Skip to main content

Advances, Systems and Applications

Table 1 Summary of CSA security frameworks

From: A quantitative analysis of current security concerns and solutions for cloud computing



Structure and comments

CSA Guidance


• Recommendations for reducing risks

• No restrictions regarding specific solutions or service types

• Guidelines not necessarily applicable for all deployment models

• Provide initial structure to divide efforts for researches

• One architectural domain

• Governance domains: risk management, legal concerns, compliance, auditing, information management, interoperability and portability

• Operational domains: traditional and business security, disaster recovery, data center operations, encryption, application security, identification, authorization, virtualization, security outsourcing

• Emphasis on the fact that cloud is not bound to virtualization technologies, though cloud services heavily depend on virtualized infrastructures to provide flexibility and scalability

CSA Top Threats


• Provide context for risk management decisions and strategies

• Focus on issues which are unique or highly influenced by cloud computing characteristics

• Seven main threats:

   ‐Abuse and malicious use of cloud resources

   ‐Insecure APIs

   ‐Malicious insiders

   ‐Shared technology vulnerabilities

   ‐Data loss and leakage

   ‐Hijacking of accounts, services and traffic

   ‐Unknown risk profile (security obscurity)

· Summarizes information on top threats and provide examples, remediation guidelines, impact caused and which service types (based on SPI model) are affected

CSA Architecture


• Enable trust in the cloud based on well-known standards and certifications allied to security frameworks and other open references

• Use widely adopted frameworks in order to achieve standardization of policies and best practices based on already accepted security principles

• Four sets of frameworks (security, NIST SPI, IT audit and legislative) and four architectural domains (SABSA business architecture, ITIL for services management, Jericho for security and TOGAF for IT reference)

• Tridimensional structure based on premises of cloud delivery, trust and operations

• Concentrates a plethora of concepts and information related to services operation and security

  1. Table summarizing information related to CSA security frameworks (guidance, top threats and TCI architecture).