Publicly Funded Research
CUMULUS will develop an integrated framework of models, processes and tools to support the certification of multi-layer cloud service security properties using multiple types of evidence, including service testing, data monitoring and trusted computing proofs. The project will use hybrid (incorporating different types of evidence), incremental (incorporating change), multi-layer and multi-component security certification.
To ensure its technical soundness and industrial applicability, the CUMULUS framework will be evaluated by referencing cloud application scenarios in Smart Cities and eHealth applications against criteria covering technical, operational, business and legal aspects of the overall certification approach.
The project will develop an interoperable certification infrastructure for managing certificates according to various certification models developed in CUMULUS. It will also create a service engineering process supporting the development of cloud services that can make use of the CUMULUS framework.
CSA’s role is primarily focused on defining the certification model, process and mechanisms, where it contributes expertise and transfers knowledge from existing CSA research products, such as the GRC Stack. CSA also provides support to scenario validation and dissemination activities by leveraging its wide community of experts and cloud providers (CSA corporate members), and the numerous participations in, and organisation of, cloud security events and workshops. CSA facilitates interaction between CUMULUS and standard development organisations (SDOs) through its recently established Standards Secretariat and International Standardisation Council (ISC).
A4Cloud aims to improve the acceptability of cloud-based infrastructures where critical data is perceived to be at risk by extending accountability across entire cloud service value chains, covering personal and business-sensitive information in the cloud. A4Cloud will:
- Enable cloud service providers to give their users appropriate control and transparency over how their data is used.
- Enable users to make choices about how cloud service providers use and protect data in the cloud
- Monitor and check compliance with user expectations, business policies, and regulations
- Implement ethical and effective accountability
- Create policies, guidelines and tools that enforce and facilitate the fulfillment of responsibilities while balancing transparency and privacy
The project will produce a full set of integrated tools tested within an end-to-end use case to demonstrate how A4Cloud’s approach works in practice. It will provide training for developers, cloud service providers and users, and business legal and regulatory communities on its guidelines and tools for implementing accountability.
CSA’s role is to drive contribution to standards and interoperability of the framework. It will also actively participate in the development of metrics for accountability, reference architecture and validation work.
Certification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS)
Cirrus clouds are among the highest clouds in troposphere—CIRRUS will provide “high-level, high-impact” support and coordination for European ICT security research projects in cloud computing. Project activities target standardization, certification schemes, linking research projects with EU policy, internationalization, as well as industry best practices and public private cooperation.
The CIRRUS Consortium and Advisory Board bring together major players in the cloud landscape: users, law enforcement, cloud service providers, auditors, DPAs, policy makers, software developers, and more. It encompasses private and public partners that balance the needs of cloud consumers, providers, and law enforcement while maintaining high-level objectives such as bringing research project results to market or improving trust in cyberspace. Key objectives of the project include the following:
- Analyse (understand, describe, measure and monitor) the complexity of the cloud service delivery supply chain and security implications at each stage (e.g. offshoring)
- Coalesce differing perspectives (e.g. consumer requests for transparency and provider needs to protect confidential business) and provide consolidated opinions as an advisor to EU policy making
- Identify and describe proper measures and actions that increase trust and accelerate cloud adoption (e.g. link trust to trustworthiness by international certification scheme)
CSA’s role in the project is to use its partner networks to analyse current and emerging research topics in the area of standardisation, auditing and certification. The analysis will be used to define topics for the workshops and events. CSA will also act as liaison to other initiatives and will drive industrial impact.
Helix Nebula - The Science Cloud
During a two-year pilot phase, Helix Nebula will be deployed and tested based on three flagship projects proposed by CERN (High Energy Physics), the European Molecular Biology Laboratory and the European Space Agency who are all partners in the project. For example, the project will give CERN, the European laboratory for particle physics, more computing power to process data from the ATLAS experiment at its Large Hadron Collider accelerator.
A total of thirteen commercial partners are working with CSA, the OpenNebula Project and the European Grid Infrastructure (EGI.eu) to establish a federated and secure high-performance cloud computing platform. Commercial partners include ATOS, Capgemini, Cloudsigma, Thales, SAP and T-Systems. The project will invite further commercial and scientific partners as it progresses and will create a sustainable business model to continue after initial funding ceases.
CSA’s role is to manage dissemination and communication in the project. CSA is also actively involved in the definition of the architecture, with responsibility for ensuring information security throughout the project.
CSA & Publicly Funded Research
The Cloud Security Alliance partners with not-for-profit associations and industry groups with shared goals for promoting the use of best practices for providing security assurance within Cloud Computing. For a complete list of CSA Affiliate Members please refer to the Affiliate Member page.
Some affiliate partnerships will result in the production of collaborative research reports or other downloadable products. These may be accessed by selecting from the list of affiliate partners to the left.
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
CSA CEE Summit 2015
We are delighted to announce 3rd annual CSA CEE SUMMIT for cloud security professionals: https://csa-cee-summit.eu/
CSA Summit 2015: Enterprise Cloud Adoption and Security Lessons Learned
Monday, April 20, 2015, 9:00am to 12:00pm in Moscone Center West, San Francisco, CA CSA Summit Website Cloud computing is now a mission critical part of the enterprise. Join us for CSA Summit 2015 to discover lessons learned from enterprise experts in securing their clouds and achieving compliance objectives. A global list of industry experts...
CSA Federal Summit
May 5, 2015, Washington, DC Featuring Bob Flores, former CTO, CIA presenting “CSA Software Defined Perimeter Initiative”, the program will cover Cloud Computing in the DoD, Enterprise Lessons Learned, Mobile Security and FedRAMP among other topics. Attendance for this full-day conference is free for government. For more information visit: Cloud Security Alliance Federal Summit 2015
CSA ASEAN Summit 2015
June 10-12, 2015, Bangkok, Thailand SAVE THE DATE: More information to be posted shortly.
CSA Norway Summer Conference
June 15, 2015, Oslo, Norway Annual Conference Focus on strategy and business use of security and cloud Targets: Norway and the Nordics Largest CISO/Security Strategy focused conference Community driven The One Conference to attend 4 Parallel tracks Conference site
CSA Taiwan Congress 2015
June 29-July 1, 2015, Taipei, Taiwan SAVE THE DATE: More information to be posted shortly.
CSA Summit Singapore
July 21, 2015, Singapore Cloud Security Alliance brings its signature CSA Summit to the RSA Conference APJ in Singapore on July 21, 2015. Cloud computing is now a mission critical part of the enterprise. Join us to learn how cloud is being secured globally and in Asia. Summit attendees will discover lessons learned from enterprise...
CSA Congress US
CSA Congress at the Privacy. Security. Risk. Conference September 29 – October 1, 2015, Las Vegas, NV Now accepting speaker proposals! The deadline for submissions is March 13th. Click here for Speaker Guidelines & Submissions Pre-register between now and April 30th and save $200 off Early Bird rates—that’s $400 off of the regular main conference...
CSA Congress EMEA
November 17 – 20, 2015 Berlin, Germany SAVE THE DATE: More information to be posted shortly.