New Guidelines From Cloud Security Alliance: What You Need To Know

Posted by Keith Doherty

Thu, Nov 07, 2013

cloud mobility workforce management

The Cloud Security Alliance (CSA) recently published it’s third edition guide, Security Guidance for Critical Areas of Cloud Computing - Version 3.0, highlighting best practice for cloud computing.

Included in these updates is a reformed Cloud Control Matrix (CCM), with new categories:              

  • Mobile Security

  • Supply Chain Management, Transparency and Accountability

  • Interoperability and Portability

  • Encryption and Key Management

We wanted to show you how the new CSA’s cloud security tips can apply to your business operation. 

Mobile Security

Mobile protection was an obvious addition to this year’s guidelines as mobility has taken over how the field service industry manages operations. The security guide covers everything from how mobile devices access cloud-based information; to how mobile device management tools are delivered through a software-as-a-service (SaaS) offering.

One of the more important cloud security tips provided is to have a clear and concise mobile device policy in place which will outline how workforce management will achieve device security. In addition, field service management can set the standard for what information is stored on devices as well as what information the company can access.

From a field service management software perspective, security functionality should include the ability to remotely distribute, install and update devices. Remote disabling of stolen or lost devices should also be a feature of field service management software to protect classified information from outside sources. 

Supply Chain Management, Transparency & Accountability

Among the cloud security tips provided by the CSA's updated guide, it’s recommended that customers be given a clear understanding of the service provider’s course for obtaining and processing data, especially if a third party is involved. Customers have a right to know what the entire supply chain looks like in order to determine where possible security risks may be hiding. This includes the customer being aware of the service-level agreements and security controls for their platform-as-a-service (PaaS) provider or any foundational infrastructure-as-a-service (IaaS) provider.

Part of being transparent is allowing the customer to be a part of the service lifecycle through field service management software features that invite self-service functionality. From appointment booking and canceling to information updating, customer notifications and post-service surveys, field service management software should extend utility directly to the customer. Choosing a field service management software provider that also offers a cloud solution will help to minimize multi-party involvement. 

Interoperability and Portability


This refers to the usability of field service application components regardless of location, provider, platform, OS, infrastructure, storage, format of data or API’s. The level of portability a field service management software’s cloud environment can offer is a major factor for businesses and can be equally beneficial and threatening to company data.


These are components necessary in order for a cloud environment to successfully work. Often times, a field service’s cloud environment is made up of several workings that are afforded by different providers. Over time, field service management may decide to change providers because of cost, service offerings or other reasons. When this happens, data must be able to shift and perform as well with a new provider as it did with the old. To avoid getting stuck with a provider because your cloud environment will not support an upgrade, CAS recommends following these cloud security tips:

  1. Utilize a SAML or WS-Security for verification to ensure interoperable controls within other standards-based systems.

  2. Encrypt data before it is uploaded to the cloud to protect from invalid mobile access.

  3. Determine how and where keys are stored to guarantee access to existing encrypted data.

  4. Know how to handle a security threat, should one befall your system.

  5. Make sure log files are equally protected just as any other data that is moving to the cloud.

  6. When moving to the cloud, make sure to delete information from original systems once the transfer is complete.

In short, field service management software must be versatile and flexible in order to grow, adapt and evolve with the ever-changing field service industry. The best field service management software will work with any platform or OS and it will traverse cloud environments seamlessly. Essentially, it should allow for superior alignment with the latest technology, not just today but long into the future. 

Encryption and Key Management

When field service management moves data from the secured parameters of the company to the virtual realm of the cloud, encrypting the data will help to keep it secure whether it’s being used or not. CSA cloud security tips for encryption and key management include:

  1. Using data-centric encryption or encryption that is embedded into the file format for unstructured files that need to be protected during storage or sharing.

  2. Try not to depend on cloud providers for protection. Instead, get to know how encryption and decryption keys will be managed throughout the lifecycle of your data.

  3. Keep the key management private. If you’re the only one with the keys, you’re the only one who can access files.

  4. Don’t forget to protect log files and metadata that is often overlooked but still contains important information.

  5. Use durable encryption like AES-256 and employ open, accepted formats in place of proprietary encryption formats.

Cloud computing is without a doubt the direction in which data storage and sharing is moving. It provides a level of access that is changing the way the field service industry is conducted and managed

Image Credit: jmsmytaste

Tags: Field service management software, Mobile Workforce Management, Cloud Security Alliance, Cloud Security