CloudTrust Working Group
Introduction to the CloudTrust Working Group
We want to improve trust in the cloud through transparency and assurance. A trusted cloud is defined as a cloud service or Cloud Service Provider (CSP) that implements standards of governance, management, and security while also meeting a minimum set of requirements aimed at increasing the confidence of Cloud Service Customers (CSCs).
Tactical implementation of the CSA Cloud Trust (CT) Working Group’s vision is manifested through well-defined and measurable Service Level Agreements (SLAs) and continuous security monitoring using the CSA CloudTrust Protocol (CTP). The goal of the CT Working Group is to bridge the activities common to the CSA SLA Working Group and the CSA CTP Working Group.
CloudTrust will build confidence in the market, and accelerate secure adoption of cloud services, by promoting collaboration between CSCs, CSPs, international standards organizations, and global regulatory authorities, all of whom are considered stakeholders in the CT Working Group. The end goal is to improve trust between CSPs and CSCs, in order to promote broader adoption of cloud computing.
The CT Working Group’s first task will be devoted to the definition of measurable security and privacy attributes for use in SLAs, and their evaluation through continuous monitoring.
CloudTrust Working Group Leadership
Dr. Said Tabet
Dr. Said Tabet is a member of the Object Management Group Board of Directors and the principal EMC representative to the Industrial Internet Consortium. Said is the Chair of the INCITS CS1 Secure Cloud Computing Ad-Hoc Group, and a member of the US delegation to ISO SC27. He is also a member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council and the Cloud Security SLA working group. Said spent over two decades driving and contributing to various international standardization activities including ISO, RuleML, OMG standards, W3C Semantic Web and Rules, Risk and Compliance, GRC-XML, Regulatory Reporting and Supervision, Security and Data protection and Privacy. Said continues to work on challenges around Cloud Computing adoption, IoT, Cloud SLA and security SLA automation, Big Data Analytics and security, cyber security and best practices, Industrial Internet of Things, and Semantic Data Collaboration. He is a regular speaker and panelist at industry conferences and international standards meetings, authors and editor of book series and articles.
Member of the Cloud Security Alliance International Standardization Council, co-Chair of the SME Council Cloud Trust Working Group co-chair, and the Cloud Security SLA working group. Regular speaker and panelist at industry conferences and international standards meetings; author and editor of book series and articles. Co-author of ‘Practices for Secure Development of Cloud Applications’ and ‘CSA Security Guidance Version 3: Domain 4. Recipient of the Ron Knode Award.
John DiMaria is the Sr. Product Manager, System Certification for BSI Americas. He has 30 years of successful experience in Standards and management System Development, including Information Systems, ISMS, Business Continuity and Quality Assurance. John is responsible for overseeing, product roll-out, and client/sales education. He is a product spokesperson for BSI Americas regarding all standards covering Risk, Quality, Sustainability and Regulatory Compliance. John was one of the key innovators of CSA STAR Certification for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, a working group member and key contributor to the NIST Cybersecurity Framework. He currently serves as the CSA OCF and CTP working group Co-Chair and is a member of the SME and CSA Financial Services Stakeholder Platform (FSSP) Working Groups.
John has been a keynote speaker internationally, and featured in many publications concerning various topics regarding security, quality and business continuity. He has served on committees that influence legislation and drive international harmonization such as the ANAB PS-Prep (Title IX) committee of experts, Shared Assessment Program, and the Cloud Security Alliance (CSA) Controls Matrix Development Committee. He currently serves on the ANSI Energy Efficiency Standardization Coordination Collaborative (EESCC). He is a BCI award winner, and BSI Innovation award winner.
Contributions: Co-chair of the Open Certification Framework (OCF) and Cloud Trust Protocol (CTP) Working Groups; key innovator and co-author of the CSA STAR certification; designed and developed the CSA STAR webinars.
Dr. Jesus Luna
Research Director of the Cloud Security Alliance (Europe)
Jesus is the Research Director of the Cloud Security Alliance (Europe). His main responsibilities include the internal scientific/technical management of CSA’s funded projects (EC FP7 and ENISA).
Jesus has worked on the ICT security field for almost 20 years with industry and academia, both in America and Europe. Jesus obtained his PhD degree (Cum-Laude) in Computer Architecture from the “Technical University of Catalonia” (2008), and has authored more than 40 scientific publications in prestigious venues. Since 2003, Jesus is also affiliated with the CS department of the Technical University of Darmstadt (Germany).
Senior Researcher at Cloud Security Alliance
Dr. Alain Pannetrat works on CSA’s Cloud Trust Protocol providing monitoring mechanisms for cloud services, as well as CSA research contributions to EU funded projects such as A4Cloud. He is a security and privacy expert, specialized in cryptography and cloud computing. He previously worked as an IT Specialist for the CNIL, the French data protection authority, and was an active member of the Technology Subgroup of the Article 29 Working Party, which informs European policy on data protection. He started his career as an IT Security consultant specializing in bank smart-card systems. He received a PhD in Computer Science after conducting research at Institut Eurecom on novel cryptographic protocols for IP multicast security He is the author of several open-source projects, including “cookie-miner”, a HTTP monitoring proxy which analyses cookie tracking in real-time with results represented on dynamic graphs using OpenGL technology, and “cardpeek”, an extendable forensic tool which is capable of analyzing the contents of common smart-cards, notably bank-cards, electronic passports, transport cards, sim-cards and French social security cards.
CloudTrust Working Group Initiatives
Please contact CloudTrust Working Group Leadership for more information.
CloudTrust Working Group News
No news at this time.
CloudTrust Working Group Downloads
No downloads currently available.