The Cloud Security Alliance has teamed up with CipherCloud to try and impose some discipline on the sector by defining protocols and best practice.
CipherCloud will co-lead a Cloud Security Open API Working Group to develop vendor neutral protocols and best practices under the the Cloud Access Security Broker Framework.
The group’s charter will have “a specific goal to protect PII (personally identifiable information) and sensitive data across multiple clouds”.
Other members of the group include Intel Security, Infosys, Deloitte, Symantec and SAP. The members are banking on the effort to fuel security integration across multiple clouds and with third party technology.
Just how much of a brake concerns over cloud security is on the development of the industry is tricky to divine.
Corporate users appear to be in two minds about cloud security. One survey earlier this year, carried out for security vendor Vormetric, cited 82 per cent of US IT decision makers being concerned about a lack of control over the location of data, while 79 per cent were worried about increased vulnerabilities from shared infrastructure. But this didn’t stop 60 per cent going ahead and storing sensitive data in the cloud anyway.
Meanwhile, vendors, service providers and IT bosses must deal with different regulatory regimes in Europe, the US and the rest of the world, which sometimes correspond with radically divergent user attitudes. Whether APIs and best practices will trump government-backed regulation is debatable.
The CSA said the effort will span encryption, tokenization and other technologies across cloud environments, “helping eliminate the need for custom integration for each cloud”.
"Standards are an important frontier for the cloud security ecosystem," said Jim Reavis, CEO of CSA in a statement. "The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment – a win for vendors, partners and users. Standardizing APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications." ®