Cloud Security Alliance Shares Security Guidance for Crypto-Assets Exchange

Tuesday, April 13, 2021

InfosecIsland News

Ffc4103a877b409fd8d6da8f854f617e

The Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.  

Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersecurity professionals on the pros and cons of further securing cryptocurrency exchanges, including both Decentralized Exchanges (DEX) and hosted wallets at cloud-based exchanges, OTC desks, and cryptocurrency swap services.  

Cryptocurrency exchanges are increasingly becoming targets of hackers. For instance, in December 2020, cryptocurrency exchange Exmo “detected suspicious withdrawal activity” to the tune of more than $10 million.   

CSA's document includes a model that identifies the 10 top threats to crypto exchanges, plus a reference architecture and set of security best practices for the end-user, exchange operators, and auditors. Also covered are security control measures across a wide area of administrative and physical domains.  

“As the digital assets industry evolves and matures, crypto-asset exchanges increasingly cover areas that were, for decades, the sole dominion of long-established financial service institutions,” said Bill Izzo, co-chair of CSA’s Blockchain/Distributed Ledger Working Group. “It’s our hope that this document will provide a roadmap for those tasked with ushering new and existing financial services organizations into the future in a controlled and secure manner.”  

The Crypto-Asset Exchange Security Guidelines can be downloaded here.

89598
Infosec Island Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked