View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 2, 2009

Alliance forms around cloud security

Goal is recommended cloud security practices

By CBR Staff Writer

An action group is to be drawn together by vendors and businesses that will develop a set of security policy guidelines and recommended practices for suppliers and users of on-demand cloud computing services.

The Cloud Security Alliance will be launched at the RSA Conference 2009 in San Francisco starting April 20.

Its aim is to draw up a mandate outlining necessary security requirements for cloud and to promote independent research into best practices for cloud computing security.

Companies as diverse as Qualys, eBay, PGP, ING and vScaler have been named as among the founding members. 

The Alliance said it should not be seen as a standards body, but rather a group with shared interests that will pool their expertise and help drive a common baseline for understanding security for cloud computing.

It intends assessing the security requirements needed to resolve the business concerns that are building around cloud computing, such as issues of e-discovery, governance and enterprise risk controls, through to encryption and key management.

It said that cloud computing business models challenge the presumption that a company possesses, or even controls, all of the digital business information for which the law imposes duties to preserve and produce.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

The ability to govern and measure enterprise risk within a company owned data centre is difficult enough, and extending this to cloud computing resources also could lead to many new unknowns in enterprise risk.

The Alliance said it will explore 12 other ‘domains of concern’ including information lifecycle management, general legal, identity and access management, storage, virtualisation, application security, portability and interoperability, data centre operations management, incident response, notification and remediation, ‘traditional’ security impact (business continuity, disaster recovery, physical security), and issues impacting the architectural framework of enterprise security.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.