Cloud Security Alliance To Tackle Cloud Standards

Novell and the Cloud Security Alliance have announced a vendor-neutral "Trusted Cloud Initiative" for developing standards and certification of cloud security, compliance, identity management and other best practices.

While cloud computing is a popular topic, it lacks a set of well-defined terms and standards that tell prospective users concrete information about the environment they're about to adopt.

Businesses considering adopting cloud computing lack assurances they will be able to continue to control their data, enforce best practices and guarantee security, said Jim Reavis, executive director of the Cloud Security Alliance Monday.

The Cloud Security Alliance is a group of consultants, vendors, and cloud users that formed a non-profit group at the end of 2008 to address the lack of standards for cloud computing.

If a prospective cloud user and a vendor talk about level three security in the cloud, one may have a completely different idea of what the other is saying. There are no defined levels of security in cloud computing, and it's difficult to get a discussion going when one party can't be sure of the terms that the other is using. The Trusted Cloud Initiative is aimed in part at creating a shared set of standards that can be verified by neutral third parties.

"By building a consensus security reference guide and certification roadmap, we are creating common ground for both enterprises and cloud providers, and expect to accelerate cloud adoption," said Alan Boehme, senior VP IT strategy and enterprise architecture at ING Americas, a branch of the Dutch insurance conglomerate, in Monday's announcement. Boehme is a member of the board of directors of the Cloud Security Alliance.

"Our customers need a visible seal of trust. We strongly believe education, clarity, and industry-approved security guidelines will propel the adoption of clouding computing" said Dipto Chakravarty, VP of engineering, Identity and Security unit at Novell. Reavis said Novell proposed launching the Trusted Cloud Initiative with the alliance.

The initiative will define a roadmap and certification criteria for secure cloud computing. Members of the Cloud Security Alliance include Microsoft, Dell, Rackspace, Qualys, HP, Intel, Cisco, McAfee, Salesforce.com, Symantec, the DMTF (formerly Distributed Management Task Force) standards body, and the Information Systems Audit and Control Association (ISACA).

The initiative is co-chaired by Nick Nikols, VP of product management for Novell's Identity and Security unit, and Liam Lynch, chief security strategist for eBay.

Nils Puhlmann, chief security officer at Zynga Game Network, a producer of online social games, including FarmVille, said the alliance will pay attention to other standards efforts and adopt them, whenever it can.

"We are committed to aligning the Trusted Cloud Initiative with other standards efforts," he said in the announcement. But the alliance will be responsible for "assembling the reference model and certification criteria from existing standards, and we we will complete it in 2010," he said.

More information about the alliance can be found here.