The Cloud Security Alliance says its guidance report on Identity Access Management is the first of 10 components that make up the Defined Categories of Security as a Service (SecaaS) in the cloud environment. The Cloud Security Alliance (CSA) yesterday unveiled its guidance report on Identity Access Management. It’s the first of 10 components that make up the Defined Categories of Security as a Service (SecaaS) in the cloud environment. This is the latest in a string of reports CSA has been releasing. The others are outlined in the following posts: Cloud Security Alliance releases ‘Mobile Device Management: Key Components, V1.0’ Cloud Security Alliance set to unleash 20-plus research and guidance reports The categories were identified by the CSA SecaaS Working Group last year with the goal of defining the best practices in the design, development, assessment and implementation of SecaaS in the cloud environment. “The IAM Implementation Guidance Report discusses the significant benefits and technical decisions that need to be considered by an organization seeking or considering implementing the IAM component of SecaaS in the cloud,” a CSA spokesperson told me by email. “It also includes information on the requirements of secure Identity and Access Management and the tools in use to provide IAM security in the cloud. Ultimately it is meant to serve as a source for best practices in the industry today.” The report outlines the following IAM components: –Centralized Directory Services –Access Management Services –Identity Management Services –Identity Management Services –Role-Based Access Control Services –User Access Certification Services –Privileged User and Access Management –Separation of Duties Services –Identity and Access Reporting Services The spokesperson said guidance for the remaining nine categories will be released at the CSA Summit at RSA Europe Oct. 8. Categories to be released include: Data Loss Prevention, Web Security, Email Security, Security Assessments, Intrusion Management, Security Information and Event Management (SIEM), Encryption, Business Continuity and Disaster Recovery and Network Security. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe