I’m a founding member and serve as the technical advisor for the Cloud Security Alliance (CSA.) This is an organization you may not have heard of yet, so I wanted to introduce you.
The more formal definition of the role and goals of the CSA appears below, but it’s most easily described as a member-driven forum for both industry, providers and “consumers” of Cloud Computing services to discuss issues and opportunities for security in this emerging space and help craft awareness, guidance and best practices for secure Cloud adoption. It’s not a standards body. It’s not a secret cabal of industry-only players shuffling for position.
It’s a good mix of vendors, practitioners and interested parties who are concerned with framing the most pressing concerns related to Cloud security and working together to bring ideas to life on how we can address them.
From the website, here’s the more formal definition:
The CSA is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
The Cloud Security Alliance is comprised of many subject matter experts from a wide variety disciplines, united in our objectives:
- Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.
- Promote independent research into best practices for cloud computing security.
- Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.
- Create consensus lists of issues and guidance for cloud security assurance.
The Cloud Security Alliance will be launched at the RSA Conference 2009 in San Francisco, April 20-24, 2009.
It’s clear that people will likely draw parallels between the CSA and the Open Cloud Manifesto given the recent announcement of the latter.
The key difference between the two efforts relates to the CSA’s engagement and membership by both providers and consumers of Cloud Services and the organized non-profit structure of the CSA. The groups are complimentary in nature and goals.
You can see who is participating in the CSA now based upon the pre-release of the working draft of our initial whitepaper. Full attribution of company affiliation will be posted as the website is updated:
Founding Members and Contributors
Founding Charter Companies
If you’d like to get involved, here’s how:
Individuals with an interest in cloud computing and expertise to help make it more secure receive a complimentary individual membership based on a minimum level of participation. If you are interested in becoming a member, apply to join our LinkedIn Group.
Not-for-profit associations and industry groups may form an affiliate partnership with the Cloud Security Alliance to collaborate on initiatives of mutual concern. Contact us at firstname.lastname@example.org for more information.
Information on corporate memberships and sponsorship programs will be available soon. Contact email@example.com for more information.