Publicly Funded Research
CUMULUS will develop an integrated framework of models, processes and tools to support the certification of multi-layer cloud service security properties using multiple types of evidence, including service testing, data monitoring and trusted computing proofs. The project will use hybrid (incorporating different types of evidence), incremental (incorporating change), multi-layer and multi-component security certification.
To ensure its technical soundness and industrial applicability, the CUMULUS framework will be evaluated by referencing cloud application scenarios in Smart Cities and eHealth applications against criteria covering technical, operational, business and legal aspects of the overall certification approach.
The project will develop an interoperable certification infrastructure for managing certificates according to various certification models developed in CUMULUS. It will also create a service engineering process supporting the development of cloud services that can make use of the CUMULUS framework.
CSA’s role is primarily focused on defining the certification model, process and mechanisms, where it contributes expertise and transfers knowledge from existing CSA research products, such as the GRC Stack. CSA also provides support to scenario validation and dissemination activities by leveraging its wide community of experts and cloud providers (CSA corporate members), and the numerous participations in, and organisation of, cloud security events and workshops. CSA facilitates interaction between CUMULUS and standard development organisations (SDOs) through its recently established Standards Secretariat and International Standardisation Council (ISC).
A4Cloud aims to improve the acceptability of cloud-based infrastructures where critical data is perceived to be at risk by extending accountability across entire cloud service value chains, covering personal and business-sensitive information in the cloud. A4Cloud will:
- Enable cloud service providers to give their users appropriate control and transparency over how their data is used.
- Enable users to make choices about how cloud service providers use and protect data in the cloud
- Monitor and check compliance with user expectations, business policies, and regulations
- Implement ethical and effective accountability
- Create policies, guidelines and tools that enforce and facilitate the fulfillment of responsibilities while balancing transparency and privacy
The project will produce a full set of integrated tools tested within an end-to-end use case to demonstrate how A4Cloud’s approach works in practice. It will provide training for developers, cloud service providers and users, and business legal and regulatory communities on its guidelines and tools for implementing accountability.
CSA’s role is to drive contribution to standards and interoperability of the framework. It will also actively participate in the development of metrics for accountability, reference architecture and validation work.
Certification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS)
Cirrus clouds are among the highest clouds in troposphere—CIRRUS will provide “high-level, high-impact” support and coordination for European ICT security research projects in cloud computing. Project activities target standardization, certification schemes, linking research projects with EU policy, internationalization, as well as industry best practices and public private cooperation.
The CIRRUS Consortium and Advisory Board bring together major players in the cloud landscape: users, law enforcement, cloud service providers, auditors, DPAs, policy makers, software developers, and more. It encompasses private and public partners that balance the needs of cloud consumers, providers, and law enforcement while maintaining high-level objectives such as bringing research project results to market or improving trust in cyberspace. Key objectives of the project include the following:
- Analyse (understand, describe, measure and monitor) the complexity of the cloud service delivery supply chain and security implications at each stage (e.g. offshoring)
- Coalesce differing perspectives (e.g. consumer requests for transparency and provider needs to protect confidential business) and provide consolidated opinions as an advisor to EU policy making
- Identify and describe proper measures and actions that increase trust and accelerate cloud adoption (e.g. link trust to trustworthiness by international certification scheme)
CSA’s role in the project is to use its partner networks to analyse current and emerging research topics in the area of standardisation, auditing and certification. The analysis will be used to define topics for the workshops and events. CSA will also act as liaison to other initiatives and will drive industrial impact.
Helix Nebula - The Science Cloud
During a two-year pilot phase, Helix Nebula will be deployed and tested based on three flagship projects proposed by CERN (High Energy Physics), the European Molecular Biology Laboratory and the European Space Agency who are all partners in the project. For example, the project will give CERN, the European laboratory for particle physics, more computing power to process data from the ATLAS experiment at its Large Hadron Collider accelerator.
A total of thirteen commercial partners are working with CSA, the OpenNebula Project and the European Grid Infrastructure (EGI.eu) to establish a federated and secure high-performance cloud computing platform. Commercial partners include ATOS, Capgemini, Cloudsigma, Thales, SAP and T-Systems. The project will invite further commercial and scientific partners as it progresses and will create a sustainable business model to continue after initial funding ceases.
CSA’s role is to manage dissemination and communication in the project. CSA is also actively involved in the definition of the architecture, with responsibility for ensuring information security throughout the project.
CSA & Publicly Funded Research
The Cloud Security Alliance partners with not-for-profit associations and industry groups with shared goals for promoting the use of best practices for providing security assurance within Cloud Computing. For a complete list of CSA Affiliate Members please refer to the Affiliate Member page.
Some affiliate partnerships will result in the production of collaborative research reports or other downloadable products. These may be accessed by selecting from the list of affiliate partners to the left.
- PCI DSS v3.2 Candidate Mapping - December 5, 2016
- Top Threats to Cloud Computing Update 2016-2017 - December 4, 2016
- Observations and Recommendations on Connected Vehicle Security - October 27, 2016
Security Trust and Assurance Registry
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
- Coalfire ISO
- IHS Markit
- Alert Logic
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.