Cloud Security Alliance formed to promote best practices

eBay and ING are among founding members

A group calling itself the Cloud Security Alliance announced its formation Tuesday, with eBay and ING as founding members.

The alliance, which plans to make its first big splash at the upcoming RSA Conference, was formed to promote security best practices in a cloud computing environment.

The on-demand cloud computing model is putting new demand on security, according to statements from Dave Cullinane, CISO at eBay. "The very nature of how businesses use information technology is being transformed by the on-demand cloud computing model," he said. "It is imperative that information security leaders are engaged at this early stage to help assure that the rapid adoption of cloud computing builds in information security best practices without impeding the business."

"Enterprises need pragmatic advice to qualify and engage with cloud providers in a way that is in alignment with organizational risk tolerances," says Alan Boehme, Cloud Security Alliance founding member and senior vice president of IT strategy and architecture at ING, a large global financial-service firm.

Chris Hoff, technical advisor to the Cloud Security Alliance, says the group, which includes a mix of  user companies and vendors (PGP, Qualys and vScaler are among those announced) wants to sort out issues coming up in the cloud computing environment today.

"These companies, large and small, are struggling to make cloud computing relevant to their business," Hoff says. "The cloud means many things to many people." The group will seek not to define standards but set a common baseline for understanding security for cloud computing.

The group will likely tackle recommendations about security for cloud computing, and according to the group's Web site, it will be examining "15 domains of concern."

These include areas such as governance and enterprise risk, information and life-cycle management, compliance and audit, eDiscovery, encryption and key management, application security, identity and access management and incident response.

In related news, a document called the Open Cloud Manifesto, signed by dozens of vendors in support of cloud computing interoperability, was released  Monday.

This document, issued by a group said to include IBM, Sun Microsystems, VMware and several others, tackles issues surrounding security, integration, interoperability, portability, governance/management and metering/monitoring in a cloud environment. But at least for the moment, it is mired in some controversy.

"The debacle stems from how the document was put together," Hoff explains. Some believe the document was too top-heavy with input from IBM and not open enough. Others criticize it as missing support from some of the major cloud computing heavyweights, such as Google.

Hoff says debate about it all is ongoing at the Cloud Computing Expo in New York City this week.

More about: CSA, Cullinane, eBay, Google, IBM, ING, PGP, Qualys, RSA, Sun Microsystems, VMware
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cloud security alliance
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/15/angry-ip-scanner/

Angry IP Scanner

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia