Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News The Cloud Security Alliance Wants Safer Clouds

The Cloud Security Alliance Wants Safer Clouds

This item in japanese


The Cloud Security Alliance (CSA) is a non profit organization meant to be an open forum promoting the exchange of information and knowledge related to security and cloud computing with the aim to create a set of best security practices for cloud vendors and consumers.

Cloud computing is raising many eyebrows, especially among corporate organizations, because of security concerns. This is the issue CSA intends to tackle. According to CSA’s website, the purpose of the alliance is to:

  • Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
  • Promote independent research into best practices for cloud computing security.
  • Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.
  • Create consensus lists of issues and guidance for cloud security assurance.

Dave Cullinane, Chief Information Security Officer at eBay and co-founder of the alliance, remarked:

It is imperative that information security leaders are engaged at this early stage to help assure that the rapid adoption of cloud computing builds in information security best practices without impeding the business. I am proud to be a co-founder of this important initiative.

Alan Boehme, VP of IT Strategy and Architecture at ING and co-founder of CSA, expressed his satisfaction for an alliance driven by practitioners:

Enterprises need pragmatic advice to qualify and engage with cloud providers in a way that is in alignment with organizational risk tolerances. We also need the flexibility to use cloud services for business needs of varying levels of sensitivity. It is important to me that the Cloud Security Alliance's recommendations are being driven by leading practitioners.

CSA will try to address security issues in the following area:

  • Information lifecycle management
  • Governance and Enterprise Risk Management
  • Compliance & Audit
  • General Legal
  • eDiscovery
  • Encryption and Key Mgt
  • Identity and Access Mgt
  • Storage
  • Virtualization
  • Application Security
  • Portability & Interoperability
  • Data Center Operations Management
  • Incident Response, Notification, Remediation
  • "Traditional" Security impact (business continuity, disaster recovery, physical security)
  • Architectural Framework

CSA is open to individuals, affiliate and corporate organizations, and includes both cloud computing vendors and consumers. The alliance will be officially launched during the RSA Conference 2009 in San Francisco, April 20-24, 2009.

Rate this Article