Foreword CLOUD SECURITY ALLIANCE SecaaS | DEFINED CATEGORIES OF SERVICE <strong>2011</strong> Welcome to the <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>’s “<strong>Security</strong> as a <strong>Service</strong>,” Version 1.0. This is one <strong>of</strong> many research deliverables CSA will release in <strong>2011</strong>. There is currently a lot <strong>of</strong> work regarding the security <strong>of</strong> the cloud and data in the cloud, but until now there has been limited research into the provision <strong>of</strong> security services in an elastic cloud model that scales as the client requirements change. This paper is the initial output from research into how security can be provided as a service (SecaaS). Also, we encourage you to download and review our flagship research, “<strong>Security</strong> Guidance for Critical Areas <strong>of</strong> Focus in <strong>Cloud</strong> Computing,” which you can download at: http://www.cloudsecurityalliance.org/guidance Best Regards, Jerry Archer Alan Boehme Dave Cullinane Nils Puhlmann Paul Kurtz Jim Reavis The <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong> Board <strong>of</strong> Directors Copyright © <strong>2011</strong> <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong> 4
Acknowledgments Co-chairs Kevin Fielder: GE, Cameron Smith: Zscaler Working Group Leaders CLOUD SECURITY ALLIANCE SecaaS | DEFINED CATEGORIES OF SERVICE <strong>2011</strong> Runa Desai Delal: Agama Consulting, Ulrich Lang: Object<strong>Security</strong>, Atul Shah: Micros<strong>of</strong>t, Aaron Bryson: Cisco, Mark Hahn: TCB Technologies, Wolfgang Kandek: Qualys, John Hearton: Secure Mission Solutions, Justin Foster: Trend Micro, Ben Chung: HP, Jens Laundrup: Emagined <strong>Security</strong>, Ge<strong>of</strong>f Webb: Credant Technologies, Kevin Fielder: GE, Cameron Smith: Zscaler, Ken Owens: Savvis Steering Committee Scott Chasin: McAfee, Kevin Fielder: GE Global, Patrick Harding: Ping Indentity, John Hearton: Secure Mission Solutions, Bernd Jager: Colt, Joe Knape: AT&T, Marlin Pohlman: EMC, Jim Reavis: <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>, Archie Reed: HP, J.R. Santos: <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>, Cameron Smith: Zscaler, Michael Sutton: Zscaler, Brian Todd: ING SecaaS Members Lenin Aboagye: Apollo Group Inc., Ravikanth Anisingaraju: Nexus Informatics, Dave Asprey: Trend Micro, Karim Benzidane, Aaron Bryson: Cisco, Ben Chung: HP, Joel Cort: Xerox, Ricardo Costa: ESTG, Runa Desai Dalal: Agama Consulting, Jeff Finch: Interoute, Justin Foster: Trend Micro, Matthew Gardiner: CA Technologies, Suptrotik Ghose: Micros<strong>of</strong>t, Mark Hahn: TCB Technologies, Jeff Huegel: AT&T, Wolfgank Kandek: Qualys, Tuhin Kumar, Vijay Kumar Teki: HCL Technologies, Taiye Lambo: eFortresses, Jens Laundrup: Emagined <strong>Security</strong>, David Lingenfelter: Fiberlink, Drew Maness: Technicolor, Ken Owens: Savvis, Naynesh Patel: Simeio Solutions, Mike Qu, Kanchanna Ramasamy Balraj, Atul Shah: Micros<strong>of</strong>t, Said Tabet: EMC, Hassan Takabi: University <strong>of</strong> Pittsburgh, Danielito Vizcayno: E*Trade, Ge<strong>of</strong>f Webb: Credant Technologies, Arnold Webster: EC-Council University, Nick Yoo: McKesson Corp. Contributors Jim Beadel: AT&T, Cheng-Yin Lee: CSA, Jie Wang: Converging Stream Technologies, Inc, Kapil Assudani: HCSC, Valmiki Mukherjee: (ISC)2, JP Morgenthal: Smartronix <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong> DC Chapter, Vladimir Jirasek: Nokia, Amol Godbole: Cisco Systems, Tuhin Kumar: Oracle Corp., Martin Lee: Symantec.cloud, Andrey Dulkin: Cyber-Ark S<strong>of</strong>tware, John Hearton: Secure Mission Solutions, Nandakumar: Novell, Bernd Jaeger: Colt Technology <strong>Service</strong>s, Tyson Macaulay: Bell Canada, Lenin Aboagye: Apollo Group, David Treece: Edgile, Benzidane Karim: NTIQual, Atul Shah: Micros<strong>of</strong>t, Mark Hahn: TCB Technologies, Inc., Bradley Anstis: M86 <strong>Security</strong>, JD Hascup: Weyerhaeuser, Balaji Ramamoorthy: TCG, Hassan Takabi: University <strong>of</strong> Pittsburgh, Henry St. Andre: inContact, Faud Khan: TwelveDot, Inc., MS Prasad: Rediffmail, Gaurav Godhwani: Student, Ang Puay Young, Singapore Ministry <strong>of</strong> Health Holdings, Ted Skinner, Harris Corporation Copyright © <strong>2011</strong> <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong> 5