So far much of the effort has focused on organizing the group, while the real work still lies ahead, says Michael Sutton, vice president of security research at Zscaler and head of the working group. The Cloud Security Alliance (CSA) launched a Security as a Service working group at the RSA conference in February, to help organizations evaluate and implement security solutions provided via the SaaS model. So far much of the effort has focused on organizing the group, while the real work still lies ahead, says Michael Sutton, vice president of security research at Zscaler and head of the working group. CSA’s stated mission is to promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing. The first part of the mission focuses on security technologies developed in the cloud, Sutton says, while the second focuses on leveraging the cloud to deliver security to other organizations — security that was traditionally delivered via software and appliances. “To date, CSA has primarily focused on the first part of the mission statement,” Sutton says. The working group will focus on the second part. He says there’s no shortage of companies claiming to deliver security via a SaaS model, “however, there has been very little done to define [security as a service] and establish best practices. We aim to change that.” Specifically, the working group will attempt to identify consensus definitions of what security as a service means, categorize the different types of security as a service offerings, and provide guidance to organizations on reasonable implementation practices. In terms of a timeline, the goal is to have service categories identified and adoption statistics presented by April, a subject matter expert guide completed by July, and a final implementation guidance draft ready by September. More on cloud computing and security Cloud security predictions for 2011 Cloud Security Alliance updates controls matrix Survey finds companies still struggling with cloud security Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe