CIO Influence
CIO Influence News Cloud Security

Latest Research from Cloud Security Alliance Offers Guidance on Designing Serverless Architecture, Adopting Cloud-Native Key Management Systems

Latest Research from Cloud Security Alliance Offers Guidance on Designing Serverless Architecture, Adopting Cloud-Native Key Management Systems
Documents offer road maps to those looking to implement new systems within their organizations

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released two sets of guidance from its research working groups. The first, How to Design a Secure Serverless Architecture, offers specific security best practices for implementing applications on a serverless platform along with recommended controls application owners should adopt. Recommendations for Adopting a Cloud-Native Key Management System (KMS), meanwhile, provides project and program managers, among others, with general guidance for choosing, planning, and deploying a cloud-native KMS.

Recommended ITech News: 1010data In New Collaboration with Moody’s Analytics

“Adopting a cloud-native KMS doesn’t need to be more complicated than the adoption of a public cloud service”

Written by CSA’s Serverless Working Group, How to Design a Secure Serverless Architecture [URL] provides application developers and architects, security and risk management professionals, and others involved in administering and securing systems with a set of best practices and recommendations for securing serverless applications. While it offers an extensive overview of a variety of threats, rather than detailing the more generic, cloud-related security aspects, the document focuses on the application owner and the threats facing applications on a serverless platform, specifically those aspects that change as a result of moving to a serverless service.

“IT organizations in nearly every industry are feeling pressure to quickly deliver value, get ahead of the competition, and provide customers with new experiences. Serverless platforms allow application teams to deliver value quickly, without having to manage the infrastructure the application runs on. As this movement gains steam, we can expect to see a proliferation of serverless platforms and more high-value applications being run on these platforms. Security concerns on serverless platforms are only going to grow, and organizations need to understand how to best protect themselves,” said Aradhna Chetal, one of the paper’s co-authors and co-chair of the Serverless Working Group.

Recommended ITech News: Proximie Selects 8×8 Call and Video Quality Performance Monitoring to Enhance Future of Surgical Healthcare

Recommendations for Adopting a Cloud-Native Key Management System (KMS), which was written by the Cloud Key Management Working Group, addresses the technical, operational, legal, regulatory, and financial aspects of leveraging a cloud-native KMS, with the goal of optimizing business outcomes, including agility, cost, and compliance. It’s envisioned that the program or project manager will refer to the guidance as they lead their organization through the lifecycle stages covered within the document.

“Adopting a cloud-native KMS doesn’t need to be more complicated than the adoption of a public cloud service,” said Paul Rich, co-chair of the Cloud Key Management Working Group and a co-author of the paper. “However, because a KMS is often a core utility, its adoption warrants the same treatment you would apply to directory and other identity services. Like all information systems, it’s important to have the necessary talent available and give them sufficient time and guidance, all of which will go a long way toward successful adoption.”

Recommended ITech News: Apiiro and NetSPI Partner to Provide Contextual, Risk-Based Penetration Testing

The Cloud Key Management Working Group aims to facilitate the standards for seamless integration between cloud service providers and key broker services. Those interested in participating in future research and initiatives involving cloud key management are invited to join the working group.

The Serverless Working Group seeks to develop best practices to help organizations looking to run their business with a serverless business model. Individuals interested in becoming involved in future serverless research and initiatives are invited to join the working group.

Recommended ITech News: Satori Secures $20 Million in Series A to Accelerate Adoption of Cloud Data Platforms with DataSecOps

Related posts

Omega Systems Announces Promotions Across Technical Service Delivery and 24×7 IT Support Teams

Cision PRWeb

TELUS International Completes Acquisition of WillowTree, a Full-service Digital Product Provider

TriggerMesh Open Source Integration Platform for Kubernetes Now Available

CIO Influence News Desk

Leave a Comment