When Openstack project was announced on Monday, there were two reasons for my excitement. The foremost being its open source licensing with a potential to disrupt the industry. The second one was the tweets by Chris Hoff (@beaker) whose initial reaction was positive and his thinking that Openstack and CloudAudit can work together. Whether we like it or not, security is one of the biggest concerns for enterprises moving to cloud. As a first step to having a more secure cloud environment, a group of security gurus and people involved in the field of cloud computing came together to form CloudAudit.org. Their goal is to develop a common interface and namespace to help cloud computing vendors automate Audit, Assertion, Assessment, and Assurance of the cloud infrastructure.
Douglas Barbin, Director at SAS 70 Solutions, wrote a blog post highlighting the audit and compliance considerations vis a vis Openstack.
- With an increased number of providers not to mention open source itself, the need for transparency of controls is even greater.
- A by-product of OpenStack will be the increase of service provider to sub-service provider relationships (e.g. a SaaS company hosts at an IaaS co-lo and has their systems maintained by a managed service provider. The most important thing for cloud providers is to be able to map out all their customers’ control and compliance requirements ensuring there are no “gaps” where on provider thinks the other is doing (and vice versa).
- Service providers need to carefully evaluate what assurance and compliance tools suit their customers best. This involves doing a requirements and cost-benefit analysis of SAS 70 / SSAE 16 audits and assessments, PCI DSS validation, SysTrust, ISO 27001 certification, or any combination of those and more.
It didn’t take long for the Openstack community to address this issue. Today Brett Piatt, a leading Openstacker and Rackspace employee, announced on Twitter that he has spoken with folks at CloudAudit and soon they will be working together to see how the recommendations by CloudAudit will be implemented in Openstack.
Looking forward to working with #CloudAudit on #OpenStack, good blog post today by @DougBarbin — talked to @Beaker early in the week.
This is a very important first step. It not only helps Openstack gain further legitimacy, it will also lure enterprises looking for cloud based solutions to consider Openstack seriously. This is a pretty exciting news for those who have faith in the potential of Openstack. I will keep a close tab on the progress and come back to this space to update about their progress.