY SPEN D . FOR C ASTED TO BR EAK 101 B BY 2020 2 5 % BY 2020, MOR E TH AN 25% OF ID EN TIFIED EN TER PR ISE ATTAC KS WILL INVOLVE IOT
  • 6.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE CLOUDSECURITYALLIANCE SE C U RITY P RO FE SSIONA LS NE E D T O E VO LVE
  • 7.
    1 9 ACT IVEWORKING G ROUPS 2009 CSA FOUNDED SIN GAPOR E // ASIA PAC IFIC H EAD QU AR TER S ED IN BU R GH // UK HEADQUARTERS SEATTLE/BELLIN GH AM, W A // U S H EAD QU AR TER S 9 0 , 0 0 0 + INDIVIDUAL MEMBERS 300+ CORPORAT E MEMBERS 75+ CHAPT ERS Strategic partnerships with governments, research institutions, professional associations and industry CSA research is FREE! OUR COMMUNITY
  • 8.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 8 RESEARCH FOR THE INDUSTRY • CSA HAS PRODUCED OVER 165 RESEARCH ARTIFACTS • WE HAVE A TOTAL OF 34 RESEARCH WORKING GROUPS (26 CURRENTLY ACTIVE) • OVER 4500 SUBJECT MATTER EXPERTS PARTICIPATE HAVE BEEN INVOLVED • 50+ CONFERENCES IN 2018 * DOES NOT INCLUDED SOME REGIONAL RESEARCH, CCM MAPPINGS ACTIVITIES, GRANT DELIVERABLES, COMMISSIONED PROJECTS,
  • 9.
    9 INDUSTRY COLLABORATION FORMAL: • ISO/IEC JTC1 – IT AND CLOUD SECURITY TECHNIQUES • ITU-T – PROCEDURES AND STANDARDS IN TELECOM • IEEE – CYBERSECURITY AND PRIVACY STANDARDS COMMITTEE • NIST – CLOUD SECURITY WORKING GROUP • FCC - TECHNOLOGICAL ADVISORY COMMITTEE ON IOT • DISA DODIN (GIG) – CLOUD COMPUTING SERVICES GUIDANCE • DOD IC - CLOUD COMPUTING STANDARDS FOCUS GROUP • ATIS - PACKET TECHNOLOGY AND SYSTEMS COMMITTEE ON 5G • CIS – CLOUD SECURITY BENCHMARKS • CLOUD SECURITY INDUSTRY SUMMIT – EXECUTIVE COUNCIL OF CLOUD • ENISA – EU FUNDED RESEARCH ON RISK, INTEROPERABILITY, SLAS, AND MORE • ISC2 – TRAINING AND EDUCATION PARTNER FOR CLOUD SECURITY CERTIFICATION • ISACA – CONTINUING EDUCATION PARTNER FOR IT CERTIFICATION • CSA CORPORATE MEMBERS – COMMISSIONED WORK TO EXPLORE TRENDING TOPICS • AND MANY OTHERS INFORMAL: MPAA, SECURITY SMART CITIES, US FEDERAL HIGHWAY ADMINISTRATION, HIMSS, HC3, FFIEC, FDIC, OCC, EBA, AND MORE
  • 10.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE • COMMON FRAMEWORK FOR TECHNOLOGY, IS MANAGEMENT • ASSESSES THE OVERALL SECURITY RISK OF A CLOUD SERVICE • PROVIDES STANDARDIZED SECURITY, OPERATIONAL RISK MANAGEMENT • HARMONIZES TO SECURITY STANDARDS AND COMPLIANCE FRAMEWORKS CLOUD SECURITY CONTROLS • QUESTIONS TO ENABLE CLOUD COMPUTING ASSESSMENTS • ESTABLISH THE PRESENCE AND TESTING OF SECURITY CONTROLS • DISCOVER PRESENCE OF SECURITY CAPABILITIES AND GAPS • DOCUMENT SECURITY CONTROLS IN IAAS, PAAS, SAAS PROVIDER ASSESSMENT QUESTIONS • PROVIDER LISTING OF SECURITY CONTROLS • TRANSPARENCY, AUDITING, AND HARMONIZATION OF STANDARDS • LEVEL OF ASSURANCE MEETING REQUIREMENTS • INDUSTRY ACCEPTABLE PROVIDER ASSESSMENT REPORTS • SOLUTION TO HELP ORGANIZATIONS MANAGE COMPLIANCE • ASSIGN MATURITY AND RELEVANCE SCORING • PROVISION AND MANAGE USER ACCESS TO ASSESSMENTS • COMPARE ASSESSMENTS BASED ON COMMON CRITERIA CLOUD SOLUTIONS MANAGEMENT DASHBOARD T O O L S F O R D U E D I L I G E N C E
