Cloud Security Alliance Enterprise Architecture Reference Guide v2 Harmonizes Business, Security, and TechnologyMay 18, 2021
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the release of the Enterprise Architecture Reference Guide v2. Developed by the CSA Enterprise Architecture Working Group (EAWG), the reference guide provides users with a compilation of every domain and container within the CSA Enterprise Architecture v2.3, a comprehensive approach for the architecture of a secure, identity-aware cloud infrastructure.
“This reference guide is fundamentally important for risk managers in evaluating opportunities for improvement, creating road maps for technology adoption, identifying reusable security patterns, and assessing various cloud providers and security technology vendors against a common set of capabilities and serves as a launchpad for upcoming EAWG releases, including a CSA Cloud Controls Matrix to Enterprise Architecture mapping and a refresh to the Enterprise Architecture itself,” said Jon-Michael C. Brook, a lead author and Enterprise Architecture Working Group co-chair.
The CSA Enterprise Architecture Reference Guide is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions that allow them to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business. Requirements come from the Cloud Controls Matrix (CCM), guided by regulations such as Sarbanes-Oxley, standards frameworks such as ISO-27002, the Payment Card Industry Data Security Standards, and the IT Audit Frameworks, such as COBIT, all in the context of cloud delivery models such as SaaS, PaaS, and IaaS.
“Our goal in creating this guide is to provide users with a clear method of organizing their organization’s technology standards portfolio, thereby allowing them to identify areas where multiple technologies exist for the same capability and conversely, areas which lack standard technology. From there, users can easily determine what warrants further investment based on the business needs of the company,” said Michael Roza, a lead author and Enterprise Architecture Working Group co-chair.
The Enterprise Architecture Working Group closely follows the CCM working group in order to map the architecture components that help enterprises identify critical elements that are key to their cloud security architecture. These components, when agreed upon to an adjacent CCM control, create a larger picture for easily implementing security strategies. Those interested in participating in the working group or its research should visit the Enterprise Architecture Working Group join page.