Cloud Security Alliance Global Enterprise Advisory Board Publishes State of Cloud Security 2018

Report outlines what must happen to speed the secure cloud adoption process between the enterprises, cloud service providers, and regulators.


SEATTLE, WA and SAN FRANCISCO, CA – RSA Conference Booth #1039 – April 16, 2018
– The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released State of Cloud Security 2018, which lays out some of the latest cloud practices and technologies that the enterprise information security practitioner must be aware of as organizational data expands beyond the traditional perimeter.

The report, authored by the CSA Global Enterprise Advisory Board, examines such areas as the adoption of cloud and related technologies, what both enterprises and cloud providers are doing to ensure security requirements are met, how to best work with regulators, the evolving threat landscape, and goes on to touch upon the industry skills gap.

The Cloud Security Alliance Global Enterprise Advisory Board is a collection of leading experts from large multinational companies representing over 10 unique industries. This board has been constituted to represent the point of view of large IT end users, and to articulate the perspective of the consumers of cloud computing related to the topic of information security.

“The state of cloud security is a work in progress with an ever-increasing variety of challenges and potential solutions. It is incumbent upon the cloud user community, therefore, to collaborate and speak with an amplified voice to ensure that their key security issues are heard and addressed,” said Vinay Patel, chair of the CSA Global Enterprise Advisory Board and Managing Director at  Citigroup. “We hope this document will serve as a roadmap to developing best practices in the establishment of baseline security requirements needed to protect organizational data.”

Among the report’s key takeaways are:

  • Exploration of case studies and potential use cases for blockchain, application containers, microservices and other technologies will be important to keep pace with market adoption and the creation of secure industry best practices.
  • With the rapid introduction of new features, safe default configurations and ensuring the proper use of features by enterprises should be a goal for providers.
  • As adversaries collaborate quickly, the information security community needs to respond to attacks swiftly with collaborative threat intelligence exchanges that include both providers and enterprise end users.
  • A staged approach on migrating sensitive data and critical applications to the cloud is recommended.
  • When meeting regulatory compliance, it is important for enterprises to practice strong security fundamentals to demonstrate compliance rather than use compliance to drive security requirements.

Established to support the Cloud Security Alliance in further anticipating emerging trends, the Global Enterprise Advisory Board serves to enhance the influence enterprises have over the future of the cloud industry’s ability to address dynamic and optimal cloud security requirements. Members represent some the world’s most recognized experts within information technology, information security, risk management and cloud computing industries.

State of Cloud Security 2018 is a free resource from the CSA.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events, and products. CSA’s activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which various parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.