CloudAudit Working Group
Introduction to the CloudAudit Working Group
The goal of CloudAudit is to provide a common interface and namespace that allows enterprises who are interested in streamlining their audit processes (cloud or otherwise) as well as cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.
Our execution mantra is straightforward:
- Keep it simple, lightweight and easy to implement; offer primitive definitions & language structure using HTTP(S)
- Allow for extension and elaboration by providers and choice of trusted assertion validation sources, checklist definitions, etc.
- Not require adoption of other platform-specific APIs
- Provide interfaces to Cloud naming and registry services
CloudAudit is a volunteer cross-industry effort from the best minds and talent in Cloud, networking, security, audit, assurance and architecture backgrounds. We hope you’ll get involved, too. You can read more about the genesis of CloudAudit here.
You can also read an excellent interview from the folks at SearchCloudComputing here which is replicated on the FAQ page.
Benefits Of CloudAudit
The benefits to the Cloud Service Provider are to enable the automation of typically one-off labor-intensive, repetitive and costly auditing, assurance and compliance functions and provide a controlled set of interfaces to allow for assessments by consumers of their services.
The benefits to the “consumer” of the Cloud services or their duly-authorized representatives are to provide a consistent and standardized interface to the information produced by the service provider.
We intend not to be prescriptive as to the mechanisms used to gather the data or how these interfaces are presented, but rather provide a consistent representation to the consumer and the tools they choose to utilize. There will likely be programmatic interfaces (in the classical definition of an API) but we will focus initially on representative schema and data structures mapped to existing compliance, security and assurance frameworks.
Core Team Members
There are over 250 participants/interested parties supporting CloudAudit/A6. The “core team” are those that have committed to participate on a regular basis and establish leadership roles within the group. Anyone and everyone is welcome to contribute and participate.
The CloudAudit Working group was officially launched in January 2010 and has the participation of many of the largest cloud computing providers, integrators and consultants.
Working Group Meetings
Our working group meetings are held on Monday at 10am PST, every two weeks. For 2011, the remaining meeting dates are as follows: 11/14, 11/28, and 12/12 (accommodating holidays)
Please feel free to join our working group calls (GoToMeeting graciously donated by the fine folks at Citrix):
Use your microphone and speakers (VoIP) – a headset is recommended. Or, call in using your telephone.
Dial +1 (213) 289-0010
Access Code: 150-472-054
Audio PIN: Shown after joining the meeting
Meeting ID: 150-472-054
CloudAudit Working Group News
October 27, 2010
The Cloud Security Alliance (CSA) today announced that CloudAudit has become an official project of the CSA, with the joint mission of promoting the use of best practices for providing security assurance within Cloud Computing.
CloudAudit Working Group Videos
No videos currently available.
CloudAudit Working Group Downloads
No downloads currently available.
CloudAudit Working Group Co-chairs
Security Engineering and Innovation Team Lead, Bank of America
Hoff has more than 20 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management.