The Cloud Security Alliance (CSA) announced at the CSA Summit at Infosecurity Europe in London last week that it will partner with ISO to develop key standards for cloud security.
CSA says it will have a key role in the development of cloud security and privacy standards under ISO/IEC (International Organization for Standardization/International Electrotechnical Commission). It has established a Category C liaison relationship with ISO/IECs Joint Technical Committee 1/Sub Committee 27 (JTC 1/SC 27). Category C liaisons are organizations that make a technical contribution and participate actively in the working groups under SC 27.
More on cloud computing and security
- Cloud security predictions for 2011
- Cloud Security Alliance updates controls matrix
- Survey finds companies still struggling with cloud security
Organizations dependant on cloud services and the security executives charged with their safety will soon be able to measure cloud-based security controls using the same tools and measures currently used in traditional control structures, says Marlin Pohlman, CSA's global strategy director.
CSA will initially collaborate on two projects with the SC 27. One is a new work item proposal for cloud security, reinforcing previous work done on the Code of Practice for Information Security Management (ISMS) found in the ISO/IEC 27002 International Standard. The aim is to provide guidelines on information security controls for the use of cloud computing services based on ISMS security controls. The other project involves information security for supplier relationships.
"By working closely with ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now," says Dave Cullinane, CSA chairman.