Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

New Cloud Security Certification Program Launches: Page 2 of 2

The CSA is also promoting the Cloud Controls Matrix, a framework that describes 98 control specifications related to cloud computing. The matrix was released in April, but a CSA panel is working on version 2.0, which may be available in November. "This could bridge the gap with your current knowledge and current tools to look for the presence of appropriate security controls in any type of cloud environment," says Reavis.

Another effort to make security and audit information more available is CloudAudit.org, a non-profit group developing an API and Web services that will make it easier for providers to make audit information available, and for customers and potential customers to access and consume that information. The CloudAudit group, organized by Chris Hoff, takes advantage of the Cloud Controls Matrix to provide a framework for the kinds of information that providers can make available.

"As consumers of these services, we should be more concerned about what these providers actually do versus what they claim to do," says Shipley. "I think the Cloud Controls Matrix is a great start down the path of defining reasonable security controls, and I would love to see the IT industry get behind it. My question is, how do we get some of these cloud providers to actually adhere to that standard and agree to be audited? I think that's the first problem that needs to be tackled."

Another effort of the CSA is the Trusted Cloud Initiative that helps cloud providers develop their own standards for secure and interoperable identity, access and compliance management. An initial version of the Trusted Cloud Initiative is due in the fourth quarter of this year. Reavis described identity management as critical to ensuring that only people authorized by the customer have access to their cloud computing resources. "If we don't solve that problem we are going to lose a lot of the efficiency for doing public cloud for sure," Reavis added.