Cloud Security Alliance releases updated guidance

By Marcia Savage, Features Editor, Information Security magazine 17 Dec 2009 | SearchSecurity.com

Security UK News Digg This!     StumbleUpon     Del.icio.us

The Cloud Security Alliance (CSA) on Thursday released the second version of its guidance for secure adoption of cloud computing services.

The nonprofit alliance formally launched in April with the goal of promoting best practices for cloud computing security. The group released the first version of its guidance at the 2009 RSA Conference.

The new version, Guidance for Critical Areas of Focus in Cloud Computing – Version 2.1, provides more specifics in several areas and more actionable advice, said Jim Reavis, Cloud Security Alliance co-founder and executive director. The evolution will eventually get to the point where the industry can have audits and certification of cloud providers, he said.

"I'm not saying we're going to necessarily stand up and do all of that for the industry, but we're starting to provide some things that can move us in that direction," he said. "That's what's holding up large enterprises from using cloud computing for anything too important -- they don't have the whole compliance regime around it. That whole ecosystem hasn't been developed yet."

The CSA's guidance, which dozens of contributors helped develop, outlines key issues and provides advice across 13 domains, including incident response, encryption and key management, identity and access management, and legal and electronic discovery. It's designed to help organizations understand what questions to ask cloud providers, current recommended practices, and pitfalls to avoid.

Several organizations have been using the first version of the guidance to develop their long-term cloud strategy, Reavis said. The new version "gives them a little more meat to negotiate with cloud vendors," he said.

In its first year, the CSA expanded its membership and now counts 23 corporate members, including heavyweights Microsoft, Cisco Systems Inc. and Hewlett-Packard Co.

Reavis said the alliance has succeeded in getting the word out about cloud security issues and in prompting the information security industry "to be proactive about something new," which isn't necessarily common practice in the industry.

CSA also has succeeded in building a global footprint that it plans to leverage further next year, he said: "What we're finding is there's so many private clouds; so many governments and industries around the world are going off in their own direction. We can be helpful counters to that and try to get everyone on the same page."

Next year, the alliance plans to release research on cloud security threats, and tools for mapping its guidance to controls frameworks and standards, such as the PCI Data Security Standard and ISO 27001, he said. It also is planning several education events.

Tags: Security for Cloud Computing and Hosted Services,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security for Cloud Computing and Hosted Services Social networking risks, benefits for enterprises weighed by RSA panel Microsoft's Charney details new botnet protection, IdM technology at RSA Cloud-based services require stalwart business continuity plans Cloud security issues, targeted attacks to be hot-button topics at RSA Cloud Security Alliance releases top cloud computing security threats Cloud computing compliance: Exploring data security in the cloud Maintaining security after a cloud computing implementation Preparing the network for a cloud computing implementation Cloud computing data security starts with internal strategy, experts say Secure cloud computing: a contradiction in terms?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary