CloudTrust Protocol Working Group

Introduction to the CloudTrust Protocol Working Group

The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers (also known as “cloud users” or “cloud service owners”) ask for and receive information about the elements of transparency as applied to cloud service providers. The primary purpose of the CTP and the elements of transparency is to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described, …, and nothing else. This is a classic application of the definition of digital trust. And, assured of such evidence, cloud consumers become liberated to bring more sensitive and valuable business functions to the cloud, and reap even larger payoffs. With the CTP cloud consumers are provided a way to find out important pieces of information concerning the compliance, security, privacy, integrity, and operational security history of service elements being performed “in the cloud”.

These important pieces of information are known as the “elements of transparency”, and they deliver testimony about essential security configuration and operational characteristics for systems deployed in the cloud. The elements of transparency empower the cloud consumer with the right information to make the right choices about what processing and data to put in the cloud or leave in the cloud, and to decide which cloud is best suited to satisfy processing needs. This is the nature of digital trust, and reinforces again why such reclaimed transparency is so essential to new enterprise value creation. Transparency of certain important elements of information is at the root of digital trust, and thus the source of value capture and payoff.

CloudTrust Protocol Demo

CloudTrust Protocol Working Group Leadership

CloudTrust Protocol Co-chairs

John DiMaria

John DiMaria

John DiMaria is a management system professional, Six Sigma Black Belt, certified Holistic Information Security Practitioner (HISP) Master HISP and AMBCI with 28 years of experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales. John is responsible for overseeing product roll-out and client/sales education. He is the product expertise spokesperson for BSI Group Americas regarding all product standards covering Risk, Quality and Regulatory Compliance.

John serves on many committees that influence legislation and drive international harmonization including serving as the co-chair for the CSA OCF Working group and was the project manager during the development and rollout of STAR Certification.

John has been featured in and contributed to many publications concerning various topics regarding information security and business continuity.

CloudTrust Protocol Advisors

Alain Pannetrat

Senior Researcher at Cloud Security Alliance

Dr. Alain Pannetrat works on CSA’s Cloud Trust Protocol providing monitoring mechanisms for cloud services, as well as CSA research contributions to EU funded projects such as A4Cloud. He is a security and privacy expert, specialized in cryptography and cloud computing. He previously worked as an IT Specialist for the CNIL, the French data protection authority, and was an active member of the Technology Subgroup of the Article 29 Working Party, which informs European policy on data protection. He started his career as an IT Security consultant specializing in bank smart-card systems. He received a PhD in Computer Science after conducting research at Institut Eurecom on novel cryptographic protocols for IP multicast security He is the author of several open-source projects, including “cookie-miner”, a HTTP monitoring proxy which analyses cookie tracking in real-time with results represented on dynamic graphs using OpenGL technology, and “cardpeek”, an extendable forensic tool which is capable of analyzing the contents of common smart-cards, notably bank-cards, electronic passports, transport cards, sim-cards and French social security cards.

Daniele Catteddu

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, cyber security and privacy.

Currently he is the Chief Technology Officer, at Cloud Security Alliance, where he is responsible to drive, on a global scale, the adoption of the technology strategy roadmap within key CSA lines of business: Research, Membership Services, Standards, Education and Products. He identifies technology trends, global policies and evolving social behavior and their impact on information security and on CSA’s activities.
Daniele leads the product management for CSA and chairs the Futures Advisory Committee.

Mr Catteddu is the co-founder and executive of the CSA Open Certification Framework / STAR Program. Moreover he leads definition and implementation of the CSA research agenda in Europe and manages the relations with European public institutions and is member of the CSA International Standardization Council.

He has been recently appointed as Member of the Policy and Scientific Committee of the European Privacy Association.

In past he worked at CSA as Managing Director for the EMEA Region, at ENISA (European Network and Information Security Agency), as Expert in areas of Critical Information Infrastructure Protection (CIIP) and Emerging and Future Risks Management, and in particular, having a leading role in developing EU cloud security research. Before joining ENISA, Daniele worked as an Information Security consultant in the banking and financial sector. Daniele graduated from the University of Parma (Italy) in Business Administration and Economics, and he is an ISACA Certified Information Security Manager.

CloudTrust Protocol Working Group Initiatives

Please contact CloudTrust Protocol Working Group Leadership for more information.

Want to contribute to the CloudTrust Protocol Working Group?

Fill out the form below to join today!


Other:

If you experience trouble using this form, please submit the information here.

Other ways to Connect

CloudTrust Protocol Working Group News

December 10, 2015

CSA Releases CloudTrust Protocol Prototype Source Code

Thanks to the support of our peer reviewers and contributors (including the EU projects SPECS, A4Cloud and CUMULUS), CSA is pleased to announce the release of an open-source prototype implementation of the CTP API. The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive…

October 15, 2015

CSA releases the Cloud Trust Protocol data model and API

Creating tools to support Cloud Service Providers (CSPs) transparency and assurance Thanks to the support of our peer reviewers and contributors (including the EU projects SPECS, A4Cloud and CUMULUS), we are pleased to announce the release of the CSA Cloud Trust Protocol (CTP) data model and API specification. The Cloud Trust Protocol (CTP) is designed…

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

June 12, 2013

CSA Seeks Input For Open Peer Review: Cloud Trust Protocol Work Group Charter

The Cloud Security Alliance Cloud Trust Protocol (CTP) Working Group would like to invite you to review and comment on their updated work group charter.

June 12, 2013

Cloud Security Alliance Seeking Co-chairs for the Cloud Trust Protocol Working Group

The CSA Cloud Trust Protocol (CTP) Working Group is seeking new co-chairs to lead research in the areas of continuous monitoring/auditing for cloud assurance and transparency certification.

April 21, 2012

CSA Seeks Input on the CTP Reference Architecture Model

The CSA CloudTrust Protocol (CTP) would like to invite you to review and comment on the CTP Reference Architecture Model.

July 06, 2011

CSA Announces Licensing Agreement With CSC For Cloudtrust Protocol

CSA announced that it has received a nocost license for the CloudTrust Protocol (CTP) from CSC. The CTP is being integrated as the fourth pillar of the CSA’s cloud Governance, Risk and Compliance (GRC) stack. The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

CloudTrust Protocol Working Group Downloads

CloudTrust Protocol Prototype Source Code

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. The source code implements a CTP server that acts as a gateway between cloud customers and cloud…

Release Date: December 10, 2015

CloudTrust Protocol Data Model and API

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. This document focuses on the definition of the CTP Data Model and Application Programing Interface.

Release Date: October 09, 2015

CloudTrust Protocol Information Overview Powerpoint

CloudTrust Protocol Information Overview Powerpoint

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2011

CloudTrust Protocol Information Overview

CloudTrust Protocol Information Overview

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: June 01, 2011

A Precis for the CloudTrust Protocol (V2.0)

A Precis for the CloudTrust Protocol (V2.0)

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2010