Trusted Cloud Initiative & Identity Management

Cloud Security: First Vendor-Neutral Trusted Security Certification Program
Cloud Security Alliance and Novell to Spur Mainstream Cloud Adoption

(17.03.10) - Novell and the Cloud Security Alliance (CSA), announced a vendor-neutral initiative to deliver the industry's first cloud security certification, education and outreach program for cloud providers. Known as the "Trusted Cloud Initiative," it will help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. Now, organizations considering adopting cloud-based computing will have a trusted standard to alleviate concerns about security, governance and control of their data and IT assets.

"How identities are managed either in the cloud, or federated with the cloud, create significant barriers for enterprise adoption of cloud services," said Alan Boehme, SVP IT Strategy and Enterprise Architecture, ING Americas, and current CSA board member. "By building a consensus security reference guide and certification roadmap, we are creating common ground for both enterprises and cloud providers, and expect to accelerate cloud adoption.

"In traditional IT environments, the organization controls its applications, servers, and storage infrastructure. However, the control architecture changes profoundly for public cloud offerings," said Jim Reavis, executive director of CSA. "When an organization moves IT resources and sensitive data such as personal names, addresses, and phone numbers into the cloud, control and trust issues must be addressed through a trusted third-party certification program. When Novell proposed the initiative, we immediately embraced the idea."

"Our customers need a visible seal of trust. We strongly believe education, clarity and industry-approved security guidelines will propel the adoption of cloud computingby eliminating the security concerns inhibiting many organizations," said Dipto Chakravarty, CSA member, and vice president of engineering, Identity and Security, Novell. "Our company's experience and leadership in cloud security and identity management demonstrates Novell is firmly committed to contributing to the Trusted Cloud Initiative."

The certification criteria, seal and roadmap will be defined by members of the Cloud Security Alliance, a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing environments. Members of CSA represent a cross section of industry stakeholders, end-user organizations, cloud service, SaaS and technology providers. These include Novell, Microsoft, Dell, Rackspace, Qualys, HP, Intel, Cisco, McAfee, ISACA, DMTF and Symantec, as well as individual representatives from Global 2000 organizations and the world's governments. Nick Nikols, vice president of product management for Novell Identity and Security, will serve as a co-chair for the initiative. Liam Lynch, chief security strategist for eBay will also serve as a co-chair.

According to Zynga CSO and CSA board member Nils Puhlmann, this initiative is well-timed. "We recognize there are several standards efforts underway related to cloud computing, and the CSA is participating in virtually all of them. We are committed to aligning the Trusted Cloud Initiative with other standards efforts and being a responsible industry partner," says Puhlmann, "However, what makes this project so timely is that we can assemble the reference model and certification criteria from existing standards, and we will complete it in 2010. I would like to thank Novell for helping kick-start this important program."

The educational outreach components of the program will be geared toward helping information security, IT audit and software development professionals within enterprises and cloud providers better understand the security, identity and access, compliance, data governance, portability and interoperability requirements organizations must maintain to demonstrate compliance and mitigate risk in the cloud.

About Cloud Security Alliance
The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
(Novell: ra)

Novell: Kontakt und Steckbrief

Der Informationsanbieter hat seinen Kontakt leider noch nicht freigeschaltet.

Meldungen: Unternehmen