BT

The Cloud Security Alliance Wants Safer Clouds

| by Abel Avram Follow 9 Followers on Apr 15, 2009. Estimated reading time: 1 minute |

The Cloud Security Alliance (CSA) is a non profit organization meant to be an open forum promoting the exchange of information and knowledge related to security and cloud computing with the aim to create a set of best security practices for cloud vendors and consumers.

Cloud computing is raising many eyebrows, especially among corporate organizations, because of security concerns. This is the issue CSA intends to tackle. According to CSA’s website, the purpose of the alliance is to:

  • Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
  • Promote independent research into best practices for cloud computing security.
  • Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.
  • Create consensus lists of issues and guidance for cloud security assurance.

Dave Cullinane, Chief Information Security Officer at eBay and co-founder of the alliance, remarked:

It is imperative that information security leaders are engaged at this early stage to help assure that the rapid adoption of cloud computing builds in information security best practices without impeding the business. I am proud to be a co-founder of this important initiative.

Alan Boehme, VP of IT Strategy and Architecture at ING and co-founder of CSA, expressed his satisfaction for an alliance driven by practitioners:

Enterprises need pragmatic advice to qualify and engage with cloud providers in a way that is in alignment with organizational risk tolerances. We also need the flexibility to use cloud services for business needs of varying levels of sensitivity. It is important to me that the Cloud Security Alliance's recommendations are being driven by leading practitioners.

CSA will try to address security issues in the following area:

  • Information lifecycle management
  • Governance and Enterprise Risk Management
  • Compliance & Audit
  • General Legal
  • eDiscovery
  • Encryption and Key Mgt
  • Identity and Access Mgt
  • Storage
  • Virtualization
  • Application Security
  • Portability & Interoperability
  • Data Center Operations Management
  • Incident Response, Notification, Remediation
  • "Traditional" Security impact (business continuity, disaster recovery, physical security)
  • Architectural Framework

CSA is open to individuals, affiliate and corporate organizations, and includes both cloud computing vendors and consumers. The alliance will be officially launched during the RSA Conference 2009 in San Francisco, April 20-24, 2009.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT