Featured Research: CUMULUS
Cloud technology offers a powerful approach for the provision of infrastructure, platform and software services without incurring the considerable costs of owning, operating and maintaining the computational infrastructures required for this purpose.
These features also introduce new challenges that we must address and overcome. The cloud computing paradigm raises a series of concerns regarding security, privacy, data governance and compliance, and cloud-based software services. CUMULUS is a framework that aims to address the certification of security properties that cloud platforms should maintain in order to satisfy the security requirements of potential customers.
CUMULUS will address the limitations of service and systems certification by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in the cloud. The CUMULUS framework will bring together consumers, service providers, and cloud suppliers to work with certification authorities to ensure security certificate validity in the ever-changing cloud environment.
CUMULUS will rely on multiple types of evidence regarding security, including service testing, data monitoring, and trusted computing proofs based on models for hybrid, incremental and multi-layer security certification. Whenever possible, evidence gathering will build upon existing standards and practices (e.g., interaction protocols and representation schemes) regarding the provision of information for the assessment of security in clouds.
CSA will contribute its expertise from existing CSA research products, such as the GRC Stack, to help define the model, process and mechanisms. Moreover, CSA will provide support to scenarios validation and dissemination activities by leveraging its large audience of corporate members, working groups, and involvement in major industry events. Furthermore, CSA will facilitate interaction between CUMULUS and standards development organizations (SDOs) through the recently established CSA Standards Secretariat and CSA’s International Standardization Council (ISC).