May 29, 2012
With calls around the globe for more defined regulation and standardization among cloud computing providers, the New Zealand Computer Society became the most recent body to issue a code of conduct. While other groups have called for external regulations or third-party assessment to help assuage fears over cloud security and build trust in the industry, the New Zealand Cloud Computing Code of Practice will be reliant on voluntary self-regulation.
The framework - known as the CloudCode - will help the organization establish a register and an accreditation process for cloud providers to meet the standards. After six months in the works, the initiative was created based on calls from cloud providers themselves to have more formal standards. Registration for these companies will formally begin in August.
A plan from the non-profit group is just one of many ideas being thrown about regarding the nascent, tough-to-regulate technology. Attempts to create a set of standards for secure cloud computing have contained other calls to arms from independent organizations, such as the Cloud Security Alliance's proposal of multi-layered certification for providers.
Governmental attempts at constructing an ideal of cloud technology have taken shape in the United States under the Federal Risk and Authorization Management Program (FedRAMP). Under FedRAMP, a group of third-party assessors will give their stamp of approval to providers, paving the way for those companies to compete for big-money government contracts. Although FedRAMP certification only assures the approval for providers to be used in U.S. government cloud computing programs, a stamp of approval from the program will give the provider some cache, according to the Federal Times.
Even though the NZCS guidelines only truly apply to services in New Zealand, the organization claims that it is looking to expand its framework to the rest of the world after being one of the earliest countries on the regulation bandwagon.
"New Zealand is one of the first countries to develop such a code," NZCS CloudCode coordinator Joy Cottle said. "There is now significant global interest in adopting the Code as an international project."
Some of the primary concerns that the CloudCode seeks to deal with involve common issues such as data protection, access and location of storage. Other realms covered include backup and data loss prevention policies for participating providers. Though the Code has begun to set guidelines, a formal list of security standards is still in development.
-McAfee Cloud Security