Just under a year ago, a growing non-profit group called the Cloud Security Alliance (CSA) was hitting its stride on the way to fulfilling a promise to educate the masses on best practices for secure cloud computing.
Fast forward, and next week CSA will pack an RSA Conference seminar with 1,200 followers and welcome both White House CIO Vivek Kundra and Salesforce.com CEO Marc Benioff as keynote speakers.
Both have so much love for the cloud it just seems fitting they speak on Valentine’s Day. And to top it off, they are followed by Cisco’s Christofer Hoff, a bad-a** security arrow in Cupid’s quiver.
It’s been an explosive year for both cloud computing and CSA, a group that proved it was in the right spot at the right time with its mission to “promote the use of best practices for providing security assurance within Cloud computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing."
Over the past 10 months, CSA has released its Seven Deadly Sins of Cloud Computing, kicked off the Trusted Cloud Initiative, introduced its Cloud Controls Matrix catalog, unveiled the first ever user certification for cloud security, started the CloudAudit project, and partnered with the Holistic Information Security Practitioner Institute among others.
And as validation of its work, CSA has built a vibrant Linked-In discussion group of more than 16,500 members.
RSA represents CSA’s roots. In April 2009, the group announced its formal launch at the conference.
Now it has the spotlight.
Monday’s four-hour seminar includes experts from eBay, Trend Micro, McAfee, NetWitness and Ping (CTO Patrick Harding) who will discuss the future of Cloud technology. Panelists from Agilance, Google, WhiteHat Security, and Solutionary will talk about the present and future of governance, risk and compliance in the Cloud. In addition, Philippe Courtot, CEO of Qualys, will look at the road ahead.
And CSA will lay out its roadmap.
A hint of that was revealed recently when the group unveiled its Security as a Service research. The project will help fulfill CSA’s mission to define how Cloud Computing can help secure other forms of computing. If all goes as planned, the research could become part of CSA’s guidance documentation.
The goal is to “identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices.”
Next year at RSA, the CSA Security as a Service research group will detail its progress.
In addition to the security service project, CSA alsi will introduce several research projects, including research on governance, cloud security reference architectures and cloud-specific computer emergency response teams (CERT).
It will be interesting to see if they can fit that all into just four hours.
What do you think of CSA’s work? What would you add to the agenda?