  • 11.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE About Security Guidance V4• FUNDAMENTAL CLOUD SECURITY RESEARCHTHAT STARTED CSA • 4TH VERSION, RELEASED JULY 2017 • ARCHITECTURE • GOVERNING INTHE CLOUD • GOVERNANCE AND ENTERPRISE RISK MANAGEMENT • LEGAL • COMPLIANCE & AUDIT MANAGEMENT • INFORMATION GOVERNANCE • OPERATING INTHE CLOUD • MANAGEMENT PLANE & BUSINESS CONTINUITY • INFRASTRUCTURE SECURITY • VIRTUALIZATION & CONTAINERS • INCIDENT RESPONSE • APPLICATION SECURITY • DATA SECURITY & ENCRYPTION • IDENTITY MANAGEMENT • SECURITY AS A SERVICE • RELATEDTECHNOLOGIES
  • 12.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCECOPYRIGHT © 2018 CLOUD SECURITY ALLIANCE Active Working Groups • BLOCKCHAIN/DISTRIBUTED LEDGER • CLOUD CYBER INCIDENT SHARING • CLOUD COMPONENT SPECIFICATIONS • CLOUD CONTROLS MATRIX • CLOUD SECURITY SERVICES MANAGEMENT • CONSENSUS ASSESSMENTS • CONTAINERS AND MICROSERVICES • ENTERPRISE ARCHITECTURE • ERP SECURITY • FINANCIAL SERVICES • INTERNET OF THINGS • MOBILE • OPEN CERTIFICATION • PRIVACY LEVEL AGREEMENT • QUANTUM-SAFE SECURITY • SECURITY AS A SERVICE • SECURITY GUIDANCE • SOFTWARE DEFINED PERIMETER • TOP THREATS
  • 13.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCECOPYRIGHT © 2018 CLOUD SECURITY ALLIANCE Paused Working Groups • BIG DATA • CLOUD DATA CENTER SECURITY • CLOUD DATA GOVERNANCE • HEALTH INFORMATION MANAGEMENT • INCIDENT MANAGEMENT AND FORENSICS • SAAS GOVERNANCE
  • 14.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCECOPYRIGHT © 2018 CLOUD SECURITY ALLIANCE Dormant Working Groups • CLOUDAUDIT • CLOUDTRUST • CLOUDTRUST PROTOCOL • CLOUD VULNERABILITIES • INNOVATION • LEGAL • OPEN API • TELECOM • VIRTUALIZATION
  • 15.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 1 5 CREATING GUIDANCE AND SECURITY CONTROLS FOR NEW TYPES OF DEVICES, SYSTEMS, AND DATA. INTERNET OF THINGS STRIVES TO AUTOMATE SECURITY TASKS BY EMBEDDING SECURITY INTO THE DEVOPS WORKFLOW. DEV(SEC)OPS PROMISES TO TRANSFORM SOCIETY ON THE SCALE OF THE INDUSTRIAL REVOLUTION BEFORE IT. BIG DATA, AI, AUTOMATION ORCHESTRATION, INTEROPERABILITY, CONNECTIVITY AND ANALYTICS AT THE EDGE.. FOG COMPUTING TO SOLVE THE PROBLEM OF STOPPING NETWORK ATTACKS ON APPLICATION INFRASTRUCTURE THE SDP WORKGROUP DEVELOPED A CLEAN SHEET APPROACH THAT COMBINES ON DEVICE AUTHENTICATION, IDENTITY- BASED ACCESS AND DYNAMICALLY PROVISIONED CONNECTIVITY. SOFTWARE DEFINED PERIMETER ACTED AS A DIGITAL LEDGER FOR CRYPTOCURRENCY BUT CAN NOW BE APPLIED IN NEW USE CASES. BLOCKCHAIN
