Research Working Groups

18 total

5G Security  

  last person joined 15 days ago

View Only

Automation, orchestration, visibility & analytics  

  last person joined 19 days ago

View Only

Cloud Data Breach Investigation  

*This community is currently inactive*
The Cloud Data Breach Investigation working group will undertake to develop an industry best-practice guidance on how an investigation of cloud data breaches should be conducted to ensure timely detection of data breaches; accurate identification of root cause(s) and timeline; proper handling of evidence for legal admissibility; and, reporting to management of affected organizations and regulators.

  last person joined one month ago

View Only

DevSecOps  

Businesses are now demanding a stronger collaboration between both development and operational teams and adding their relative security teams. This additional force that creates DevSecOps is transferable to the idea that prior to this implementation, DevOps skipped the security step which after deployment of applications created roadblocks once confronted with issues that arose with this specific exclusion. The true focus of DevSecOps is to create a transparent and full circle management life cycle that leverages all of the components of DevSecOps to ensure timely and full functioning application deployment that include proper security steps through every process rather than at the end.

  last person joined 2 days ago

View Only

Financial Services Industry  

The mission of the CSA FSI community and research working groups is to bring together financial service institutions, financial supervisory authorities, and other national regulatory bodies along with relevant cloud and fintech service providers. Together they discuss and identify commonly acceptable best practices that will help manage the technical security risks related to secure cloud adoption, and facilitate compliance with laws and regulations.

  last person joined 2 days ago

View Only

Global Security Database (GSD)  

This working group has been created to guide the creation of an open source and automation compatible vulnerability identification framework. By making it easy to generate and consume vulnerability information, the cybersecurity industry will be better equipped to rapidly respond to emerging threats.

  last person joined 2 days ago

View Only

Identity and Access Management  

This working group aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices, and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.

  last person joined 16 days ago

View Only

Pillar: Applications & Workload  

  last person joined 6 days ago

View Only

Pillar: Data  

  last person joined 9 days ago

View Only

Pillar: Device  

  last person joined 23 days ago

View Only

Pillar: Identity  

  last person joined 6 days ago

View Only

Pillar: Network/Environment  

  last person joined 12 days ago

View Only

Research Working Groups  

CSA Working Groups are the go-to source for best practices, research, and tools for providing security assurance and privacy in the cloud. CSA’s diverse membership of industry practitioners and corporate members has converged and continuously cycled through researching, analyzing, formulating, and delivering arguably the most advanced research and tools available across the cloud security spectrum.
Here you can find a list of active research working groups, volunteer opportunities, and open peer reviews.

  last person joined 6 months ago

View Only

Security as a Service  

In today's world of so many SecaaS offerings, CSA's SecaaS working group strives to establish general categories of security services, and provides guidance on what should be expected as a standard set of functionalities in any given category.
This working group is in the process of being revitalized, and co-chairs are currently being determined. Once leadership is confirmed, charter revision and forecasting deliverables will begin.

  last person joined 4 days ago

View Only

Zero Trust  

The working group will advocate for and promote the adoption of Zero Trust security principles, providing practical and technically sound guidance on how organizations can and should approach this, for their cloud and on-premise environments along with mobile endpoints. This group will build on and leverage established and recognized zero trust frameworks and controls. The goals of the CSA Zero Trust (ZT) Working Group are to:
- Act as a source of education and outreach on the adoption of Zero Trust as a modern and necessary approach to information security
- Take a deliberately technology and vendor-neutral approach to architectures and approaches for mature Zero Trust implementations.
- Aim to educate the industry about the strengths and weaknesses of different approaches so enterprises can make informed decisions based on their specific needs and priorities.
- Be able to take technically sound positions and make defensible recommendations on Zero Trust while remaining vendor-neutral

  last person joined 2 days ago

View Only

Zero Trust architecture, Implementation & Maturity Model  

  last person joined 4 days ago

View Only

Zero Trust as a Philosophy & Guiding Principles  

  last person joined 18 days ago

View Only

Zero Trust Organizational Strategy & Governance  

  last person joined 18 days ago

View Only