I’ve blogged previously about the Cloud Security Alliance (CSA) and Cloud Audit – this group is doing ALOT to promote the use of best practices for providing security assurance within cloud computing –and has grown to over 15,000 members in a short period of time. CSA working groups are tackling the tough challenges like cloud assessment, identity in the cloud, and security-as-a-service - in an open, collaborative way.
One of CSA’s main accomplishments has been advancing the adoption of the Cloud Controls Matrix into international standards communities. An important new development is the Consensus Assessments Initiative (CAI) Questionnaire – a spreadsheet that cloud consumers and assessors can use to understand what security controls Cloud Service Providers (CSPs) have implemented in their IaaS, PaaS, and SaaS offerings. The Questionnaire is a companion to the CSA Guidance and the CSA Cloud Controls Matrix. Use it with CSPs you are considering – test it and give feedback to on what works and what doesn’t to the CSA working groups.
Fyi, if you haven’t heard, CSA is holding a half day summit co-located with the RSA Conference 2011, San Francisco, Feb 14. Keynote speaker will be Marc Benioff, CEO Salesforce.com.
As a footnote ENISA – the European Network and Security Agency - has just released a new 146 report on Risk and Resiliency in the Cloud for governments and health care agencies, leveraging work of the Cloud Security Alliance (CSA), among others. This is another landmark in a series of international standards organizations adopting CSA work. Pages 13-20 describe a scenario which covers the challenges in conversational language. Interesting reading if you don’t want to read about controls J
For all of you attending the RSA Conference, see you there! I will be at the CSA Summit on Monday am and hanging at the RSA and EMC booths throughout the Expo hours.
Recent Comments