CloudTrust Protocol Arrow to Content

Upcoming Work Group Meetings & Volunteer Opportunities

Introduction to CloudTrust Protocol

The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers (also known as “cloud users” or “cloud service owners”) ask for and receive information about the elements of transparency as applied to cloud service providers. The primary purpose of the CTP and the elements of transparency is to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described, …, and nothing else. This is a classic application of the definition of digital trust. And, assured of such evidence, cloud consumers become liberated to bring more sensitive and valuable business functions to the cloud, and reap even larger payoffs. With the CTP cloud consumers are provided a way to find out important pieces of information concerning the compliance, security, privacy, integrity, and operational security history of service elements being performed “in the cloud”.

These important pieces of information are known as the “elements of transparency”, and they deliver testimony about essential security configuration and operational characteristics for systems deployed in the cloud. The elements of transparency empower the cloud consumer with the right information to make the right choices about what processing and data to put in the cloud or leave in the cloud, and to decide which cloud is best suited to satisfy processing needs. This is the nature of digital trust, and reinforces again why such reclaimed transparency is so essential to new enterprise value creation. Transparency of certain important elements of information is at the root of digital trust, and thus the source of value capture and payoff.

CloudTrust Protocol Leadership

Chair:
TBD

Download CloudSIRT Related Documents

CloudTrust Protocol Information Overview Powerpoint

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2011

CloudTrust Protocol Information Overview

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: June 01, 2011

A Precis for the CloudTrust Protocol (V2.0)

The CloudTrust Protocol (CTP) offers an uncomplicated, natural way to request and receive fundamental information about essential elements of transparency.

Release Date: September 01, 2010

Cloud Trust Protocol News

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

June 12, 2013

CSA Seeks Input For Open Peer Review: Cloud Trust Protocol Work Group Charter

The Cloud Security Alliance Cloud Trust Protocol (CTP) Working Group would like to invite you to review and comment on their updated work group charter.

June 12, 2013

Cloud Security Alliance Seeking Co-chairs for the Cloud Trust Protocol Working Group

The CSA Cloud Trust Protocol (CTP) Working Group is seeking new co-chairs to lead research in the areas of continuous monitoring/auditing for cloud assurance and transparency certification.

April 21, 2012

CSA Seeks Input on the CTP Reference Architecture Model

The CSA CloudTrust Protocol (CTP) would like to invite you to review and comment on the CTP Reference Architecture Model.

July 06, 2011

CSA Announces Licensing Agreement With CSC For Cloudtrust Protocol

CSA announced that it has received a nocost license for the CloudTrust Protocol (CTP) from CSC. The CTP is being integrated as the fourth pillar of the CSA’s cloud Governance, Risk and Compliance (GRC) stack. The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

Page Dividing Line