CSA, CipherCloud look to standardise APIs for cloud access security brokerage

The CSA and CipherCloud are leading an initiative to standardise API implementation for cloud access security brokerage

The CSA and CipherCloud are leading an initiative to standardise API implementation for cloud access security brokerage

The Cloud Security Alliance (CSA) and cloud security vendor CipherCloud are forming a working group to jointly develop best practice around API deployment for cloud access security brokerage services.

Cloud Security Open API Working Group, which at its founding will include contributions from Deloitte, InfoSys, Intel Security, and SAP among others, will jointly define protocols, guidelines and best practices for implementing data security services – encryption, tokenisation and other technologies – across cloud environments.

The CSA said the working group plans to develop API specifications and reference architectures to guide cloud-based data protection.

“Standards are an important frontier for the cloud security ecosystem,” said Jim Reavis, chief executive of CSA.

“The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment – a win for vendors, partners and users. Standardising APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications,” Reavis said.

Pravin Kothari, founder and chief executive of CipherCloud said: “Cloud is the killer app for security innovation. But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security. Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in [cloud access security brokerage], we are excited to co-lead this initiative with CSA to accelerate security across clouds.”

The initiative may enhance the ability to integrate various cloud services securely according the Jeff Margolies, principal at Deloitte, and open up what is generally considered to be a fairly closed, proprietary-dominated space.

“Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure,” he said, adding that the working group may help consolidate standards among vendors and cloud customers.