CSA Official Press Release

Published 03/19/2014

Featured Research: CUMULUS

Featured Research: CUMULUS

Cloud technology offers a powerful approach for the provision of infrastructure, platform and software services without incurring the considerable costs of owning, operating and maintaining the computational infrastructures required for this purpose.

These features also introduce new challenges that we must address and overcome. The cloud computing paradigm raises a series of concerns regarding security, privacy, data governance and compliance, and cloud-based software services. CUMULUS is a framework that aims to address the certification of security properties that cloud platforms should maintain in order to satisfy the security requirements of potential customers.


CUMULUS will address the limitations of service and systems certification by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in the cloud. The CUMULUS framework will bring together consumers, service providers, and cloud suppliers to work with certification authorities to ensure security certificate validity in the ever-changing cloud environment.

CUMULUS will rely on multiple types of evidence regarding security, including service testing, data monitoring, and trusted computing proofs based on models for hybrid, incremental and multi-layer security certification. Whenever possible, evidence gathering will build upon existing standards and practices (e.g., interaction protocols and representation schemes) regarding the provision of information for the assessment of security in clouds.

CSA’s Role

CSA will contribute its expertise from existing CSA research products, such as the GRC Stack, to help define the model, process and mechanisms. Moreover, CSA will provide support to scenarios validation and dissemination activities by leveraging its large audience of corporate members, working groups, and involvement in major industry events. Furthermore, CSA will facilitate interaction between CUMULUS and standards development organizations (SDOs) through the recently established CSA Standards Secretariat and CSA’s International Standardization Council (ISC).

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.