UK markets closed
  • FTSE 100

    +45.88 (+0.65%)
  • FTSE 250

    +125.37 (+0.55%)
  • AIM

    +3.03 (+0.24%)

    +0.0009 (+0.07%)

    -0.0060 (-0.42%)

    -250.21 (-1.00%)
  • CMC Crypto 200

    -17.62 (-1.87%)
  • S&P 500

    +8.26 (+0.19%)
  • DOW

    +13.36 (+0.04%)

    +0.49 (+0.70%)

    -16.90 (-0.89%)
  • NIKKEI 225

    -9.83 (-0.03%)

    +103.25 (+0.36%)
  • DAX

    +122.05 (+0.78%)
  • CAC 40

    +54.17 (+0.83%)

Cloud Security Alliance Enterprise Architecture Reference Guide v2 Harmonizes Business, Security, and Technology

·3-min read

Guide provides a roadmap to a modern, identity-aware cloud infrastructure

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the release of the Enterprise Architecture Reference Guide v2. Developed by the CSA Enterprise Architecture Working Group (EAWG), the reference guide provides users with a compilation of every domain and container within the CSA Enterprise Architecture v2.3, a comprehensive approach for the architecture of a secure, identity-aware cloud infrastructure.

"This reference guide is fundamentally important for risk managers in evaluating opportunities for improvement, creating road maps for technology adoption, identifying reusable security patterns, and assessing various cloud providers and security technology vendors against a common set of capabilities and serves as a launchpad for upcoming EAWG releases, including a CSA Cloud Controls Matrix to Enterprise Architecture mapping and a refresh to the Enterprise Architecture itself," said Jon-Michael C. Brook, a lead author and Enterprise Architecture Working Group co-chair.

The CSA Enterprise Architecture Reference Guide is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions that allow them to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business. Requirements come from the Cloud Controls Matrix (CCM), guided by regulations such as Sarbanes-Oxley, standards frameworks such as ISO-27002, the Payment Card Industry Data Security Standards, and the IT Audit Frameworks, such as COBIT, all in the context of cloud delivery models such as SaaS, PaaS, and IaaS.

"Our goal in creating this guide is to provide users with a clear method of organizing their organization's technology standards portfolio, thereby allowing them to identify areas where multiple technologies exist for the same capability and conversely, areas which lack standard technology. From there, users can easily determine what warrants further investment based on the business needs of the company," said Michael Roza, a lead author and Enterprise Architecture Working Group co-chair.

The Enterprise Architecture Working Group closely follows the CCM working group in order to map the architecture components that help enterprises identify critical elements that are key to their cloud security architecture. These components, when agreed upon to an adjacent CCM control, create a larger picture for easily implementing security strategies. Those interested in participating in the working group or its research should visit the Enterprise Architecture Working Group join page.

Download the free Enterprise Architecture Reference Guide v2.

Learn more about defining and implementing a secure enterprise cloud operating model at the upcoming CSA CISO Summit at RSAC 2021 (May 18). Register today.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.

View source version on


Kari Walker for the CSA