CSA releases new IAM guidance

The Cloud Security Alliance says its guidance report on Identity Access Management is the first of 10 components that make up the Defined Categories of Security as a Service (SecaaS) in the cloud environment.

The Cloud Security Alliance (CSA) yesterday unveiled its guidance report on Identity Access Management. It's the first of 10 components that make up the Defined Categories of Security as a Service (SecaaS) in the cloud environment.  

This is the latest in a string of reports CSA has been releasing. The others are outlined in the following posts:

Cloud Security Alliance releases 'Mobile Device Management: Key Components, V1.0'

Cloud Security Alliance set to unleash 20-plus research and guidance reports

The categories were identified by the CSA SecaaS Working Group last year with the goal of defining the best practices in the design, development, assessment and implementation of SecaaS in the cloud environment.

"The IAM Implementation Guidance Report discusses the significant benefits and technical decisions that need to be considered by an organization seeking or considering implementing the IAM component of SecaaS in the cloud," a CSA spokesperson told me by email.  "It also includes information on the requirements of secure Identity and Access Management and the tools in use to provide IAM security in the cloud. Ultimately it is meant to serve as a source for best practices in the industry today."

The report outlines the following IAM components:

--Centralized Directory Services

--Access Management Services

--Identity Management Services

--Identity Management Services

--Role-Based Access Control Services

--User Access Certification Services

--Privileged User and Access Management

--Separation of Duties Services

--Identity and Access Reporting Services

The spokesperson said guidance for the remaining nine categories will be released at the CSA Summit at RSA Europe Oct. 8.  Categories to be released include: Data Loss Prevention, Web Security, Email Security, Security Assessments, Intrusion Management, Security Information and Event Management (SIEM), Encryption, Business Continuity and Disaster Recovery and Network Security.

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies