Cloud Security Alliance Guidance v2 Released

Security at Cloud Expo

Last week, the Cloud Security Alliance (CSA) released its Security Guidance for Critical Areas of Focus in Cloud Computing V2.1.

This is a follow-on to first guidance document released only last April, which, gives you a sense of the speed at which cloud technology and techniques are moving. I was one of the contributors to this project.

The guidance explores the issues in cloud security from the perspective of 13 different domains:

Cloud Architecture

Governing in the Cloud

Operating in the Cloud

I thought the domain classification was quite good because it serves to remind people that technology is only a small part of a cloud security strategy.

I know that’s become a terrible security cliche, but there’s a difference between saying this and understanding what it really means.

The CSA domain structure–even without the benefits of the guidance–at least serves as a concrete reminder of what’s behind the slogan.

Have a close look at the guidance.  Read it; think about it; disagree with it; change it–but in the end, make it your own. Then share your experiences with the community.

The guidance is an evolving document that is a product of a collective, volunteer effort. It’s less political than a conventional standards effort (look though the contributors and you will find individuals, not companies). The group can move fast, and it doesn’t need to be proscriptive like a standard–it’s more a distillation of considerations and best practices.

This one is worth tracking.

© 2008 SYS-CON Media