The Cloud Security Alliance announced the release of the Enterprise Architecture Reference Guide v2, which provides users with a compilation of every domain and container within the CSA Enterprise Architecture v2.3. 

“This reference guide is fundamentally important for risk managers in evaluating opportunities for improvement, creating road maps for technology adoption, identifying reusable security patterns, and assessing various cloud providers and security technology vendors against a common set of capabilities and serves as a launchpad for upcoming EAWG releases, including a CSA Cloud Controls Matrix to Enterprise Architecture mapping and a refresh to the Enterprise Architecture itself,” said Jon-Michael C. Brook, a lead author and co-chair of the Enterprise Architecture Working Group.

Security architects and risk management professionals can use these common sets of solutions to assess where their internal IT and cloud providers are in terms of security capabilities. 

The requirements come from the Cloud Controls Matrix (CCM) framework, which is guided by regulations such as such as ISO-27002, the Payment Card Industry Data Security Standards, and the IT Audit Frameworks, such as COBIT, all in the context of cloud delivery models such as SaaS, PaaS, and IaaS. 

Using the guide from the Cloud Security Alliance, enterprise architects can also identify areas where multiple technologies exist for the same capability and then assess what to keep investing in and assess various cloud providers and security technology vendors against a common set of capabilities.

Additional details on the new guide are available here