CSA publishes State of Cloud Security report

The Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud-computing environment, recently released its State of Cloud Security 2018.

The report, authored by the CSA Global Enterprise Advisory Board, examines such areas as the adoption of cloud and related technologies, what both enterprise and cloud providers are doing to ensure security requirements are met, how to best work with regulators, the evolving threat landscape, and the industry skills gap.

“The state of cloud security is a work in progress with an ever-increasing variety of challenges and potential solutions,” Vinay Patel, chair of the CSA Global Enterprise Advisory Board and managing director at Citigroup, said in the announcement of the report. “It is incumbent upon the cloud user community, therefore, to collaborate and speak with an amplified voice to ensure that their key security issues are heard and addressed. We hope this document will serve as a roadmap to developing best practices in the establishment of baseline security requirements needed to protect organizational data.”

Key takeaways from the report include:

• Exploration of case studies and potential use cases for blockchain, application containers, microservices and other technologies will be important to keep pace with market adoption and the creation of secure industry best practices.
• With the rapid introduction of new features, safe default configurations and ensuring the proper use of features by enterprises should be a goal for providers.
• As adversaries collaborate quickly, the information security community needs to respond to attacks swiftly with collaborative threat intelligence exchanges that include both providers and enterprise end users.
• A staged approach on migrating sensitive data and critical applications to the cloud is recommended.
• When meeting regulatory compliance, it is important for enterprises to practice strong security fundamentals to demonstrate compliance rather than use compliance to drive security requirements.

Noting that “innovators and early adopters” have been using cloud for years for quicker deployment, greater scalability, and cost saving of services, the report noted that the growth of cloud computing “continues to accelerate offering more solutions with added features and benefits, including security. In the age of information digitalization and innovation, enterprise users must keep pace with consumer demand and new technology solutions ensuring they can meet both baseline capabilities and security requirements.”

Interestingly, the report pointed out that increased adoption in cloud services has followed consumer confidence with the security of cloud providers, who continue to invest in the security of their platforms. CSA referred to a McAfee survey, Navigating a Cloudy Sky, which found that complete trust in public cloud offerings increased 76 percent in 2017.

As CSA noted in this report last year, technology is outpacing the skills sets within companies and businesses to adopt them, according to CSA's report. “As organizations react to this demand to stay competitive, secure adoption of these technologies becomes an even greater challenge. With cloud and new IT technologies, the supply chain ecosystem needs to collaborate so that large enterprises and regulators can understand how to securely adopt new technologies and new features on existing provider technologies. Each party must play a role in securing customer data and sharing best practices for secure operations.”

Ultimately, education and awareness still needs to improve around provider services and new technologies for the enterprise. “Small-scale adoption projects need to be shared so that security challenges and patterns can be adopted to scale with the business and across industry verticals. This skills gap, particularly around cloud and newer IT technologies, needs to be met by the industry through partnership and collaboration between all parties of the cyber ecosystem.”

For the full report, click here.