Cloud Security Open API Effort Kicks Off

CipherCloud and the Cloud Security Alliance form a new working group to fill a perceived gap in the cloud access security broker market.

cloud security

A new working group for defining an Open API for cloud security debuted today at the Cloud Security Alliance (CSA).

The group is being led by CipherCloud, with participation from Deloitte, Infosys, Intel Security and SAP.

The purpose of the group's open cloud API effort is to help define a standard for the emerging cloud access security broker (CASB) space. Chenxi Wang, vice president of Cloud Security & Strategy at CipherCloud, explained that CASB encompasses four pillars: data protection, threat prevention, visibility and compliance.

"By that definition, it is much broader than integration from cloud to internal identity directories," Wang told eWEEK.

As to why CipherCloud decided to bring the cloud security Open API effort to the CSA, it is because the CSA is the premier industry consortium for cloud security, she said. Since the effort addresses cloud security issues, the CSA was CipherCloud's clear first choice as partner.

In many cases today, cloud identity is handled by Security Assertion Markup Language (SAML) assertions, which can enable federated identity across cloud vendors. Wang noted that identity management is only one piece of the puzzle for cloud security, and the new open API effort will cover issues such as data classification, data protection and access management.

"We will not propose new protocols to replace SAML, but instead, we will fill gaps where existing standards are lacking," Wang said. "For instance, how does the enterprise specify to the cloud service that a particular piece of data and content can only be stored in a particular geography? You can't do that today automatically."

Additionally, Wang said that there is no good answer today to taking a cloud security geography requirement from the Web front end to the application layer and finally to the storage layer. Every cloud application does policy differently, which means cloud users have to do custom development and integration with each cloud application, she added.

"This Open API effort will standardize the specification, control and assessment across the tiers of the cloud infrastructure, which will in turn significantly lessen the work on the developers' part and hence expedite time to market for cloud adoption," Wang said.

The CSA Open API effort could eventually become part of the CSA Security Trust and Assurance Registry (STAR) certification program.

"The immediate goals of this effort are to issue specifications for the API framework, reference architecture documents, as well as a few whitepapers," Wang said. "After that, we may propose to incorporate that as part of the CSA STAR, if the industry embraces the API standards."

Wang emphasized that the Open API working group is focused on the immediate goals first. She added that CipherCloud and its partners may also work with other open-source communities to get wider developer participation, but again that will come after the first phase of the working group tasks have been achieved.

While CipherCloud is formally announcing the Open API working group now, the group's activities are not expected to commence until early July, after the CSA has a subject matter expert review.

"The review is for CSA corporate members to provide comments and feedback to the proposed charter of the working group," Wang said. "This is also a way for the members to express interests in participation."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.