The Cloud may be a unsafe place, especially when there are multiple entities running different (read – weird) kind of software and you don’t know what’s going on at different locations/ systems/ disks/ partitions etc. Since someone else is managing all this for you, your suspicion only goes up.
The number of Cloud Computing users in recent past has gone up exponentially, and so has the threat level. Some people compare it to the threats/ break-ins faced by Apple computers vs. Microsoft Windows based computers. If only 1% of both types of systems would have problems reported, Windows events would stand reported about n-times more than Apple. It’s just that there are a lot more people using the Windows based systems.
Applying similar analogy to the Cloud, the more it is used/ worked upon by individuals / businesses, the more innovations happen and more issues reported.
Back in 2008, just about when the hype around the term Cloud Computing was gathering real life implementation and applications/platforms were coming up faster than the talk, during a conference of CISOs (Chief Information Security Officer), the idea of formalization of a platform for Cloud Security was born. And after a few months, the Cloud Security Alliance (CSA) was established.
Taking a quote from their mission statement, “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
As it is evident, the core idea of this organization is to spread the word about being safe in the Cloud, involving the education dimension.
With the help of member organizations, CSA takes up various research initiatives, towards ensuring a safer Cloud Computing environment. Some of their initiatives include –
CSA has also started setting up processes/ best practices for Cloud Computing environment in general. One of the initiatives has been the formalization of the Audit practice. They have put up Cloud Audit as a project within CSA research initiatives.
Besides this, CSA has started an education/ certification called CCSK (Certificate of Cloud Security knowledge). This test is designed to ensure that professionals have awareness of security issues around a Cloud Computing environment and use best practices around securing a Cloud application.
CSA generally holds an event once a year, wherein they share their roadmap for the upcoming year. For 2011, CSA has shared that they would be focusing on the following –
- CloudSIRT – Adaptation of standard Security Incident Response Team (SIRT) methodology to Cloud.
- Cloud Security Architecture Reference Model – Proposing a best practices based reference architecture model for secure Cloud implementation.
- Next version (3.0) of the “Guidance for critical areas of focus in Cloud Computing”