A new organization plans to provide security advice to companies adopting cloud computing products.
The Cloud Security Alliance announced its formation this week. The nonprofit organization will be formally launched April 21 at the RSA Conference 2009 in San Francisco. It will promote the use of best practices for securing cloud computing and educate people on how cloud computing can secure other forms of computing.
Security consultant Jim Reavis, co-founder of the alliance, said the organization wants to provide security education and guidance to companies implementing cloud computing. The organization will also help cloud computing vendors address security in their software delivery model, he said.
"There's always been a connection to an enterprise managing information and having the facilities to do that, but with cloud computing your separating the information you're accountable for and stewardship of that is going to a third party," Reavis said.
Cloud computing is on-demand access to information technology services. Virtualization is the means by which companies access those services, Reavis said. According to Gartner, by 2011 early technology adopters will purchase 40% of their IT infrastructure as a service, "untying applications from specific infrastructure." Security vendors have been retooling their applications under VMware's VMsafe program. Symantec Corp., McAfee Inc., Trend Micro Inc. and others are integrating security tools to address virtualization.
The new alliance will release a technical paper at RSA called "Guidance for Critical Areas of Focus in Cloud Computing." The paper outlines issues that must be addressed for customers and providers of cloud computing. Reavis said the paper is very comprehensive, covering the legal, technology and management issues associated with cloud computing.
"We've farmed out areas to a subject matter expert to look at what are the key risks and opportunities and what's the key guidance we can provide to the consumers of cloud services," he said. "We want to provide pretty pragmatic stuff."
Throughout the year the group also plans to offer expert advice from people in various industries to provide best practice recommendations to companies adopting cloud computing products.
The organization is led by cloud computing and security experts and supported by founding charter companies PGP Corp., Qualys, Inc. and Zscaler, Inc. Security expert and blogger Chris Hoff will serve as the organization's technical director.
Another organization recently launched to address the security challenges associated with cloud computing and support the market growth of the technology. Called the Open Cloud Manifesto, the organization lists security, data and application interoperability and portability, management and governance, and metering and monitoring as some of the areas that need to be addressed by the industry. It counts EMC Corp., IBM Internet Security Systems, Novell Inc. and Sun Microsystems Inc. among its backers.