1 The permanent and official location for Cloud Security Alliance's Security Guidance for Critical Areas of Focus in Cloud Computing is guidance-v4/. official Study Guide for the 2017 Cloud Security Alliance All Rights Reserved. The Security Guidance for Critical Areas of Focus in Cloud Computing ( Guidance ) is licensed by the Cloud Security Alliance under a Creative Commons Attribution-NonCommercial- ShareAlike International License (CC-BY-NC-SA ). Sharing - You may share and redistribute the Guidance in any medium or any format, only for non- commercial purposes. Adaptation - You may adapt, transform, modify and build upon the Guidance v4 and distribute the modified Guidance , only for non-commercial purposes.
2 Attribution - You must give credit to the Cloud Security Alliance, link to Guidance webpage located at , and indicate whether changes were made. You may not suggest that CSA endorsed you or your use. Share-Alike - All modifications and adaptations must be distributed under the same license as the original Guidance No additional restrictions - You may not apply legal terms or technological measures that restrict others from doing anything that this license permits. Commercial Licenses - If you wish to adapt, modify, share or distribute copies of the Guidance for revenue generating purposes you must first obtain an appropriate license from the Cloud Security Alliance.
3 Please contact us at Notices: All trademark, copyright or other notices affixed onto the Guidance must be reproduced and may not be removed. Security Guidance Copyright 2017, Cloud Security Alliance. All rights reserved 2. FOREWORD. Welcome to the fourth version of the Cloud Security Alliance's Security Guidance for Critical Areas of Focus in Cloud Computing. The rise of Cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of Cloud computing technology.
4 The Cloud Security Alliance promotes implementing best practices for providing Security assurance within the domain of Cloud computing and has delivered a practical, actionable roadmap for organizations seeking to adopt the Cloud paradigm. The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the Security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in Cloud , Security , and supporting technologies; reflects on real-world Cloud Security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies.
5 The advancement toward secure Cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals. We are profoundly grateful to all who contributed to this release. Please visit to learn how you can work with us to identify and promote best practices to ensure a secure Cloud computing environment. Best regards, Luciano ( ) Santos Executive Vice President of Research Cloud Security Alliance Security Guidance Copyright 2017, Cloud Security Alliance.
6 All rights reserved 3. ACKNOWLEDGEMENTS. Lead Authors Rich Mogull James Arlen Francoise Gilbert Adrian Lane David Mortman Gunnar Peterson Mike Rothman Editors John Moltz Dan Moren Evan Scoboria CSA Staff Jim Reavis Luciano ( ) Santos Hillary Baron Ryan Bergsma Daniele Catteddu Victor Chin Frank Guanco Stephen Lumpe (Design). John Yeoh Contributors On behalf of the CSA Board of Directors and the CSA Executive Team, we would like to thank all of the individuals who contributed time and feedback to this version of the CSA Security Guidance for Critical Areas of Focus in Cloud Computing.
7 We value your volunteer contributions and believe that the devotion of volunteers like you will continue to lead the Cloud Security Alliance into the future. Security Guidance Copyright 2017, Cloud Security Alliance. All rights reserved 4. LETTER FROM THE CEO. I am thrilled by this latest contribution to the community's knowledge base of Cloud Security best practices that began with Cloud Security Alliance's initial guidance document released in April of 2009. We hope that you will carefully study the issues and recommendations outlined here, compare with your own experiences and provide us with your feedback.
8 A big thank you goes out to all who participated in this research. Recently, I had the opportunity to spend a day with one of the industry experts who helped found Cloud Security Alliance. He reflected that for the most part CSA has completed its initial mission, which was to prove that Cloud computing could be made secure and to provide the necessary tools to that end. Not only did CSA help make Cloud computing a credible secure option for information technology, but today Cloud computing has become the default choice for IT and is remaking the modern business world in very profound ways.
9 The resounding success of Cloud computing and CSA's role in leading the trusted Cloud ecosystem brings with it even greater challenges and urgency into our renewed mission. Cloud is now becoming the back end for all forms of computing, including the ubiquitous Internet of Things. Cloud computing is the foundation for the information Security industry. New ways of organizing compute, such as containerization and DevOps are inseparable from Cloud and accelerating our revolution. At Cloud Security Alliance, we are committed to providing you the essential Security knowledge you need for this fast moving IT landscape and staying at the forefront of next-generation assurance and trust trends.
10 We welcome your participation in our community, always. Best regards, Jim Reavis Co-Founder & CEO. Cloud Security Alliance Security Guidance Copyright 2017, Cloud Security Alliance. All rights reserved 5. TABLE OF CONTENTS. DOMAIN 1 DOMAIN 2 DOMAIN 3 DOMAIN 4. Cloud Computing Governance and Enterprise Legal Issues, Contracts and Compliance and Concepts and Architectures Risk Management Electronic Discovery Audit Management DOMAIN 5 DOMAIN 6 DOMAIN 7 DOMAIN 8. Information Governance Management Plane and Infrastructure Virtualization and Containers Business Continuity Security DOMAIN 9 DOMAIN 10 DOMAIN 11 DOMAIN 12.