BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards

by Jeevak Kasarkod on May 08, 2011 |


Last week the Distributed Management Task Force (DMTF) formed the Cloud Audit Data Federation Work Group (CADF) to develop open standards for cloud auditing. The work group will define specifications that will enable cloud service providers to generate specific audit events, log and report information on a per-tenant and application basis. DMTF expects that the adoption of this open standard will instill in customers a greater trust in "cloudy applications". Cloud hosted application consumers can expect an interoperable cloud management system between service providers when these specifications are combined with standards from the Cloud Management Working Group (CMWG) .

The CADF charter defines the goals of the working group in terms of in-scope items:

· Data Model - that defines a normative, prescriptive audit event record and is composable into compatible log and record formats.
o Extensible Event Taxonomies - normative, prescriptive taxonomies used to categorize event resources, actions and outcomes.
· Exemplary Interface Model - that defines service methods for management and federation of the audit data model.
o Interfaces would include consideration for event Submission, Import and Export, Query and Subscription.
· Exemplary Component and Interaction Model - that demonstrates how the data and interfaces could be used by cloud providers and consumers to support general cloud auditing use cases.
· Profiles - that extends the core data and interface specifications developed to accommodate particular methods of consumption.
o Including references to specific data models (e.g. DMTF Common Information Model or CIM) and "tagging" to security compliance controls/frameworks (e.g. ISO 27000, PCI-DSS, HIPAA, etc.)

and out-of-scope items:

• Translation of event notation from other domains
• Non-­‐federated, low-­‐level event generation
• Message and transport protocols
• Persistence and storage of audit events, reports, and logs will not be considered.
• Inclusion of Trace, Debug and Forensic Information

Apart from aligning with the CMWG the CADF working group has planned partnerships with The Open Group (TOG) , Cloud Security Alliance (CSA), Object Management Group (OMG) and the Storage Networking Industry Alliance (SNIA). Winston Bumpus, DMTF president said that the CADF group will incoporate CSA CloudAudit's work around audit and namespace standardization. Bumpus also announced that the CADF specifications will be referenced in The Cloud Computing Standards Roadmap which is a comprehensive list of relevant cloud computing standards.

The DMTF is constituted of 16 member companies and its board includes IBM, Novell, VMWare, EMC, HP, Oracle, Cisco, Fujitsu, CA Technologies, Hitachi, Juniper, Red Hat, Citrix, Huawei.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT