CloudTrust Working Group

Introduction to the CloudTrust Working Group

We want to improve trust in the cloud through transparency and assurance. A trusted cloud is defined as a cloud service or Cloud Service Provider (CSP) that implements standards of governance, management, and security while also meeting a minimum set of requirements aimed at increasing the confidence of Cloud Service Customers (CSCs).

Tactical implementation of the CSA Cloud Trust (CT) Working Group’s vision is manifested through well-defined and measurable Service Level Agreements (SLAs) and continuous security monitoring using the CSA CloudTrust Protocol (CTP). The goal of the CT Working Group is to bridge the activities common to the CSA SLA Working Group and the CSA CTP Working Group.

CloudTrust will build confidence in the market, and accelerate secure adoption of cloud services, by promoting collaboration between CSCs, CSPs, international standards organizations, and global regulatory authorities, all of whom are considered stakeholders in the CT Working Group. The end goal is to improve trust between CSPs and CSCs, in order to promote broader adoption of cloud computing.

The CT Working Group’s first task will be devoted to the definition of measurable security and privacy attributes for use in SLAs, and their evaluation through continuous monitoring.

CloudTrust Working Group Leadership

CloudTrust Co-chairs

Dr. Said Tabet

Dr. Said Tabet

Dr. Said Tabet is a member of the Object Management Group Board of Directors and the principal EMC representative to the Industrial Internet Consortium. Said is the Chair of the INCITS CS1 Secure Cloud Computing Ad-Hoc Group, and a member of the US delegation to ISO SC27. He is also a member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council and the Cloud Security SLA working group. Said spent over two decades driving and contributing to various international standardization activities including ISO, RuleML, OMG standards, W3C Semantic Web and Rules, Risk and Compliance, GRC-XML, Regulatory Reporting and Supervision, Security and Data protection and Privacy. Said continues to work on challenges around Cloud Computing adoption, IoT, Cloud SLA and security SLA automation, Big Data Analytics and security, cyber security and best practices, Industrial Internet of Things, and Semantic Data Collaboration. He is a regular speaker and panelist at industry conferences and international standards meetings, authors and editor of book series and articles.

John DiMaria

John DiMaria

John DiMaria is a management system professional, Six Sigma Black Belt, certified Holistic Information Security Practitioner (HISP) Master HISP and AMBCI with 28 years of experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales. John is responsible for overseeing product roll-out and client/sales education. He is the product expertise spokesperson for BSI Group Americas regarding all product standards covering Risk, Quality and Regulatory Compliance.

John serves on many committees that influence legislation and drive international harmonization including serving as the co-chair for the CSA OCF Working group and was the project manager during the development and rollout of STAR Certification.

John has been featured in and contributed to many publications concerning various topics regarding information security and business continuity.

CloudTrust Advisors

Dr. Jesus Luna

Research Director of the Cloud Security Alliance (Europe)

Jesus is the Research Director of the Cloud Security Alliance (Europe). His main responsibilities include the internal scientific/technical management of CSA’s funded projects (EC FP7 and ENISA).

Jesus has worked on the ICT security field for almost 20 years with industry and academia, both in America and Europe. Jesus obtained his PhD degree (Cum-Laude) in Computer Architecture from the “Technical University of Catalonia” (2008), and has authored more than 40 scientific publications in prestigious venues. Since 2003, Jesus is also affiliated with the CS department of the Technical University of Darmstadt (Germany).

Alain Pannetrat

Senior Researcher at Cloud Security Alliance

Dr. Alain Pannetrat works on CSA’s Cloud Trust Protocol providing monitoring mechanisms for cloud services, as well as CSA research contributions to EU funded projects such as A4Cloud. He is a security and privacy expert, specialized in cryptography and cloud computing. He previously worked as an IT Specialist for the CNIL, the French data protection authority, and was an active member of the Technology Subgroup of the Article 29 Working Party, which informs European policy on data protection. He started his career as an IT Security consultant specializing in bank smart-card systems. He received a PhD in Computer Science after conducting research at Institut Eurecom on novel cryptographic protocols for IP multicast security He is the author of several open-source projects, including “cookie-miner”, a HTTP monitoring proxy which analyses cookie tracking in real-time with results represented on dynamic graphs using OpenGL technology, and “cardpeek”, an extendable forensic tool which is capable of analyzing the contents of common smart-cards, notably bank-cards, electronic passports, transport cards, sim-cards and French social security cards.

CloudTrust Working Group Initiatives

Please contact CloudTrust Working Group Leadership for more information.

Want to contribute to the CloudTrust Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

CloudTrust Working Group News

No news at this time.

CloudTrust Working Group Downloads

No downloads currently available.