Justice League Blog
Trusted Cloud Initiative
I just moderated a panel on security within Cloud Computing environments. Many of the questions from the audience were about how to trust cloud computing environments. Trust is such a loaded word and I couldn’t tell from the participants if they were looking for a bunch of bolt-on controls or something more holistic.
At RSA, the Cloud Security Alliance announced the Trust Cloud Initiative (TCI). The purpose of the TCI is to take the CSA guidance a couple of steps forward in defining trust by defining both a reference architecture as well as a way to certify cloud services.
There are three sub-groups working on the distinct areas of trust we believe are needed:
- Architecture – definition of the required security controls as well as the relationships, constraints and patterns of usage
- Certification – ways of discovering the security controls provided by particular cloud computing environment and measuring their ongoing usage
- Reference Implementation – working prototypes and demos of the architecture to prove out the architecture
More information the TCI can be found on the CSA website.
Anyone interested in volunteering their time to work in one of the subgroups can contact me and I’ll help you get hooked into TCI effort.
