Category Archives: Cloud Security Alliance

CSA, CipherCloud look to standardise APIs for cloud access security brokerage

The CSA and CipherCloud are leading an initiative to standardise API implementation for cloud access security brokerage

The CSA and CipherCloud are leading an initiative to standardise API implementation for cloud access security brokerage

The Cloud Security Alliance (CSA) and cloud security vendor CipherCloud are forming a working group to jointly develop best practice around API deployment for cloud access security brokerage services.

Cloud Security Open API Working Group, which at its founding will include contributions from Deloitte, InfoSys, Intel Security, and SAP among others, will jointly define protocols, guidelines and best practices for implementing data security services – encryption, tokenisation and other technologies – across cloud environments.

The CSA said the working group plans to develop API specifications and reference architectures to guide cloud-based data protection.

“Standards are an important frontier for the cloud security ecosystem,” said Jim Reavis, chief executive of CSA.

“The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment – a win for vendors, partners and users. Standardising APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications,” Reavis said.

Pravin Kothari, founder and chief executive of CipherCloud said: “Cloud is the killer app for security innovation. But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security. Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in [cloud access security brokerage], we are excited to co-lead this initiative with CSA to accelerate security across clouds.”

The initiative may enhance the ability to integrate various cloud services securely according the Jeff Margolies, principal at Deloitte, and open up what is generally considered to be a fairly closed, proprietary-dominated space.

“Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure,” he said, adding that the working group may help consolidate standards among vendors and cloud customers.

CSA tool helps cloud users evaluate data protection posture of providers

The CSA says the tool can help customers and providers improve their cloud data protection practices

The CSA says the tool can help customers and providers improve their cloud data protection practices

The Cloud Security Alliance this week unveiled the next generation of a tool designed to enable cloud customers to evaluate the level of data protection precautions implemented by cloud service providers.

The Privacy Level Agreement (PLA) v2 tool aims to give customers a better sense of the extent to which their providers have practices, procedures and technologies in place to ensure data protection vis-à-vis European data privacy regulations.

It also provides a guidance for cloud service providers to achieve compliance with privacy legislation in EU, and on how these providers can disclose the level of personal data protection they offer to customers.

“The continued reliance and adoption of the PLA by cloud service providers worldwide has been an important building block for developing a modern and ethical privacy-rich framework to address the security challenges facing enterprises worldwide,” said Daniele Catteddu, EMEA managing director of CSA.

“This next version that addresses personal data protection compliance will be of significant importance in building the confidence of cloud consumers,” Catteddu said.

The tool, originally created in 2013, was developed by the PLA working group, which was organised to help transpose the Art. 29 Working Party and EU National Data Protection Regulator’s recommendations on cloud computing into an outline CSPs can use to disclose personal data handling practices.

“PLA v2 is a valuable tool to guide CSPs of any size to address EU personal data protection compliance,” said Paolo Balboni, co-chair of the PLA Working Group and founding partner of ICT Legal Consulting. “In a market where customers still struggle to assess CSP data protection compliance, PLA v2 aims to fill this gap and facilitate customer understanding.”

6 Cloud Computing Standards to Watch Out For

Of the numerous platforms available, cloud computing is slowly becoming the next big wave to hit industries and computing professionals around the globe, after Android applications. The cloud computing platform is one of the only ways in which that companies can reach new levels within their industry. One of the growing trends in the world is the rise in open-source cloud computing. Although very handy and easily available, there are factors that one needs to consider before implementing it across the company. We discuss the various problems associated with cloud computing compliance issues.

Plugging the holes in the cloud while you can

Open source cloud has rapidly increased as a mode of communication and storage for most companies around the world. Yet, due to the fact they are open source, there are certain regulatory factors that need come into the purview. Although, open source cloud computing is a conducive and a viable option compared to existing facilities, there are several factors that should be taken care of while on the cloud.

