The Cloud Security Alliance (CSA) announced at the CSA Summit at Infosecurity Europe in London last week that it will partner with ISO to develop key standards for cloud security.
Organisations dependent on cloud services and the IT security managers charged with their safety will soon be able to measure cloud-based security controls using the same tools and measures currently used in traditional control structures, says Marlin Pohlman, CSA's global strategy director.
CSA says it will have a key role in the development of cloud security and privacy standards under ISO/IEC (International Organization for Standardisation/International Electrotechnical Commission). It has established a Category C liaison relationship with ISO/IECs Joint Technical Committee 1/Sub Committee 27 (JTC 1/SC 27). Category C liaisons are organisations that make a technical contribution and participate actively in the working groups under SC 27.
CSA will initially collaborate on two projects with the SC 27. One is a new work item proposal for cloud security, reinforcing previous work done on the Code of Practice for Information Security Management (ISMS) found in the ISO/IEC 27002 International Standard. The aim is to provide guidelines on information security controls for the use of cloud computing services based on ISMS security controls. The other project involves information security for supplier relationships.
"By working closely with ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now," says Dave Cullinane, CSA chairman.