As one of the 3 co-editors of the guidance I am pleased to have supported the effort to release the Cloud Security Alliance Guidance Version 3, as announced on Nov 16, 2011 at the CSA Congress held in Orlando, FL.
Chris Rezek of McKinsey, and Paul Simmonds, board member and founder of the Jericho Forum, were my co-editors, but the effort involved nearly 50 individuals from across the globe, including of course Jim Reavis, the executive director of the CSA, the development team including Luciano Santos, Amy Van Antwerp, all the authors of the sections, and many, many more.
As noted in the press release, Version 3 of the CSA "Security Guidance for Critical Areas of Focus in Cloud Computing" seeks to establish a stable, secure baseline for cloud operations
The V3 effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Key updates in Version 3 include:
- The domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.
- The guidance assumes a structural maturity in parallel with multinational cloud standards development in both structure and content.
- The extension of content included in previous versions, with practical recommendations and requirements that can be measured and audited.
- The addition of Domain 14 – Security as a Service
See the press release here: https://cloudsecurityalliance.org/csa-news/csa-rel
The original version of the guidance was released in April 2009, and Version 2.1 was released in January 2010.
You can download the V3 guidance here: https://cloudsecurityalliance.org/research/initiat