Cloud Security Alliance Aims Certification At Government Clouds

The Cloud Security Alliance has announced a framework for certification, designed to reassure government departments and public sector companies that the cloud is safe to use.

The Alliance, which formed last year, aims to provide a way for users to compare the security provisions of different cloud offerings without having to start from scratch and announced its plans for an open framework at the SecureCloud 2012 conference in Frankfurt earlier this month.

Avoiding wasted effort

Join TechWeekEurope's Cloud Security Panel on BrightTalk

At present, it takes a lot of effort to ensure a cloud service meets a given user’s security needs, and each user has to conduct their own detailed analysis. When complete, the framework should avoid this duplicated effort, said the CSA’s EMEA managing director, Daniele Cattedu.

No details are available yet, as the programme is still being worked out, but Catteddu said it would start with self-assessment, where providers classify the service they wish to provide. “Third-party assessment will follow and then continuous monitoring,” said Catteddu.

The framework is necessarily nebulous at this stage, as the CSA hopes to make it meet requirements of the EU Cloud Strategy promised by Neelie Kroes, the details of which are still being worked out, with a plan to launch a European Cloud Partnership in July. In order to participate however, providers will have to have some sort of certification and this will be developed to be as pan-European as possible to save the expense of re-certification.

Getting in at an early stage, the CSA hope to create a certification programme which will produce useful ways to compare cloud service providers on the basis of their security provisions – which can also be applied in the private sector.

“This project did not start in the public sector,” Catteddu told TechWeekEurope. “There is work being done by the European Commission, but it is not the the place where the plan was conceived.”

Cloud security – and a means to assess it – is a general need, he said, and a good certification programme should work in both sectors. “The EU Commission is very supportive of this. It is a very good fit.”

Join TechWeekEurope’s Cloud Security webinar on Wendesday 23 May

How much do you know about the cloud? Try our quiz

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago