Publicly Funded Research
CUMULUS will develop an integrated framework of models, processes and tools to support the certification of multi-layer cloud service security properties using multiple types of evidence, including service testing, data monitoring and trusted computing proofs. The project will use hybrid (incorporating different types of evidence), incremental (incorporating change), multi-layer and multi-component security certification.
To ensure its technical soundness and industrial applicability, the CUMULUS framework will be evaluated by referencing cloud application scenarios in Smart Cities and eHealth applications against criteria covering technical, operational, business and legal aspects of the overall certification approach.
The project will develop an interoperable certification infrastructure for managing certificates according to various certification models developed in CUMULUS. It will also create a service engineering process supporting the development of cloud services that can make use of the CUMULUS framework.
CSA’s role is primarily focused on defining the certification model, process and mechanisms, where it contributes expertise and transfers knowledge from existing CSA research products, such as the GRC Stack. CSA also provides support to scenario validation and dissemination activities by leveraging its wide community of experts and cloud providers (CSA corporate members), and the numerous participations in, and organisation of, cloud security events and workshops. CSA facilitates interaction between CUMULUS and standard development organisations (SDOs) through its recently established Standards Secretariat and International Standardisation Council (ISC).
A4Cloud aims to improve the acceptability of cloud-based infrastructures where critical data is perceived to be at risk by extending accountability across entire cloud service value chains, covering personal and business-sensitive information in the cloud. A4Cloud will:
- Enable cloud service providers to give their users appropriate control and transparency over how their data is used.
- Enable users to make choices about how cloud service providers use and protect data in the cloud
- Monitor and check compliance with user expectations, business policies, and regulations
- Implement ethical and effective accountability
- Create policies, guidelines and tools that enforce and facilitate the fulfillment of responsibilities while balancing transparency and privacy
The project will produce a full set of integrated tools tested within an end-to-end use case to demonstrate how A4Cloud’s approach works in practice. It will provide training for developers, cloud service providers and users, and business legal and regulatory communities on its guidelines and tools for implementing accountability.
CSA’s role is to drive contribution to standards and interoperability of the framework. It will also actively participate in the development of metrics for accountability, reference architecture and validation work.
Certification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS)
Cirrus clouds are among the highest clouds in troposphere—CIRRUS will provide “high-level, high-impact” support and coordination for European ICT security research projects in cloud computing. Project activities target standardization, certification schemes, linking research projects with EU policy, internationalization, as well as industry best practices and public private cooperation.
The CIRRUS Consortium and Advisory Board bring together major players in the cloud landscape: users, law enforcement, cloud service providers, auditors, DPAs, policy makers, software developers, and more. It encompasses private and public partners that balance the needs of cloud consumers, providers, and law enforcement while maintaining high-level objectives such as bringing research project results to market or improving trust in cyberspace. Key objectives of the project include the following:
- Analyse (understand, describe, measure and monitor) the complexity of the cloud service delivery supply chain and security implications at each stage (e.g. offshoring)
- Coalesce differing perspectives (e.g. consumer requests for transparency and provider needs to protect confidential business) and provide consolidated opinions as an advisor to EU policy making
- Identify and describe proper measures and actions that increase trust and accelerate cloud adoption (e.g. link trust to trustworthiness by international certification scheme)
CSA’s role in the project is to use its partner networks to analyse current and emerging research topics in the area of standardisation, auditing and certification. The analysis will be used to define topics for the workshops and events. CSA will also act as liaison to other initiatives and will drive industrial impact.
Helix Nebula - The Science Cloud
During a two-year pilot phase, Helix Nebula will be deployed and tested based on three flagship projects proposed by CERN (High Energy Physics), the European Molecular Biology Laboratory and the European Space Agency who are all partners in the project. For example, the project will give CERN, the European laboratory for particle physics, more computing power to process data from the ATLAS experiment at its Large Hadron Collider accelerator.
A total of thirteen commercial partners are working with CSA, the OpenNebula Project and the European Grid Infrastructure (EGI.eu) to establish a federated and secure high-performance cloud computing platform. Commercial partners include ATOS, Capgemini, Cloudsigma, Thales, SAP and T-Systems. The project will invite further commercial and scientific partners as it progresses and will create a sustainable business model to continue after initial funding ceases.
CSA’s role is to manage dissemination and communication in the project. CSA is also actively involved in the definition of the architecture, with responsibility for ensuring information security throughout the project.
CSA & Publicly Funded Research
The Cloud Security Alliance partners with not-for-profit associations and industry groups with shared goals for promoting the use of best practices for providing security assurance within Cloud Computing. For a complete list of CSA Affiliate Members please refer to the Affiliate Member page.
Some affiliate partnerships will result in the production of collaborative research reports or other downloadable products. These may be accessed by selecting from the list of affiliate partners to the left.
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
CSA ASEAN Summit 2015
June 11–12, 2015, Bangkok, Thailand The ASEAN CSA Summit 2015 is an ASEAN industry event for IT security professionals and executives. The event aims to bring awareness to and further educate conference attendees about the rapidly evolving subject of cloud security. In addition, it offers best practices and practical solutions for the security in clouds....
CSA Norway Summer Conference
June 15, 2015, Oslo, Norway Annual Conference Focus on strategy and business use of security and cloud Targets: Norway and the Nordics Largest CISO/Security Strategy focused conference Community driven The One Conference to attend 4 Parallel tracks Take me to the Conference Site
CSA APAC Summit 2015 at RSA Conference APJ
July 21, 2015, Singapore Enterprise Cloud Adoption and Security Lessons Learned Cloud computing is now a mission critical part of the enterprise. Join us for CSA Summit at RSA Conference APJ to discover lessons learned from enterprise experts in securing their clouds and achieving compliance objectives. A global list of industry experts will share their...
CSA Taiwan Congress 2015
August 18-20, 2015, Taipei, Taiwan In the era of cloud computing, information security issues have become global in nature and are no longer confined to geographical boundaries. The CSA Taiwan Congress 2015 will be held in conjunction with the The Honeynet Project Taiwan Conference 2015. The event will aim to keep attendees up-to-date with the...
CSA NY Summit 2015
September 16, 2015 Manhattan, NY The full day Cloud Security Alliance NYC Summit is a standalone event in Manhattan on September 16, 2015. This summit is co-hosted by the CSA NY Metro and CSA Delaware Valley chapters. We expect to draw about 200 well qualified attendees with an interest in cloud security from the local...
CSA Congress US
CSA Congress at the Privacy. Security. Risk. Conference September 29 – October 1, 2015, Las Vegas, NV Presented by the Privacy Academy and the CSA Congress, P.S.R. brings you the same great education you’ve come to expect—and more. P.S.R. will again bring together two industry leading events to provide attendees with more than double the...
CSA Congress EMEA 2015
November 17 – 20, 2015, Berlin, Germany Building on the success of achievements in the areas of research, education, policy support and certification, CSA will host the 4th annual CSA Congress EMEA. Once again CSA Congress EMEA will attract a unique mix of thoughts leaders, policy and decision makers representing the key industry players, cloud...
CSA LA Summit 2015
December 7, 2015, Los Angeles The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area on December 7, 2015. This summit is hosted by the CSA LA/SoCal chapter. We expect to draw about 200 well qualified attendees with an interest in cloud security from the local region....