The Cloud Security Alliance Needs You
Launched last month, the founders are security professionals from Cloud customers and Security in the Cloud providers (with sponsorship coming from the latter). The Technical Adviser is friend and fellow security professional Chris Hoff.
From the Introduction on page 5 of the guidance document:
The Cloud Security Alliance is a grassroots effort to facilitate the mission to create and apply best practices to secure cloud computing. Incorporated as a not-for-profit organization, our efforts will seek to provide a voice for security practitioners. However, recognizing that a secure cloud is a shared responsibility, we will be inclusive of all organizations and points of view to fulfill this mission.
What follows is our initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there will certainly be guidance that we could improve upon. We will quite likely modify the number of domains and change the focus of some areas of concern. We seek your help to improve this guidance to make version 2.0 of this document an even better asset to the security practitioner and cloud provider.
How To Get Involved
This is a real opportunity to shape the future security of Cloud. With sufficient participants, a mature guidance document and strong awareness, I believe a group like this can make a real impact on the future of Cloud Security. Its my view that this advances the Cloud Security conversation which is a major reason why I started this blog and will be contributing as I can.
If you’ve been sitting on the sidelines up to now, I encourage you to get involved and contribute as little or as much as you can.
Getting started is easy:
1. Join the CSA linkedin.com group to become an official member of the group (I’m already a member).
2. Review and give feedback to the CSA guidance document via the CSA Google Group.
Finally, the CSA have a number of events planned to spread the word, including Gluecon (Denver), ISSA CISO Forum (Chicago) and the Cloud Computing Expo Europe in Prague, Czech Republic. More info here.