As mentioned in the previous posts, the Cloud Security Alliance (CSA) was formed with the aim of promoting the use of best practices for providing security assurance within cloud computing. In this post we look into details of some of the initiatives that the CSA has started to address the various challenges to wider adoption of cloud by enterprises.
By far the most widely acknowledged initiative has been the Security Guidance for Critical Areas of Focus in Cloud Computing. The guidance document is aimed at “helping organizations around the world make informed decisions regarding if, when, and how they will adopt Cloud Computing services and technologies.” It covers a spectrum of topics ranging from Architectural Framework and Governance and Enterprise Risk Management to Data Center Operations, Encryption and Key Management and Virtualization. An accompanying document, Top Threats to Cloud Computing, aims to identify the top threats that vendors and consumers of cloud services are facing.
The Trusted Cloud Initiative is aimed at helping cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management practices while the Cloud Controls Matrix hopes to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
BT researchers and practitioners are active in both the above and associated cloud security industry initiatives. For example, Dr Theo Dimitrakos and Dr Srijith Nair from the Security Futures Practice of BT Innovate & Design together with Mr. Simon Pascoe, an experienced BT Security Architect, have been contributing to recommendations and public advisory reports published by the European Network and Information Security Agency on cloud security benefits and risks and use of cloud services in Government as well as a recent report on cloud security by the Information Security Forum. BT researchers and practitioners have also been invited expert speakers on cloud security issues and solutions in major industry events including, for example, the Secure Cloud conference, the CISO Summit – Cloud Security Forum, the annual congress of the Information Security Forum, and InfoSec Europe among others. Finally, BT security researchers are leading the business development, integration and validation activities of OPTIMIS, a multi-million collaborative research project, aiming to enable an open and dependable Cloud Service Ecosystem that delivers cloud services that are more secure, reliable, auditable and sustainable.
By Dr. Srijith Nair, Security Futures Practice, BT Innovate & Design