Telecom Working Group

Fill out the form below to view this webinar!

Working Group Inactive

This working group is currently inactive. If you have any questions or would like to discuss continuation of research in this area, please contact [email protected].

Introduction to the Telecom Working Group

The Telecom Working Group within the Cloud Security Alliance (CSA) has been designated to provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications. The efforts are jointly executed by CSA Global, Telecom cloud communities (i.e. focus groups, associations, research institutes, forums, academia), Solution Providers and relevant working group responsible for authoring CSA’s Guidance V.3. The Telecom Working Group has been formed to coordinate research and the execution of this work.

Research Initiative Roadmap

How does the Telecom Industry meet the GRC Stack?

Objective: The GRC stack currently provides a detailed framework regarding governance, risk, and compliance control within a cloud environment. However, it primarily addresses the cloud customer requirements rather than the business plans of the telecom industry or cloud provider in general. The objective of this initiative is to evaluate and document the current adoption/acceptance/perception of the GRC stack within the industry.

Work plan:

  • Create short questionnaire evaluating the adoption/acceptance/perception of the GRC stack – Dec 2011
  • Utilize all available industry contacts to perform interviews (in person as much as possible) – Q1 2012
  • Publish a report – Q2 2012
  • Feedback findings into GRC projects – Q2 2012

The Telecom Industry GRC Stack Implementation/adoption guidance

Objective: Provide guidance about how to implement the GRC stack

Work plan:

*Use results from the GRC industry questionnaire to identify the most significant issues preventing adoption

ISO 27017 – Telecom Carrier Liaison

Objective: Support drafting the new standard and give industry specific feedback.

Work plan:

Participate in ISO 27017 (Cloud Security Controls) standards drafting (CSA is contributor to 27017-2) Develop questionnaire based on DoC of 27017 meetings Draft questions to be tested on telco to validate Draft a cover letter to accompany questionnaire Target Jan. 15th for release of cover letter and questionnaire

How to achieve effective security event management in a provider grade cloud environment

Objective: Discuss today’s available detection, correlation and response technologies and how they are currently used within the industry. Create a WP of best practices to implement an effective security event management.

Create a white-paper that includes:

  • Identify available technologies
  • Do research on what is used today and how
  • Rate effectiveness
  • Identify successful strategies and the best way to implement them
  • Give an overview over future prospects and emerging technologies/strategies

How to provide compliance monitoring to cloud customer?

Objective: Proof of compliance in the cloud will become increasingly important for cloud user. How can compliance monitoring be implemented meeting the customer requirements and the CSPs business plan?

Work plan:

  • Identify most common compliance requirements (likely related to industry verticals markets)
  • Identify current compliance monitoring strategies and how this is or could be implemented in a cloud environment. If not, try to identify now approaches.
  • What are effective (function + costs) implementation strategies?

How to provide forensic support in a multi-tenant, provider grade cloud infrastructure?

Objective: How can provider support forensics investigation in a multi tenant environment without violating customers privacy?

Work plan:

  • Identify available technologies
  • Identify current common strategies
  • Create white-paper on forensic support in a CSP environment
  • What are effective (function + costs) implementation strategies?

Telecom Working Group Leadership

Telecom Co-chairs

Bernd Jaeger

Bernd Jaeger

Working for more than 20 years within the ICT industry, focussing on information security, Bernd’s scope ranges from security management related activities down to a deep, “hands-on” level of understanding of today’s threats and countermeasures.

Working for Telecommunication-, Internet-, Cloud and Technology Service provider, Bernd designed and implemented highly customized security solutions, developed technical blueprints and products, conducted security audits and penetration tests, tested and introduced new technologies, trained employees and customers as well as provided internal and external consultancy at all times. In addition to that he had been part of Cyber Security Incident Response Teams supporting forensics, malware analysis and application vulnerability testing.

His most recent work is focused on security architectures for the software defined (virtualized) future of data centre and network services in a provider environment and as member of the “Office of the CTO” writing strategic technology papers and providing guidance to the executive committee.

As chair of the Telecom Working Group and contributor to variety of research initiatives within the Cloud Security Alliance, as speaker at conferences and writer, Bernd is actively supporting the international research community, promoting security best practice and knowledge. In 2012 he received the Ron Knode Service Award recognizes excellence in volunteerism and is awarded in memory of Ron Knode, a cherished member of the CSA community.

Contributions: Co-chair of the Telecom Working Group; member of the Virtualization Working Group; founding member of the Incident Management & Forensic Working Group and contributor to several of its publications.

Xavier Guerin

Telecom Working Group Initiatives

Please contact Telecom Working Group Leadership for more information.

Want to contribute to the Telecom Working Group?

Fill out the form below to join today!


Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:

Indicates a required field.

If you experience trouble using this form, please submit the information here.

Thanks for your interest!

Your request to join Telecom has been recorded. Someone will be in touch with you soon with more instructions.

Connect with Us

Telecom Working Group Downloads

No downloads currently available.