Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

Research Topic

Security as a Service

Latest ResearchWorking Group
Disaster Recovery as a Service
Disaster Recovery as a Service

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Security as a Service
Security as a Service is a specialized area that has been growing rapidly and in unbound patterns. Vendors and consumers are struggling as each offering has its own path. Much work had been done regarding the security of the cloud and data within it, but there were no best practices to follow when developing or assessing security services in an elastic cloud model—a model that scales as client requirements change. 

CSA felt it was urgent to address the needs and concerns common to the implementation of Security as a Service in its many forms. To address these challenges CSA provided guidance around implementing each category of Security as a Service to aid both cloud customers and cloud providers. In this publication series, we hope to better define best practices in the design, development, assessment and implementation of today’s offerings. You can access the guidance for each category below: 
  1. Identity and Access Management
  2. Data Loss Prevention
  3. Web Security
  4. Email Security
  5. Security Assessments
  6. Intrusion Management
  7. Security, Information and Event Management
  8. Encryption
  9. Business Continuity Disaster Recovery and Disaster Recovery as a Service
  10. Network Security
Want to download all of the guidance together? Download the file here →

How has the use of security services changed since Covid?
In the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months. 


Security as a ServiceCloud Key ManagementEnterprise Resource PlanningSaaS GovernanceSoftware Defined Perimeter

Discuss this topic in Circle

View discussion community

Participate

View the working group

Press MentionSourceDate
Five common cloud misconfiguration errorsSC MagazineApril 13, 2022
Welcoming bugbustersEconomic TimesOctober 30, 2022
Cloud Security Alliance survey finds 70% of organizations have dedicated SaaS security teamsSecurity Info WatchJune 04, 2024
Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security TeamsDark ReadingJune 05, 2024
Majority of firms bolster SaaS security despite economic woesIT Brief AustraliaJune 06, 2024
View all

Security as a Service Research

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Roles and Responsibilities of Third Party Security Services

Roles and Responsibilities of Third Party Security Services

The security responsibilities are typically split between the CSPs and Cloud Service Customers (CSCs). However, in reality, third-party security services providers increasingly play essential roles, such as providing consultancy or managing security services for CSCs. They have a part in securing the cloud platform as well. For example, some SMEs (Small and Medium Enterprises) without security professionals may be unsure of how to secure their services and thus engage a Third-Party Security Service Provider (TPSSP) for consultancy. The guidelines in this document will help cloud customers when signing Service Level Agreement (SLAs) with TPSSPs.

View the publication
Implementation Guidance for Identity Access Management

Implementation Guidance for Identity Access Management

Learn best practices for identifying and implementing IAM solutions in the cloud. We recommend reading this paper if you are responsible for designing, implementing and integrating the consumption of services of the IAM function within any cloud application of SecaaS. This paper also provides direction for enterprise security stakeholders responsible for ensuring the security of IAM solutions in a corporate IT environment. This is the first in a series of ten papers where CSA provides implementation guidance for SecaaS.

Download implementation guidance
Implementation Guidance for Data Loss Prevention

Implementation Guidance for Data Loss Prevention

Data loss prevention must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and departs from the cloud. Data loss prevention has two facets: one as viewed from the owner’s perspective and one as viewed from the custodian’s perspective. This is the second paper in a series of ten papers where CSA provides implementation guidance for SecaaS.

Download implementation guidance
View All Research

Webinars

Using SDP-based Zero Trust to thwart ransomware attacks
Using SDP-based Zero Trust to thwart ransomware attacks

September 22 | Online

Learn more

Impact of Digital Transformation on Security Strategy
Impact of Digital Transformation on Security Strategy

October 28 | Online

Learn more

Security-as-Code: What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

Key Considerations to Get Buy-in for a SaaS Data Security Program
Key Considerations to Get Buy-in for a SaaS Data Security Pr...

November 3 | Online

Learn more

View All Webinars

Blog Posts

Overcoming Challenges in Governing Scanner Adoption - Step by Step
Read Now
Priorities Beyond Email: How SOC Analysts Spend Their Time
Read Now
Navigating Cloud Security Best Practices: A Strategic Guide
Read Now
View All Blog Posts