Articles Tagged with CSA

CloudComputing

Public Cloud Reality: Reinforced at CSA Summit

CloudComputing

I have written about the Public Cloud Reality and the need to bring your own security, monitoring, support. This was reinforced by Dave Asprey of Trend Micro at the last Cloud Security Alliance Summit held at this years RSA Conference. The gist of Dave Asprey’s talk was that YOU are responsible for the security of your data, not the cloud service provider. Unfortunately, this sort of discussion often devolves into one of shared vs tenant responsibility, the type of data, etc. It will also devolve into a legal discussion just as quickly. Unfortunately, all this does is point fingers. The long and the short of this discussion is about two items often mixed as one.

Read More

CloudComputing

News: Sky High Networks provides Cloud Service Security Ratings

CloudComputing

There has been a dearth of intelligence reporting on cloud services and up until now we had to rely upon the Verizon Breach Report, Alert Logic’s State of the Cloud report, the Enisa and other reports, but even so there was nothing specifically about a given cloud service outside the lightly used Cloud Security Alliances STAR self-certification. Instead you must imply something about a given service. This has changed. Meeting this need is Sky High Networks.

Read More

csa_logo_190_60

Cloud Security Alliance: STAR and other Initiatives

csa_logo_190_60

The 5/17 Virtualization Security Podcast was an open forum on the Cloud Security Alliance initiatives, specifically the Security, Trust, & Assurance Registry (STAR). Which is “a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.” The CSA has grown from a grass roots organization to a major player and producer or guidance for security and compliance for clouds.

Read More

Cloud Security Alliance launches Training

On the 6/2 Virtualization Security Podcast, Rich Mogull, an analyst for Securosis, joined us to discuss his work with the Cloud Security Alliance (CSA) to develop the two day course called the Certificate of Cloud Security Knowledge (CCSK). While this course is not about learning all the intricacies of cloud security it is about providing a level set of knowledge required to even begin to talk about cloud security.

Read More

NIST Cloud Computing Definitions Final

On the Virtualization Security Podcast from several weeks ago, wh had Craig Balding of the Cloud Security Alliance (CSA) and Peter Mell who heads up Cloud within NIST as guests, who announced the availability of the NIST Cloud Computer Definitions as well as some basic guidance around securely using the cloud. While the NIST definitions were available in draft form prior to a few weeks ago, they are now official definitions, and this is a large step forward for the cloud.

Read More