Some Exciting News: CloudAudit Moves Under the Cloud Security Alliance...
11 views
Skip to first unread message
Hoff
Oct 17, 2010, 12:37:38 PM10/17/10
to CloudAudit
Jim Reavis of the CSA and I are excited to announce that CloudAudit is
now an official project of the Cloud Security Alliance! The
CloudAudit working group's activities will now fall under the
organizational and administrative auspices of the CSA.
The M.O.U. was signed at a meeting during RSA Europe after discussions
held previously amongst available available participating members.
The reason for moving CloudAudit under the CSA are simple:
1) The CSA enjoys a well-balanced membership of volunteers from the
enterprise, service providers and industry
2) Most of the CloudAudit leadership are also key team members of the
CSA
3) CloudAudit's namespaces & CompliancePacks are all derived from the
CSA's Cloud Control Matrix
4) A single licensing scheme and roadmap simplifies both
organizations' needs
5) The CSA's other initiatives (CAI, TCI, etc) all align with
CloudAudit and will enjoy a tighter coupling
6) The CSA has the infrastructure and organizational membership needed
to drive CloudAudit
The working group's objectives and structure will likely not change
but we'll enjoy greater coverage, exposure,
involvement and focus from the community. The weekly calls will
continue shortly as we transition over to the
CSA's infrastructure.
There will be an official press release shortly.
Jim and I look forward to seeing CloudAudit become even more
successful under the CSA.
/Hoff
now an official project of the Cloud Security Alliance! The
CloudAudit working group's activities will now fall under the
organizational and administrative auspices of the CSA.
The M.O.U. was signed at a meeting during RSA Europe after discussions
held previously amongst available available participating members.
The reason for moving CloudAudit under the CSA are simple:
1) The CSA enjoys a well-balanced membership of volunteers from the
enterprise, service providers and industry
2) Most of the CloudAudit leadership are also key team members of the
CSA
3) CloudAudit's namespaces & CompliancePacks are all derived from the
CSA's Cloud Control Matrix
4) A single licensing scheme and roadmap simplifies both
organizations' needs
5) The CSA's other initiatives (CAI, TCI, etc) all align with
CloudAudit and will enjoy a tighter coupling
6) The CSA has the infrastructure and organizational membership needed
to drive CloudAudit
The working group's objectives and structure will likely not change
but we'll enjoy greater coverage, exposure,
involvement and focus from the community. The weekly calls will
continue shortly as we transition over to the
CSA's infrastructure.
There will be an official press release shortly.
Jim and I look forward to seeing CloudAudit become even more
successful under the CSA.
/Hoff
G. Hussain Chinoy
Oct 17, 2010, 12:45:41 PM10/17/10
to cloud...@googlegroups.com
Great work, Hoff et al.,
H
yo.d...@emc.com
Oct 17, 2010, 1:08:39 PM10/17/10
to cloud...@googlegroups.com
Excellent news! This will go a long way to further adoption !
Rizwan Ahmad (Ryu taichi)
Oct 17, 2010, 4:19:15 PM10/17/10
to cloud...@googlegroups.com
dear hoff,
congrats
rizwan
versace
Oct 18, 2010, 9:22:05 AM10/18/10
to CloudAudit
Great news -
The Tools working group needs to ramp up against our stated goals and
mission. The last few weeks have been busy for most, so I'd like to
use this coming week to get things back into gear. Here's where we
stand:
1- Need to differentiate between PROVIDER and CONSUMER Tools.
Example, CloudAudit could quickly produce a validation/syntax checking
tool for service providers to validate namespace form and format,
links, file locations, and other structural components of cloudaudit
services. This would be part of the reference implementation for
PROVIDERS.
2 - Certification and how far should we go - The goal is not to become
a CloudAudit certification body, but to produce the standards and tool
reference specifications that official certification bodies can elect
to use as part of their services.
3- Namespace DATA requirements and what it means to the Tools W/G -
the Standards W/G has the objective to produce data requirements for
each framework namespace. Tools w/g should focus on the capabilities
need to reliably and securely "fill the data in (PROVIDER), and use
the data (CONSUMER)". Tools need to be audit-able.
4- Make-up of W/Gs - do we have this right? Should the Consumer and
Provider teams working as subgroups to the Tools W/G?
5- Use Case Workflow - need to select one or two use cases and design
a workflow to show the interaction between CONSUMER Tools and PROVIDER
Tools.
The Tools group was also asked to look at an incorporate the CSC Trust
Cloud Protocol and aspects of SCAP relative to consumer and provider
tool requirements.
Next meeting announcement for 10/22 due out shortly.
Mike
The Tools working group needs to ramp up against our stated goals and
mission. The last few weeks have been busy for most, so I'd like to
use this coming week to get things back into gear. Here's where we
stand:
1- Need to differentiate between PROVIDER and CONSUMER Tools.
Example, CloudAudit could quickly produce a validation/syntax checking
tool for service providers to validate namespace form and format,
links, file locations, and other structural components of cloudaudit
services. This would be part of the reference implementation for
PROVIDERS.
2 - Certification and how far should we go - The goal is not to become
a CloudAudit certification body, but to produce the standards and tool
reference specifications that official certification bodies can elect
to use as part of their services.
3- Namespace DATA requirements and what it means to the Tools W/G -
the Standards W/G has the objective to produce data requirements for
each framework namespace. Tools w/g should focus on the capabilities
need to reliably and securely "fill the data in (PROVIDER), and use
the data (CONSUMER)". Tools need to be audit-able.
4- Make-up of W/Gs - do we have this right? Should the Consumer and
Provider teams working as subgroups to the Tools W/G?
5- Use Case Workflow - need to select one or two use cases and design
a workflow to show the interaction between CONSUMER Tools and PROVIDER
Tools.
The Tools group was also asked to look at an incorporate the CSC Trust
Cloud Protocol and aspects of SCAP relative to consumer and provider
tool requirements.
Next meeting announcement for 10/22 due out shortly.
Mike
Reply all
Reply to author
Forward
0 new messages