CSA Announces Licensing Agreement With CSC For Cloudtrust Protocol

Cloud Trust Protocol Provides Enterprises with the Confidence To Bring More Sensitive and Valuable Business Functions to the Cloud

Falls Church, VA – July 6, 2011 – Today the Cloud Security Alliance (CSA), a member-driven organization chartered with promoting the use of best practices for providing security assurance within Cloud Computing, announced that it has received a no_x001E_cost license for the CloudTrust Protocol (CTP) from CSC. The CTP is being integrated as the fourth pillar of the CSA’s cloud Governance, Risk and Compliance (GRC) stack. The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

The GRC stack is an integrated suite of CSA initiatives — CloudAudit, Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire — available for free download. Through this unique licensing agreement, the CSA plans to integrate the CTP into this stack and distribute it at no charge to enterprises, consumers and cloud service providers, enabling them to bring workloads more efficiently to the cloud. ** The CTP was created by CSC to provide the cloud consumer with the right information to confidently make choices about what processes and data to put into what type of cloud, and to sustain information risk management decisions about cloud services. It provides transparency into cloud service delivery, offering cloud consumers important information about service security and cloud service providers with a standard technique to prepare and deliver information to clients about their data. In so doing, the CTP generates the evidence needed to verify that all of a company’s activity in the cloud is happening as described. “The CloudTrust Protocol provides the dynamic, continuous monitoring capability needed in a complete GRC stack,” said Jim Reavis, director of the non-profit Cloud Security Alliance. “It helps solve an increasingly important step in helping organizations realize the ultimate promise of cloud computing, and is a perfect addition to our evolving business. The Cloud Trust Protocol complements the foundation of the GRC stack and is already aligned with the objectives of the CSA GRC, so we will be able to make fast and important progress moving forward.” “The CTP puts IT risk decision-making back in the hands of the cloud consumer by providing the data they need as they need it,” said Ron Knode, CSC trust architect and creator of the CTP. “Service providers that implement the CTP can provide information about the individual elements of transparency within the CTP as they apply to their client’s applications and workloads.” Because of the transparency it provides into cloud and organizations’ cloud activity, the CTP provides a way for clients to inquire about configurations, vulnerabilities, access, authorization, policy, accountability, anchoring and operating status conditions. These important pieces of information give insight into the essential security configurations and operational characteristics for systems deployed in the cloud. The CTP also provides a standard way for cloud service providers to prepare and deliver information to the customer in response to requests about elements of transparency, and to determine the best way to respond to cloud inquiries. The CSA will convene a CTP working group, chaired by Knode, to continue discussion on how to use the protocol to benefit the cloud consumer. More about the CTP can be found here. **About CSC CSC is a global leader in providing technology-enabled business solutions and services. Headquartered in Falls Church, Va., CSC has approximately 91,000 employees and reported revenue of $16.0 billion for the 12 months ended April 1, 2011. For more information, visit the company's website at www.csc.com. About the Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa. Contact Zenobia Godschalk [email protected] 650.269.8315 Chris Grandis [email protected] 703-641-2316