CloudTrust Protocol Working Group

Introduction to the CloudTrust Protocol Working Group

The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers (also known as “cloud users” or “cloud service owners”) ask for and receive information about the elements of transparency as applied to cloud service providers. The primary purpose of the CTP and the elements of transparency is to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described, …, and nothing else. This is a classic application of the definition of digital trust. And, assured of such evidence, cloud consumers become liberated to bring more sensitive and valuable business functions to the cloud, and reap even larger payoffs. With the CTP cloud consumers are provided a way to find out important pieces of information concerning the compliance, security, privacy, integrity, and operational security history of service elements being performed “in the cloud”.

These important pieces of information are known as the “elements of transparency”, and they deliver testimony about essential security configuration and operational characteristics for systems deployed in the cloud. The elements of transparency empower the cloud consumer with the right information to make the right choices about what processing and data to put in the cloud or leave in the cloud, and to decide which cloud is best suited to satisfy processing needs. This is the nature of digital trust, and reinforces again why such reclaimed transparency is so essential to new enterprise value creation. Transparency of certain important elements of information is at the root of digital trust, and thus the source of value capture and payoff.

CloudTrust Protocol Working Group Leadership

CloudTrust Protocol Co-chairs

John DiMaria

John DiMaria

John DiMaria is a management system professional, Six Sigma Black Belt, certified Holistic Information Security Practitioner (HISP) Master HISP and AMBCI with 28 years of experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales. John is responsible for overseeing product roll-out and client/sales education. He is the product expertise spokesperson for BSI Group Americas regarding all product standards covering Risk, Quality and Regulatory Compliance.

John serves on many committees that influence legislation and drive international harmonization including serving as the co-chair for the CSA OCF Working group and was the project manager during the development and rollout of STAR Certification.

John has been featured in and contributed to many publications concerning various topics regarding information security and business continuity.

CloudTrust Protocol Advisors

Alain Pannetrat

Senior Researcher at Cloud Security Alliance

Dr. Alain Pannetrat works on CSA’s Cloud Trust Protocol providing monitoring mechanisms for cloud services, as well as CSA research contributions to EU funded projects such as A4Cloud. He is a security and privacy expert, specialized in cryptography and cloud computing. He previously worked as an IT Specialist for the CNIL, the French data protection authority, and was an active member of the Technology Subgroup of the Article 29 Working Party, which informs European policy on data protection. He started his career as an IT Security consultant specializing in bank smart-card systems. He received a PhD in Computer Science after conducting research at Institut Eurecom on novel cryptographic protocols for IP multicast security He is the author of several open-source projects, including “cookie-miner”, a HTTP monitoring proxy which analyses cookie tracking in real-time with results represented on dynamic graphs using OpenGL technology, and “cardpeek”, an extendable forensic tool which is capable of analyzing the contents of common smart-cards, notably bank-cards, electronic passports, transport cards, sim-cards and French social security cards.

Daniele Catteddu

Daniele Catteddu

Managing Director EMEA

Daniele Catteddu, is the Managing Director, EMEA, in Cloud Security Alliance, where he is responsible for the definition and execution of the company strategy in EU, Middle East and Africa. He also leads CSA participation in FP7 projects, coordinates European CSA Chapters research projects and manage the relations with European public institutions. In past worked at ENISA (European Network and Information Security Agency), as Expert, where he was responsible of projects in the areas of Resilience and Critical Information Infrastructure Protection (CIIP) and in particular he was supporting EU Member States in implementing the security obligations in the new European Framework Directive on Telecommunication. He has also worked within ENISA as a risk management expert, on various activities in the area of the Emerging and Future Risks, and in particular, having a leading role in developing EU cloud security research. Before joining ENISA, Daniele worked as an Information Security consultant in the banking and financial sector. Daniele is the author of the study: “Security and Resilience in Governmental Clouds” as well as co-author of the reports: “Cloud Computing: Benefits, risks and recommendations for information security” and “Cloud Computing: Information Assurance Framework”. He is member of various national and international security expert groups on cloud computing security and privacy, invited speaker at conferences and workshops (e.g. Digital Agenda Assembly, Word Economic Forum cloud workshop, OASIS Cloud Symposium, etc). Daniele graduated from the University of Parma (Italy) in Business Administration and Economics, and he is an ISACA Certified Information Security Manager and Certified Information Systems Auditor.

CloudTrust Protocol Working Group Initiatives

Please contact CloudTrust Protocol Working Group Leadership for more information.

Want to contribute to the CloudTrust Protocol Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

Other ways to Connect

CloudTrust Protocol Working Group News

October 15, 2015

CSA releases the Cloud Trust Protocol data model and API

Creating tools to support Cloud Service Providers (CSPs) transparency and assurance Thanks to the support of our peer reviewers and contributors (including the EU projects SPECS, A4Cloud and CUMULUS), we are pleased to announce the release of the CSA Cloud Trust Protocol (CTP) data model and API specification. The Cloud Trust Protocol (CTP) is designed…

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

June 12, 2013

CSA Seeks Input For Open Peer Review: Cloud Trust Protocol Work Group Charter

The Cloud Security Alliance Cloud Trust Protocol (CTP) Working Group would like to invite you to review and comment on their updated work group charter.

June 12, 2013

Cloud Security Alliance Seeking Co-chairs for the Cloud Trust Protocol Working Group

The CSA Cloud Trust Protocol (CTP) Working Group is seeking new co-chairs to lead research in the areas of continuous monitoring/auditing for cloud assurance and transparency certification.

April 21, 2012

CSA Seeks Input on the CTP Reference Architecture Model

The CSA CloudTrust Protocol (CTP) would like to invite you to review and comment on the CTP Reference Architecture Model.

July 06, 2011

CSA Announces Licensing Agreement With CSC For Cloudtrust Protocol

CSA announced that it has received a nocost license for the CloudTrust Protocol (CTP) from CSC. The CTP is being integrated as the fourth pillar of the CSA’s cloud Governance, Risk and Compliance (GRC) stack. The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

CloudTrust Protocol Working Group Downloads

CloudTrust Protocol Data Model and API

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. This document focuses on the definition of the CTP Data Model and Application Programing Interface.

Release Date: October 09, 2015

CloudTrust Protocol Information Overview Powerpoint

CloudTrust Protocol Information Overview Powerpoint

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2011

CloudTrust Protocol Information Overview

CloudTrust Protocol Information Overview

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: June 01, 2011

A Precis for the CloudTrust Protocol (V2.0)

A Precis for the CloudTrust Protocol (V2.0)

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2010