- Cloud Essentials
- Software as a Service
- Accounting / Financial
- Asset Management
- Business Intelligence
- Business Process Management
- Compliance & Risk Management
- Content Management
- Document Management
- Help Desk Management
- IT / Application Management
- Project Management
- Transportation & Logistics
- Infrastructure as a Service
- Platform as a Service
New cloud security framework to address issue of trust
An international initiative looks to tackle the problem of cloud service provider reliability and trustworthiness
A new initiative is set to tackle one of the most pressing problems faced by cloud service providers in their drive for new customers: the issue of trust.
The problem for CSPs is that they’re encouraging organisations to leave personal data on a third-party’s servers but can offer no assurances that the data is safe.
The Cloud Security Alliance claimed to have taken the first steps to crack this problem. The non-profit organisation has announced a programme that will provide global certification for cloud servers. The CSA Open Certification Framework, which is being supported by the European Commission, will allow customers’ concerns to be recognised, while at the same time provide a methodology for service providers.
The importance of the new framework is such that it will be included in the EU’s European Cloud Strategy document, due to be published this summer. The EU policy is for a market-driven approach to cloud security rather than mandatory certification so there’s a chance that the CSA approach will be the de facto certification for cloud trustworthiness.
The CSA Open Certification Framework will provide guidance for providers to use Governance, Risk and Certification (GRC) Stack tools for multiple certification efforts; for example, a cloud provider will be able to follow an ISO/IEC 27001 certification path while incorporating CSA Cloud Controls Matrix (CCM).
“We all recognise that no single certification, regulation or other compliance requirement will supplant all others in governing the future of IT, said Jim Reavis, executive director of the CSA. “However, the rise of cloud as a global compute utility creates a mandate to better harmonise compliance concerns. Both consumers and providers alike will benefit from the knowledge that their CSA-backed compliance activities will be broadly applicable within global regulatory regimes.”
Cloud service providers face the problem of differing international standards and it is hoped that the CSA framework will be able to surmount some of the issues associated with a variable range of certification.
“The Cloud Security Alliance has identified the gaps within the IT ecosystem that are inhibiting market adoption of secure and reliable cloud services. Consumers do not have simple ways to evaluate their providers’ resiliency, data protection capabilities and service portability,” said Daniele Catteddu, managing director, EMEA for the CSA.
“This problem is exacerbated internationally, causing significant barriers to cloud adoption outside of national boundaries. The CSA Open Certification Framework provides a path for any region to address compliance concerns with trusted, global best practices.”