The Cloud Security Alliance (CSA) was formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. Yesterday, at the Black Hat USA 2010 Conference, CSA announced industry’s first certification program on secure cloud computing. CSA has been busy identifying top threats in cloud computing and developing best practices in the use of cloud computing. With this certification program, it will now certify that professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.As cloud computing gains considerable traction in both government and enterprise sectors, it is necessary for these organizations to employ professionals who can guide them towards secure cloud computing. There is a clear need for training and certification of professionals to assure that cloud computing is implemented responsibly with the appropriate security controls. CSA’s announcement about the Certificate of Cloud Security Knowledge (CCSK) is targeted to take care of this exact need of the industry. The examination is designed to test the professionals against their understanding of the key concepts of the CSA security guidance whitepaper and the ENISA whitepaper.
This certification will come handy for organizations exploring to move to cloud. Already, eBay has announced that this certification is a requirement for their staff. Lockheed Martin also sees this certification as a great way to provide a consistent way of developing cloud security competency within the organization. Others like NG, Symantec, CA, Trend Micro and Zynga have already committed to CCSK. Pretty soon we will be seeing companies small and big requiring their employees to get get CCSK certified in order to help them with their cloud strategy.
enStratus , the company that offers tools for cloud governance, announced that CSA has selected enStratus cloud management platform for their new User Certification Program system. enStratus is a powerful platform with extensive support to many cloud providers including support for Amazon Web Services, Eucalyptus, GoGrid, The Rackspace Cloud, Windows Azure, Terremark, VMware’s vCloud Express Service, cloud.com and Visi’s ReliaCloud. According to Jim Reavis, Executive Director of CSA,
The Cloud Security Alliance requires a cloud management platform that provides the critical cloud governance capabilities we know are important. For this reason, we selected enStratus and have deployed their cloud management platform to improve the resiliency and availability of our certification system.
I have played around with enStratus platform a bit and it is packed with powerful functionalities necessary for any security conscious organization. The adoption of their platform by CSA for their certification program highlights the value of enStratus platform for enterprises with cloud plans.
So this is not, as stated, a standards body. But is there a chance it will become one? And is that something desirable? With a certification like this, won’t it build towards de facto standards? After all, some things will not be required knowledge for certification, and some things will. Granted, that white paper linked to above makes no mention of specific technologies that I could glean in a quick skim. I’m guess I’m just generally curious (as you might have guessed from the URL) about the possibility of cloud security standards in general, particularly when it comes to integration.