Cloud Security Alliance Aims Certification At Government Clouds
The CSA’s cloud certification framework is designed for the new EU Cloud Strategy, as well as for private companies
The Cloud Security Alliance has announced a framework for certification, designed to reassure government departments and public sector companies that the cloud is safe to use.
The Alliance, which formed last year, aims to provide a way for users to compare the security provisions of different cloud offerings without having to start from scratch and announced its plans for an open framework at the SecureCloud 2012 conference in Frankfurt earlier this month.
Avoiding wasted effort
At present, it takes a lot of effort to ensure a cloud service meets a given user’s security needs, and each user has to conduct their own detailed analysis. When complete, the framework should avoid this duplicated effort, said the CSA’s EMEA managing director, Daniele Cattedu.
No details are available yet, as the programme is still being worked out, but Catteddu said it would start with self-assessment, where providers classify the service they wish to provide. “Third-party assessment will follow and then continuous monitoring,” said Catteddu.
The framework is necessarily nebulous at this stage, as the CSA hopes to make it meet requirements of the EU Cloud Strategy promised by Neelie Kroes, the details of which are still being worked out, with a plan to launch a European Cloud Partnership in July. In order to participate however, providers will have to have some sort of certification and this will be developed to be as pan-European as possible to save the expense of re-certification.
Getting in at an early stage, the CSA hope to create a certification programme which will produce useful ways to compare cloud service providers on the basis of their security provisions – which can also be applied in the private sector. 
“This project did not start in the public sector,” Catteddu told TechWeekEurope. “There is work being done by the European Commission, but it is not the the place where the plan was conceived.”
Cloud security – and a means to assess it – is a general need, he said, and a good certification programme should work in both sectors. “The EU Commission is very supportive of this. It is a very good fit.”
Join TechWeekEurope’s Cloud Security webinar on Wendesday 23 May
How much do you know about the cloud? Try our quiz
