The Cloud Security Alliance

Several businesses are currently feeling the pressure to optimize their IT operations and subsequently reduce their IT costs. Cloud computing is quickly becoming the best way to create dynamic, rapidly provisioned resources for development environments, applications, backup and storage capabilities, operating platforms and several other IT functions. However, there are also dangerous and somewhat daunting security risks associated with cloud computing. This growing concern about the security of cloud environments led to a strong push from IT leaders at several major companies to develop standards that address security issues in the cloud. One of the organizations formed as a result of this push is the Cloud Security Alliance .

What is the CSA?

The CSA is a non-profit organization whose main aim is to promote research into the most appropriate practices for ensuring the security of cloud computing and the ability of cloud related technologies to secure other computing forms. The alliance also gives security guidance and education to enterprises implementing cloud computing and assists vendors to address the issue of security in their application delivery models. It is headed by an extensive union of industry corporations, associations, practitioners and other important stakeholders.

The alliance leads several research strategies through which reports, tools and white papers are provided in orders to aid both companies (consumers) and vendors secure cloud computing services. A good example is the CSA GRC stack with provides a toolkit for security solution providers, IT auditors, cloud providers and enterprises to asses and instrument both public and private clouds against industry established standards, best practices and critical compliance requirements.

The CSA also offers a Certificate of Cloud Security Knowledge (CCSK), which establishes basic knowledge of issues related to cloud security. The CCSK exam is priced at $295 and is usually based on two documents: ‘Cloud computing: Benefits, Risks and Recommendations for Information Security’ and ‘Security Guidance for Critical Areas of Focus in Cloud Computing’.

Main Objectives of the CSA

  1. Promote research in the best practices for cloud computing security
  2. Promote a general level of understanding between the vendors and consumers of cloud computing in regards to the necessary security requirements
  3. Launch educational programs and awareness campaigns on the best uses of cloud security solutions and cloud computing
  4. Create consensus lists of guidance and issues for cloud security assurance

The cloud security alliance is focused on security within the cloud computing environment being a shared responsibility where both the consumers and the vendors have a role to play. No single party should be entirely responsible for security in a cloud computing model.

 Joining the CSA

The Cloud Security Alliance is a member driven organization; you can either register as an individual, a chapter, and affiliate or an organization.

The continuing growth of the CSA not only reflects the growth of cloud computing, but also the improvement of cloud security practices and solutions. With over 70 chapters globally and 48,000 individual members, the Cloud Security Alliance has become the global authoritative force for trust within the cloud environment.