Standards-to-watch-for

  1. How secure is your cloud: One of the primary organisations that is ensuring the compliance to security issues is met, is the Cloud Security Alliance (CSA). The latter is a global coalition that represents businesses, apart from industry and subject matter experts. This organization is the reason why most companies are ensuring that they achieve the best practices within their cloud, across the world.
  2. Is the cloud compliant: When placing workloads on the cloud, make sure that you have conducted certain risk assessments before you go on the cloud. Cloud security compliance standards, once implemented is one of the factors that deals with virtualization issues.
  3. Does it have a license? Per user, device and enterprise licensing models for the cloud are essentially factors that impact companies. Licensing issues are also present in the open-source cloud models and they need to address at the outset. There may issues to be dealt with such as proprietary licenses, and other traditional licenses.
  4. Is It Interoperable? Portability within your cloud should be the reason that you are sticking to the cloud. Transferring data from one cloud to another should be the reason that you have selected the convenience provided by the cloud. This will bring forth other important factors to the purview which involves certain standards such as those laid down by the Institute of Electrical and Electronics Engineers or IEEE.
  5. How Scalable is your cloud: The faster you can connect and transfer data on your server, the faster it can upload workloads and store other data. Ensure that you cloud is scalable and brings you the convenience of uploading heavy workload without changing too much in the service contract.
  6. Evaluate the performance: Your SLA with the cloud should involve factors that allow you the convenience of business continuity and disaster recovery. This will help you measure the performance of the cloud in those critical moments.

It’s vital to have some levels of compliance in any technological advancement to enhance your business prospects. HCL Technologies is one of the technological giants that adhere to the cloud computing standards which is the reason it is in the forefront while delivering innovative SAP Solutions for its clients be it on the cloud, on premise, or through a hybrid approach.

To know more about cloud computing standards and services please visit HCL Technologies.

Do You Know the Top Threats to Cloud Security?

Where computing goes, trouble follows — in the form of hackers, disgruntled employees, and plain old destructive bugs. And as computing is moving to the Cloud (it says so right there in our logo!) that’s where some of the newest threats are emerging.

The Cloud Security Alliance has identified The Notorious Nine, (registration required) the top nine cloud computing threats for 2013.

Data breaches, data loss, account and traffic hijacking, insecure interfaces and APIs, denial of service attacks, malicious insiders, cloud “abuse” (using the power of the cloud to crack passwords), lack of due diligence, and shared technology platforms leading to shared vulnerabilities.

 

DMTF Releases Specification for Simplifying Cloud Infrastructure Management

The Distributed Management Task Force (DMTF), the organization bringing the IT industry together to collaborate on systems management standards development, validation, promotion and adoption, today announced the release of the new Cloud Infrastructure Management Interface (CIMI) specification. The new specification standardizes interactions between cloud environments to achieve interoperable cloud infrastructure management between service providers and their consumers and developers, enabling users to manage their cloud infrastructure use easily and without complexity.

Cloud computing allows customers to improve the efficiency, availability and flexibility of their IT systems over time. As companies have adopted cloud computing, vendors have embraced the need to provide interoperability between enterprise computing and cloud services. DMTF developed CIMI as a self-service interface for infrastructure clouds, allowing users to dynamically provision, configure and administer their cloud usage with a high-level interface that greatly simplifies cloud systems management.

“The CIMI standard is a critical piece for cloud infrastructure management because it alleviates complexity while improving flexibility, portability and security,” said Winston Bumpus, Chairman of the Board, DMTF. “With the release of the CIMI v1.0 specification, DMTF offers a well-rounded, industry-wide solution for simplifying cloud infrastructure management.”

Today’s release includes two components:

  • Cloud Infrastructure Management Interface – (CIMI) Model and REST
    Interface over HTTP Specification
  • Cloud Infrastructure Management Interface – (CIMI) Primer

The CIMI specification is the centerpiece of DMTF’s Cloud Management Initiative, and is the first standard created by the Cloud Management Working Group (CMWG). DMTF’s Cloud Management Initiative includes contributions from additional working groups including the Cloud Auditing Data Federation Working Group (CADF WG), the Network Services Management Working Group (NSM WG), the Software License Management (SLM) Incubator and the System Virtualization, Partitioning, and Clustering Working Group (SVPC WG). Additional announcements are expected from DMTF cloud-related working groups early next year.

DMTF working groups and incubators collaborate with a number of industry organizations in an effort to unify their cloud management initiatives. These organizations include the Cloud Security Alliance (CSA), the China Communications Standards Association (CCSA), the China Electronics Standardization Institute (CESI), the Open Data Center Alliance (ODCA), the Storage Networking Industry Association (SNIA), the Open Grid Forum (OGF), the Object Management Group (OMG), The Open Group (TOG), the Metro Ethernet Forum (MEF), the Global Inter-Cloud Technology Forum (GICTF) and the TeleManagement Forum (TMF).

For additional information on DMTF’s cloud efforts, including specifications, whitepapers and charters, visit www.dmtf.org/cloud.