New Cloud Security Alliance Forms

A new cloud computing security effort is on the horizon called the Cloud Security Alliance.

A new cloud computing security effort is on the horizon called the Cloud Security Alliance.

Reuven Cohen, a cloud computing expert as well as founder and chief technologist at Enomaly, cited the new organization, called the Cloud Security Alliance, which will launch at the RSA Conference 2009, in his blog on March 31. Of the organization created by Nils Puhlmann and Jim Reavis, Cohen said, "This seems like a great idea."

In essence, "The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing," according to a blurb on the organization's Website.

The Cloud Security Alliance's objectives are to:

  • Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
  • Promote independent research into best practices for cloud computing security.
  • Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.
  • Create consensus lists of issues and guidance for cloud security assurance.

Christofer Hoff, who identifies himself as a founding member of the alliance, also wrote a blog post on the organization, explaining that it is "most easily described as a member-driven forum for both industry, providers and 'consumers' of Cloud Computing services to discuss issues and opportunities for security in this emerging space and help craft awareness, guidance and best practices for secure Cloud adoption. It's not a standards body. It's not a secret cabal of industry-only players shuffling for position."

Despite the coincidental timing and some similar goals of the CSA and the Open Cloud Manifesto, which launched March 30, the two efforts are quite different, Hoff noted.

Said Hoff:

""The key difference between the two efforts relates to the CSA's engagement and membership by both providers and consumers of Cloud Services and the organized non-profit structure of the CSA. The groups are complementary in nature and goals.""

The CSA will officially launch at the RSA Conference, which runs April 20-24 at the Moscone Center in San Francisco.

Founding charter companies of the CSA include Zscaler, PGP and Qualys.