Cloud Security Certification In Development, But It Won't Be Quick

The news that formal security certification for cloud-based services is in development is welcome news indeed. The news that the players involved understand just how complicated devising a certification will be is also good news, however little it may seem so at the moment.

Keith Ferrell, Contributor

November 5, 2009

2 Min Read

The news that formal security certification for cloud-based services is in development is welcome news indeed. The news that the players involved understand just how complicated devising a certification will be is also good news, however little it may seem so at the moment.At the moment, as Kelly Jackson Higgins points out in a good, thorough piece, there's no specific security certification for cloud-based services.

As a result, providers are using either SAS 70 or ISO 27001,generally established before the cloud was anything more than an idea.

That's changing.

The Cloud Security Alliance (CSA) has announced that it's working to put together both a list of who should be the issuing authority behind a cloud-specific security standard, as well as what the standards should address.

The process won't necessarily be quick; an initial statement of direction is expected during the first quarter of next year.

By which time, of course, the cloud and its nature will have continued its explosive growth in both popularity and security concerns.

Still, there's cause for optimism in the very fact that the matter is being addressed, and that CSA is well aware of and attendant to how the diffuse nature of the cloud itself will require a certain diffusion of authority in the setting of standards.

Higgins quotes CSA executive director as saying, "This is going to be a shared thing."

It's going to have to be to have any hope of effectiveness.

A broad-based group addressing the standards issue(s), will by the nature of its breadth and membership help define what the standards-setters at least see not only as the key players but also the key issues and how standards will be established.

There's likely to be a pretty good wrangle as the standards move from statement of direction to actual development, but that too will help refine the sense of what the cloud is, at least to what we can hope really will be a broad and inclusive group putting together broad, inclusive, and above all effective and usable standards for cloud security service.

Read more about:

2009

About the Author(s)

Keith Ferrell

Keith Ferrell

Contributor

See more from Keith Ferrell
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Empty hospital hallway
Cyberattacks & Data Breaches
Ascension Healthcare Suffers Major CyberattackAscension Healthcare Suffers Major Cyberattack
byNathan Eddy, Contributing Writer
May 10, 2024
3 Min Read
Black noodles with tomatoes on top
Cyberattacks & Data Breaches
500 Victims In, Black Basta Reinvents With Novel Vishing Strategy500 Victims In, Black Basta Reinvents With Novel Vishing Strategy
byNate Nelson, Contributing Writer
May 13, 2024
4 Min Read
Wireless Internet symbol on a cellphone being held in a hand
Endpoint Security
Flaw in Wi-Fi Standard Can Enable SSID Confusion AttacksFlaw in Wi-Fi Standard Can Enable SSID Confusion Attacks
byJai Vijayan, Contributing Writer
May 15, 2024
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events