Board rooms and server rooms alike are struggling with the question “How do I ensure security in the cloud?” An increasingly common scenario: The business wants to add new functionality and tech has found a way to provide that functionality at a fraction of the cost by utilizing a service offered in the ‘cloud’. What’s a compliance officer to do? The answer may lie in the latest attempt to bring order to this frontier:
Trusted Cloud Initiative Kicks Off — Novell and the year-old non-profit Cloud Security Alliance (CSA) have announced a vendor-neutral Trusted Cloud Initiative to develop a consensus-based identity management reference model and third-party certification criteria for cloud providers. They say a trusted standard should alleviate the concerns about security, governance and control of their data and IT assets that organizations considering adopting cloud-based computing may have. It was Novell’s idea and Novell has identity management interests. The certification criteria, seal and roadmap will be defined by CSA members, which represent a cross-section of stakeholders, end-user organizations, cloud service, SaaS and technology providers and include Novell, of course, Microsoft, Dell, Rackspace, Qualys, HP, Intel, Cisco, McAfee, ISACA, DMTF and Symantec, as well as individual representatives from Global 2000 organizations and the world’s governments.