Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

CSA Updates Cloud Security Framework

The question isn't will cloud computing become the future of IT, but when. According to MarketsandMarkets (M&M), the global cloud computing market will reach $121.1 billion by 2015 ("Global cloud computing market: global forecast, 2010-2015"). Although it represents just a portion of the overall IT cloud market, public cloud providers' revenues will reach $45 billion by 2013, according to IDC. This represents a compound annual growth rate of 26 percent, more than six times the forecast growth rate for traditional IT spending. But IDC also says that businesses are more concerned about the risks involved, including security, availability and performance, than the benefits of flexibility, scalability and lower costs.

That's where the Cloud Security Alliance, a not-for-profit organization addressing best practices for providing security assurance within cloud computing, comes in. Created last year by a coalition of industry practitioners, corporations, associations and other stakeholders, CSA has announced version 1.1 of its Cloud Controls Matrix (CCM) Security Controls Matrix, part of the CSA GRC (governance, risk management and compliance) Stack.

Designed to provide a security framework for cloud vendors and customers, version 1.0 of the CCM--a catalog of cloud security controls aligned with key information security regulations, standards and frameworks--was introduced in April 2010. One of the key objectives was to bridge this hodgepodge of national (i.e., NIST), international (i.e., ISO 27001/27002) and industry (i.e., PCI) security regulations, standards and frameworks. Version 1.1 updates the first release to accommodate recent changes in many of the frameworks' elements.

Marlin Pohlman, one of the CCM co-chairs and chief governance officer at EMC, says that there were a number of changes that came out between versions 1.0 and 1.1, including HIPPA (Health Insurance Portability and Accountability Act) and PCI (Payment Card Industry) support. "We did remapping, so that's why its an incremental as opposed to version release." He says CCM should help companies better position themselves if they are in the cloud services space.

Cloud security is a massive undertaking, but Pohlman says there has been significant advancement since CSA was formed less than two years ago. A number of standards groups, industry associations and governments--especially in the United States, United Kingdom, Japan and Europe--have been adopting various elements, and CCM is being seen as seminal work around cloud standards for ISO. CSA has a unique change control philosophy that will be reflected in version 2.0, which Pohlman is responsible for steering. It will redefine the controls of the supply chain, on the multitenancy, multitier business model and on multijurisdictional aspects. "In 2.0 we have refocused on the tenant as the primary owner of risk," says Pohlman said. Existing controls to address those specific pain points will be revised in the next version.

Related Reading

More Insights

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computings Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers