The Cloud Security Alliance (CSA) has announced that it's working to put together both a list of who should be the issuing authority behind a cloud-specific security standard, as well as what the standards should address.
The process won't necessarily be quick; an initial statement of direction is expected during the first quarter of next year.
By which time, of course, the cloud and its nature will have continued its explosive growth in both popularity and security concerns.
Still, there's cause for optimism in the very fact that the matter is being addressed, and that CSA is well aware of and attendant to how the diffuse nature of the cloud itself will require a certain diffusion of authority in the setting of standards.
Higgins quotes CSA executive director as saying, "This is going to be a shared thing."
It's going to have to be to have any hope of effectiveness.
A broad-based group addressing the standards issue(s), will by the nature of its breadth and membership help define what the standards-setters at least see not only as the key players but also the key issues and how standards will be established.
There's likely to be a pretty good wrangle as the standards move from statement of direction to actual development, but that too will help refine the sense of what the cloud is, at least to what we can hope really will be a broad and inclusive group putting together broad, inclusive, and above all effective and usable standards for cloud security service.