Cloud Security Alliance unveils 2011 initiatives at CSA Summit at RSA

Building on Two Years of Tremendous Work, CSA Continues to Lead Industry-Wide Efforts to Educate on Best Practices for Secure Cloud Computing

San Francisco, Calif. – CSASummit at RSA – February 15, 2011 – At the CSA Summit at RSA yesterday, the Cloud Security Alliance (CSA) unveiled its 2011 roadmap, which builds on an already extensive body of work put together by the alliance in its first two years of existence. Following keynotes by salesforce.com Chairman and CEO Marc Benioff , US CIO Vivek Kundra, and an impressive list of other industry speakers, the CSA revealed three major initiatives already planned for 2011. In addition, the CSA released version 1.1 of the CloudAudit compliance packs, available now at www.cloudaudit.org. CSA 2011 Initiatives CloudSIRT CloudSIRT, an initiative representing the major cloud providers, who are collaborating to address the future of collaborative incident response and information sharing in the cloud. Computer Security Incident Response Teams (CSIRTs) form the cornerstone of coordinated incident response and computer security information sharing for governments and large enterprises around the world. While this model has worked well for handling malicious activity on the traditional Internet, the advent of Cloud Computing has created a new set of challenges for security professionals in securing the platforms that deliver the cloud. It is unclear that traditional CSIRTs are currently positioned to provide the same level of support for Cloud Computing platforms and their providers. The CloudSIRT project serves to enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing. Guidance, V3 – Wiki-style This year the CSA will also release version three of the CSA’s “Guidance for Critical Areas of Focus in Cloud Computing”. The next version of the guidance will be Wiki-based for the first time, to enable more open collaboration and rapid alignment of practices with evolving cloud adoption. Version 3 will also incorporate a new domain within the Guidance, focused on Security-as-a Service. The work in this domain will aim to create definitions and categories within this area, and vendor-neutral guidance for customers. Interested contributors can visit <https://cloudsecurityalliance.org/research/ to participate in any of the working groups. Cloud Security Architecture Reference Model The release of a Cloud Security Architecture reference model within the CSA’s Trusted Cloud Initiative. The Initiative aims to help cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations, and practices. “A tremendous amount of work was done by our members in 2010, and is being used by the community at large today” said Jim Reavis, executive director of the CSA. “We are pleased to build on this progress and continue to expand and evolve our research to meet the rapidly changing security needs of companies looking to adopt cloud computing.”

About Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at

www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa. Contact Zenobia Godschalk [email protected] 650.269.8315