CSA guidelines to be used in new cloud security assessment

June 12, 2012

Many companies pushing for a clearer sense of cloud security practices will see the industry moving one step closer to that dream with the launch of an Information Services Group (ISG) security assessment. The assessment will be based on guidelines put forth by the Cloud Security Alliance (CSA) and will seek to identify the true risks associated with the use of cloud computing.

Measurable security
A third edition of security guidance from the CSA released in November 2011 is the most recent official release aimed at assisting with the process of how to secure cloud computing, but includes more actionable recommendations than previous editions, thanks to a maturing cloud. Along with that come measurable ideas that will enable auditing and reporting standards, such as those ISG is attempting to accomplish with their assessment. Both groups see the goal not just to assist the consumers, but to establish appropriate practices for providers as well.

"The ISG Cloud Security Assessment is designed to help clients understand their risk profile and identify their unique security requirements with regard to adopting cloud services," ISG partner Steve Hall said. "Equipped with this knowledge, they'll be better positioned to obtain assurances from cloud providers that their requirements are being met. Providers, meanwhile, will have clearer direction towards delivering an appropriate solution to their customers."

Standardization concerns
Assessments will help promote the CSA's standardization process. A May conference saw the Alliance propose a certification framework more specifically geared toward providers. Regulation of providers, which could come through a certification process, would help answer the concerns of the 98 percent of IT professionals who feel the need to better measure data security in the cloud.

Compliance provided a major threat to many, with 84 percent of respondents putting issues with data protection and external regulations as a major issue. ISG aims to find strengths surrounding compliance that are possible in the cloud.

Conflicted minds
Concerns about cloud security are often due to the young and mobile nature of the technology. Despite many studies, there is still a general dearth of understanding about the risks associated with migrating to cloud services, and how they relate to all the benefits that a move can unlock.

"Many executives are conflicted about cloud services," Hall said. "On one hand, they're eager to reap the benefits of cloud computing. On the other hand, they're wary of the potential risks and uncertainty. This service will help our clients understand the current state of their cloud initiatives and point the way forward for them."

-McAfee Cloud Security