"How identities are managed either in the cloud, or federated with the cloud, create significant barriers for enterprise adoption of cloud services," said Alan Boehme, SVP IT Strategy and Enterprise Architecture, ING Americas, and current CSA board member. "By building a consensus security reference guide and certification roadmap, we are creating common ground for both enterprises and cloud providers, and expect to accelerate cloud adoption."
"In traditional IT environments, the organization controls its applications, servers, and storage infrastructure. However, the control architecture changes profoundly for public cloud offerings," said Jim Reavis, executive director of CSA. "When an organization moves IT resources and sensitive data such as personal names, addresses, and phone numbers into the cloud, control and trust issues must be addressed through a trusted third-party certification program. When Novell proposed the initiative, we immediately embraced the idea."
"Our customers need a visible seal of trust. We strongly believe education, clarity and industry-approved security guidelines will propel the adoption of cloud computing by eliminating the security concerns inhibiting many organizations," said Dipto Chakravarty, CSA member, and vice president of engineering, Identity and Security, Novell. "Our company's experience and leadership in cloud security and identity management demonstrates Novell is firmly committed to contributing to the Trusted Cloud Initiative."
The certification criteria, seal and roadmap will be defined by members of the Cloud Security Alliance, a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing environments. Members of CSA represent a cross section of industry stakeholders, end-user organizations, cloud service, SaaS and technology providers. These include Novell, Microsoft, Dell, Rackspace, Qualys, HP, Intel, Cisco, McAfee, ISACA, DMTF and Symantec, as well as individual representatives from Global 2000 organizations and the world's governments. Nick Nikols, vice president of product management for Novell Identity and Security, will serve as a co-chair for the initiative. Liam Lynch, chief security strategist for eBay, will also serve as a co-chair. Both Nikols and Lynch will provide an introduction to the Trusted Cloud Initiative at 9:45am today at the Cloud Security Alliance Summit, Green Room 131 at the Moscone Center.
According to Zynga CSO and CSA board member Nils Puhlmann, this initiative is well-timed. "We recognize there are several standards efforts underway related to cloud computing, and the CSA is participating in virtually all of them. We are committed to aligning the Trusted Cloud Initiative with other standards efforts and being a responsible industry partner," says Puhlmann. "However, what makes this project so timely is that we can assemble the reference model and certification criteria from existing standards, and we will complete it in 2010. I would like to thank Novell for helping kick-start this important program."
The educational outreach components of the program will be geared toward helping information security, IT audit and software development professionals within enterprises and cloud providers better understand the security, identity and access, compliance, data governance, portability and interoperability requirements organizations must maintain to demonstrate compliance and mitigate risk in the cloud. More information about the Cloud Security Alliance Trusted Cloud Initiative can be found at http://www.trusted-cloud.com. For more information on Novell and its efforts in Cloud security see http://www.novell.com/cloud-security.
About Cloud Security Alliance
The Cloud Security Alliance www.cloudsecurityalliance.com is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
The Cloud Security Alliance is comprised of many subject matter experts from a wide variety disciplines, united in our objectives:
-- Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance. -- Promote independent research into best practices for cloud computing security. -- Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions. -- Create consensus lists of issues and guidance for cloud security assurance.
Novell, Inc. (Nasdaq: NOVL) delivers the best engineered, most interoperable Linux* platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information, visit www.novell.com.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. *All third-party trademarks are the property of their respective owners.