Cloud Security Alliance Announces Open Certification Framework Program

By | May 17, 2012

While many IT departments at midsize businesses have been quick to adopt the cloud, it's still a relatively new utility that isn't 100-percent reliable and secure. The Cloud Security Alliance (CSA), a nonprofit organization devoted to ensuring security and best practices among cloud service providers, is aiming to change all that with their Open Certification Framework (OCF) program.

According to InfoWorld, the program aims to ease fears among IT by providing a flexible set of initiatives that will address IT workers' concerns as well as establish a common methodology for cloud service providers (CSP). The framework will be based on a series of research projects known as the Governance Risk and Compliance Stack. These projects include the following:

  • Cloud Controls Matrix: This helps IT assess a CSP's security risk;
  • Consensus Assessments Initiative: This is essentially a questionnaire that IT can use to assess a potential CSP;
  • CloudTrust Protocol: A mechanism that allows IT to make sure their CSP is operating exactly the way the provider described.

With more cloud service providers popping up daily and already established providers expanding their services, choosing the best provider for an enterprise can be an overwhelming experience. Once a CSP is chosen, IT then has to contend with the difficulty of moving all their business's data is to the cloud. After exerting that much effort, IT deserves the assurance that they can trust their provider to keep their data secure. That said, this new initiative is something IT professionals should be excited about. According to TechNet, there is currently no industry standard set of questions for IT to use to evaluate a CSP's security practices. IT is left to cultivate their own set of criteria to compare and contrast potential CSPs. This can prove both time-consuming and expensive. With an established set of questions not only can potential customers evaluate each CSP in a simple, straightforward fashion, but cloud service providers have a set of guidelines they know they have to answer to. It keeps everyone in the process above-board. The OCF also aims to level out international standards, which is key for midsize businesses that store their data in both US-based servers and those abroad.

A framework like the one the Cloud Security Alliance is posing is especially important in the wake of the Megaupload scandal. The hosting site was allowing illegal file sharing, and as a result, was shut down by the government, leaving customers' data inaccessible. Establishing transparency and making CSPs auditable and accountable by a set of standards might prevent a similar scandal from occurring. If anything, the OCF would mean that midsize businesses aren't storing their data on third-party servers based on just trust alone.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Cloud Computing

Cloud computing can help midsize businesses transform their operations and technology by establishing a flexible, adaptable IT environment to quickly meet changing requirements.

Learn More »

More on This Topic

The Building Blocks Of Private Cloud

By Tiffany Winman on Sep 8, 2014
Given the myriad features and options available, knowing which cloud deployment to choose can be difficult. One option, a private cloud, can be a daunting task to implement. The functions (or “use cases”/”building blocks”) of a private cloud –end-user self-management, ...