CloudTrust Working Group

Introduction to the CloudTrust Working Group

We want to improve Cloud Trust through transparency and assurance. A trusted cloud is defined as a cloud service or Cloud Service Provider (CSP) that implements standards of governance, management, and security that meet a minimum set of requirements aimed at increasing the confidence of Cloud Service Customers (CSCs).

Tactical implementation of the CSA Cloud Trust (CT) Working Group’s vision is manifested through well-defined and measurable Service Level Agreements (SLAs) and continuous security monitoring using the CSA Cloud Trust Protocol (CTP). The goal of the CT Working Group is to bridge the activities common to the CSA SLA Working Group and the CSA CTP Working Group.

Cloud Trust will build confidence in the market, and accelerate secure adoption of cloud services, by promoting collaboration between CSCs, CSPs, international standards organizations, and global regulatory authorities, all of whom are considered stakeholders in the CT Working Group. The end goal is to improve trust between CSPs and CSCs, in order to promote broader adoption of cloud computing.

The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers (also known as “cloud users” or “cloud service owners”) ask for and receive information about the elements of transparency as applied to cloud service providers. The primary purpose of the CTP and the elements of transparency is to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described, …, and nothing else. This is a classic application of the definition of digital trust. And, assured of such evidence, cloud consumers become liberated to bring more sensitive and valuable business functions to the cloud, and reap even larger payoffs. With the CTP cloud consumers are provided a way to find out important pieces of information concerning the compliance, security, privacy, integrity, and operational security history of service elements being performed “in the cloud”.

CloudTrust Working Group Leadership

CloudTrust Co-chairs

John DiMaria

John DiMaria


Tim Sandage


CloudTrust Advisors

Alain Pannetrat

Cloud Security Alliance

Daniele Catteddu

Managing Director EMEA

Daniele Catteddu, is the Managing Director, EMEA, in Cloud Security Alliance, where he is responsible for the definition and execution of the company strategy in EU, Middle East and Africa. He also leads CSA participation in FP7 projects, coordinates European CSA Chapters research projects and manage the relations with European public institutions. In past worked at ENISA (European Network and Information Security Agency), as Expert, where he was responsible of projects in the areas of Resilience and Critical Information Infrastructure Protection (CIIP) and in particular he was supporting EU Member States in implementing the security obligations in the new European Framework Directive on Telecommunication. He has also worked within ENISA as a risk management expert, on various activities in the area of the Emerging and Future Risks, and in particular, having a leading role in developing EU cloud security research. Before joining ENISA, Daniele worked as an Information Security consultant in the banking and financial sector. Daniele is the author of the study: “Security and Resilience in Governmental Clouds” as well as co-author of the reports: “Cloud Computing: Benefits, risks and recommendations for information security” and “Cloud Computing: Information Assurance Framework”. He is member of various national and international security expert groups on cloud computing security and privacy, invited speaker at conferences and workshops (e.g. Digital Agenda Assembly, Word Economic Forum cloud workshop, OASIS Cloud Symposium, etc). Daniele graduated from the University of Parma (Italy) in Business Administration and Economics, and he is an ISACA Certified Information Security Manager and Certified Information Systems Auditor.

CloudTrust Working Group Initiatives

There are no open initiatives at this time.

CloudTrust Working Group Calendar

Want to contribute to the CloudTrust Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

CloudTrust Working Group News

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

June 12, 2013

CSA Seeks Input For Open Peer Review: Cloud Trust Protocol Work Group Charter

The Cloud Security Alliance Cloud Trust Protocol (CTP) Working Group would like to invite you to review and comment on their updated work group charter.

June 12, 2013

Cloud Security Alliance Seeking Co-chairs for the Cloud Trust Protocol Working Group

The CSA Cloud Trust Protocol (CTP) Working Group is seeking new co-chairs to lead research in the areas of continuous monitoring/auditing for cloud assurance and transparency certification.

April 21, 2012

CSA Seeks Input on the CTP Reference Architecture Model

The CSA CloudTrust Protocol (CTP) would like to invite you to review and comment on the CTP Reference Architecture Model.

July 06, 2011

CSA Announces Licensing Agreement With CSC For Cloudtrust Protocol

CSA announced that it has received a nocost license for the CloudTrust Protocol (CTP) from CSC. The CTP is being integrated as the fourth pillar of the CSA’s cloud Governance, Risk and Compliance (GRC) stack. The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

CloudTrust Working Group Downloads

CloudTrust Protocol Information Overview Powerpoint

CloudTrust Protocol Information Overview Powerpoint

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2011

CloudTrust Protocol Information Overview

CloudTrust Protocol Information Overview

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: June 01, 2011

A Precis for the CloudTrust Protocol (V2.0)

A Precis for the CloudTrust Protocol (V2.0)

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2010