  • 16.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 201 8 RE SE A RCH RE LE A SES APPLICATION CONTAINERS AND MICROSERVICES NIST Guidance for Containers and Microservices CLOUD CONTROLS MATRIX (CCM) Mapping Methodology ISO 27001, 27002, 27017, 27018 ENTERPRISE RESOURCE PLANNING State of ERP Security in the Cloud TOP THREATS Deep Dive Analysis INTERNET OF THINGS Blockchain for the IoT CYBER INCIDENT SHARING Best Practices for Cyber Incident Exchange
  • 17.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 201 8 RE SE A RCH RE LE A SES HEALTH INFORMATION MANAGEMENT State of Cloud in Healthcare SOFTWARE DEFINED PERIMETER (SDP) SDP Architecture Overview Document Glossary of SDP Terminology Awareness Poll/Survey (infographic) QUANTUM SAFE SECURITY A Day without RSA Whitepaper Quantum Safe Security Awareness Post Quantum Cryptography
  • 18.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 201 8 RE SE A RCH RE LE A SES NEW WORKING GROUPS ARTIFICIAL INTELLIGENCE DEVOPS CLOUD DATA GOVERNANCE • Data Classification HEALTHCARE INTERNET OF THINGS • Fog Computing
  • 19.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 201 8 R E SE A R CH RE LE A SES SECURITY AS A SERVICE SecaaS Categories of Services Document V.2 CASB Implementation Guidance CLOUD SECURITY CONTROLS FRAMEWORK (CCM) AICPA TSP 2017 NIST SP 800-53 Rev 5 Candidate Mapping CONTAINERS AND MICROSERVICES NIST 800 Level Document w/ Use Cases INTERNET OF THINGS IoT Security Controls for the Enterprise OPEN CERTIFICATION FRAMEWORK Benefits of STAR STAR Level 3 (Continuous Monitoring) FINANCIAL SERVICES Key Management for SaaS Entitlement Management Risk Assessment Guide
  • 20.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 201 8 R E SE A R CH RE LE A SES SOFTWARE DEFINED PERIMETER (SDP) State of SDP SDP Specification v2.0 ENTERPRISE RESOURCE PLANNING IaaS considerations for implementing ERP COMMISSIONED RESEARCH GDPR Survey BLOCKCHAIN Use Cases for Blockchain
  • 21.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE U SE FU L C SA LINKS CLOUD CONTROLS MATRIX (CCM) https://cloudsecurityalliance.org/group/cloud-controls-matrix/ CONSENSUS ASSESSMENT INITIATIVE QUESTIONNAIRE (CAIQ) https://cloudsecurityalliance.org/group/consensus-assessments/ CSA STAR (Security, Trust and Assurance Registry), Provider Assurance Program https://cloudsecurityalliance.org/star/ CSA CloudBytes Channel https://cloudsecurityalliance.org/research/cloudbytes/#_overview STARWatch https://cloudsecurityalliance.org/star/watch/ DOWNLOAD CSA RESEARCH ARTIFACTS https://cloudsecurityalliance.org/download
  • 22.
    COPYRIGHT © 2018CLOUD SECURITY ALLIANCE 22 T H A N K Y O U Let’s Connect Email: lsantos@cloudsecurityalliance.org Twitter: @CSAResearchGuy LinkedIn: https://linkedin.com/in/lucianojrsantos Our Workgroups: www.cloudsecurityalliance.org/research Learn: www.cloudsecurityalliance.org/research/cloudbytes Download: www.cloudsecurityalliance.org/download