Cloud Security Alliance

1. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Global Site : https://cloudsecurityalliance.org

2. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
CSA Mission and Australian Objectives
Corporate Sponsors
Benefits to Member and Sponsors
Research Framework and Portfolio
Certifications CCSK, OCF, STAR
Australian Membership Profile
Opportunities for Sponsors

3. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Mission
To promote the use of best
practices for providing
security assurance within
Cloud Computing, and
provide education on the
uses of Cloud Computing
to help secure all other
forms of computing.
Objectives
Established with the aim of
bringing trust to the cloud
Develop a global trusted cloud
ecosystem
Building best practices and
standards for next-gen IT
Grounded in an agile philosophy,
rapid development of applied
research that supports all
activities

4. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
1. To provide opportunities for Australian cloud vendors and consumers
1. to acquire and share information,
2. establish common language and interpretation,
3. form best practices on cloud security in both the provision and usage
2. To provide Cloud Security Certification & Training Programs, Access to Global
research and thought leadership content
3. To participate in CSA Global & APAC activities as the Australia chapter
1. to provide input from Australian stakeholders to CSA frameworks
2. to share with Australian stakeholders outputs from CSA Global

5. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

6. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Research Framework and Projects
Impact of Research to Stakeholders
User Certifications (CCSK)
Trusted Provider Certifications
OCF for Vendors

7. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
CSA research is organized
under a framework based
on CSA Security Guidance
for Critical Area of Focus in
Cloud Computing
Total of 14 domains
organised under 3 key
areas of focus –
Architecture, Governance
and Operational Security

8. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Our research includes
fundamental projects needed
to define and implement trust
within the future of information
technology
CSA continues to be
aggressive in producing critical
research, education and tools
Sponsorship opportunities
Selected research projects in
following areas

9. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

10. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
The industry’s first user certification
program for secure cloud computing
Based on CSA research framework,
specifically the Security Guidance for
Critical Area of Focus in Cloud Computing
Designed to ensure that a broad range of
professionals with responsibility related to
cloud computing have a demonstrated
awareness of the security threats and best
practices for securing the cloud

11. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
CCSK Basic
One day course to enable student to pass CCSK
CCSK Plus
Two day course includes practical cloud lab work
CCSK Train-the-Trainer
Three day course including CCSK Plus
GRC Stack Training
Additional one day course to use GRC Stack components
PCI/DSS In the Cloud
Additional one day course focusing on achieving PCI compliance in cloud
computing
http://cloudsecurityalliance.org/education/training/

12. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
The CSA Open Certification Framework is an
industry initiative to allow global, accredited,
trusted certification of cloud providers.
The CSA Open Certification Framework is a
program for flexible, incremental and multi-
layered certification
Based on CSA best practices
Integrating with popular third-party assessment
and attestation statements, initially ISO 27001
& AICPA SSAE16 (SOC2)
Pilots in progress, will be released Q3 2013
under the STAR brand

13. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
OPEN CERTIFICATION FRAMEWORK
CONTINUOUS
ATTESTATION | CERTIFICATION
SELF ASSESSMENT
TRANSPERANCY
ASSURANCE
CSA STAR (Security, Trust and Assurance Registry)
Public Registry of Cloud Provider self assessments

14. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Key locations are
sydney, melbourne
and brisbane
Cloud security issues is
Senior management
focus
Key member
occupation is IT
mgm and Consulting
firms looking for
information

15. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Information dissemination/sharing to
Australian IT marketplace
CSA Supported Research and Investigation
Local deployment of CSA Businesses
Research of Cloud Security Practices in
Australia businesses
Communications plan for stakeholders

16. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Appendix

17. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
 Information dissemination/sharing to Australian
IT marketplace
1. Exposure through Web pages
2. Sharing of CSA messages /outputs to marketplace
3. Development, authoring and provision of white papers, reports and
presentations
4. Organizing and presenting seminars, workshops and symposia
 Benefits for Corporate Sponsors: Exposure
1. Listing names and logos on CSA Australia Web pages
2. Corporate and individual names on CSA Australia outputs e.g. translations
and reports as contributors
3. Eligible for sponsorship and presentation in CSA Australia events
• Conferences, Workshop , Webinars

18. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
 Communications plan for
stakeholders
1. Edm mail & Enewsletters given to
members via database/mailing list:
 CSA-Australia Chapter activities
and information for members
 News and announcements from
CSA global, APAC and EMEA
 Other Australian Cloud + Security
Industry news, thought leadership
topics and events reports
 Other Stakeholder
initiatives
1. RSS feeds from Cloud Security
ecosystems,
2. Social Media Engagement and
collaboration
3. Branch Meetings with Sponsors
support
4. Briefing of CCSK, STAR and OCF
and other CSA training courses
 Benefits for Corporate Sponsors: Exposure

19. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
 CSA Supported Research and Investigation
1. Local workgroups and sections with focus on Australian issues
Healthcare, Finance, Users, Certification/Audits, Mobile
2. Participating in CSA Global and APAC workgroups
3. Local interpretation, implementation and deployment of CSA global outputs
4. Development and implementation of best practices to apply CSA materials to
Australia
 Benefits for Corporate Sponsors: Retrieval of
up-to-dated information
1. Interaction with thought leaders thru WG and sections
2. Corporate and individual names on CSA-Australia communications

20. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
 Local deployment of CSA Businesses
1. Local training deployment and exams for CCSK
2. Local site development and operation of STAR
3. Local implementation and global alignment of OCF
4. Promotion of CSA outputs including Guidance and CCM
 Benefits for Corporate Sponsors: Opportunities
engage and reward members
1. Discounts on exams and trainings for CCSK (planned)
2. Eligible to STAR participation and result upload
3. Priorities in OCF and relevant consultation (planned)

21. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
 Research of Cloud Security Practices in
Australia businesses
1. SLA development suitable for Australian business practices
2. 3rd evaluation of cloud security and its practical model development (OCF)
3. Classification of security requirements & best practices aligned to Australian
legal regulations
 Benefits for Corporate Sponsors: Participation in industrial standards
development, Acquiring technical competence
1. Participating in development of standards, guidelines and reference models
2. Socialising and networking with top-level leaders in the IT industry
3. Credits provision of corporate/staff on reports, guidelines and reference models
4. Opportunities to present at in the events by Cloud Security participants

22. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance

23. www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
AIIA
ACS
AISA
Auscert
ISACA
(ISC)2
Engaged and working with Cloud Security SIGs
Engaged and working with Cloud Security SIGs
Attendance at their conferences
Attendance at CSO stand (membership drive)
Conference attendance and key speaking slot
Conference attendance and key speaking slot