Publicly Funded Research
CUMULUS will develop an integrated framework of models, processes and tools to support the certification of multi-layer cloud service security properties using multiple types of evidence, including service testing, data monitoring and trusted computing proofs. The project will use hybrid (incorporating different types of evidence), incremental (incorporating change), multi-layer and multi-component security certification.
To ensure its technical soundness and industrial applicability, the CUMULUS framework will be evaluated by referencing cloud application scenarios in Smart Cities and eHealth applications against criteria covering technical, operational, business and legal aspects of the overall certification approach.
The project will develop an interoperable certification infrastructure for managing certificates according to various certification models developed in CUMULUS. It will also create a service engineering process supporting the development of cloud services that can make use of the CUMULUS framework.
CSA’s role is primarily focused on defining the certification model, process and mechanisms, where it contributes expertise and transfers knowledge from existing CSA research products, such as the GRC Stack. CSA also provides support to scenario validation and dissemination activities by leveraging its wide community of experts and cloud providers (CSA corporate members), and the numerous participations in, and organisation of, cloud security events and workshops. CSA facilitates interaction between CUMULUS and standard development organisations (SDOs) through its recently established Standards Secretariat and International Standardisation Council (ISC).
A4Cloud aims to improve the acceptability of cloud-based infrastructures where critical data is perceived to be at risk by extending accountability across entire cloud service value chains, covering personal and business-sensitive information in the cloud. A4Cloud will:
- Enable cloud service providers to give their users appropriate control and transparency over how their data is used.
- Enable users to make choices about how cloud service providers use and protect data in the cloud
- Monitor and check compliance with user expectations, business policies, and regulations
- Implement ethical and effective accountability
- Create policies, guidelines and tools that enforce and facilitate the fulfillment of responsibilities while balancing transparency and privacy
The project will produce a full set of integrated tools tested within an end-to-end use case to demonstrate how A4Cloud’s approach works in practice. It will provide training for developers, cloud service providers and users, and business legal and regulatory communities on its guidelines and tools for implementing accountability.
CSA’s role is to drive contribution to standards and interoperability of the framework. It will also actively participate in the development of metrics for accountability, reference architecture and validation work.
Certification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS)
Cirrus clouds are among the highest clouds in troposphere—CIRRUS will provide “high-level, high-impact” support and coordination for European ICT security research projects in cloud computing. Project activities target standardization, certification schemes, linking research projects with EU policy, internationalization, as well as industry best practices and public private cooperation.
The CIRRUS Consortium and Advisory Board bring together major players in the cloud landscape: users, law enforcement, cloud service providers, auditors, DPAs, policy makers, software developers, and more. It encompasses private and public partners that balance the needs of cloud consumers, providers, and law enforcement while maintaining high-level objectives such as bringing research project results to market or improving trust in cyberspace. Key objectives of the project include the following:
- Analyse (understand, describe, measure and monitor) the complexity of the cloud service delivery supply chain and security implications at each stage (e.g. offshoring)
- Coalesce differing perspectives (e.g. consumer requests for transparency and provider needs to protect confidential business) and provide consolidated opinions as an advisor to EU policy making
- Identify and describe proper measures and actions that increase trust and accelerate cloud adoption (e.g. link trust to trustworthiness by international certification scheme)
CSA’s role in the project is to use its partner networks to analyse current and emerging research topics in the area of standardisation, auditing and certification. The analysis will be used to define topics for the workshops and events. CSA will also act as liaison to other initiatives and will drive industrial impact.
Helix Nebula - The Science Cloud
During a two-year pilot phase, Helix Nebula will be deployed and tested based on three flagship projects proposed by CERN (High Energy Physics), the European Molecular Biology Laboratory and the European Space Agency who are all partners in the project. For example, the project will give CERN, the European laboratory for particle physics, more computing power to process data from the ATLAS experiment at its Large Hadron Collider accelerator.
A total of thirteen commercial partners are working with CSA, the OpenNebula Project and the European Grid Infrastructure (EGI.eu) to establish a federated and secure high-performance cloud computing platform. Commercial partners include ATOS, Capgemini, Cloudsigma, Thales, SAP and T-Systems. The project will invite further commercial and scientific partners as it progresses and will create a sustainable business model to continue after initial funding ceases.
CSA’s role is to manage dissemination and communication in the project. CSA is also actively involved in the definition of the architecture, with responsibility for ensuring information security throughout the project.
CSA & Publicly Funded Research
The Cloud Security Alliance partners with not-for-profit associations and industry groups with shared goals for promoting the use of best practices for providing security assurance within Cloud Computing. For a complete list of CSA Affiliate Members please refer to the Affiliate Member page.
Some affiliate partnerships will result in the production of collaborative research reports or other downloadable products. These may be accessed by selecting from the list of affiliate partners to the left.
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
- Nok Nok Labs
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
CSA Federal Summit
May 5, 2015, Washington, DC Featuring Jim Reavis, CEO Cloud Security Alliance “CSA Software Defined Perimeter Initiative”, the program will cover Cloud Computing in the DoD, Enterprise Lessons Learned, Mobile Security and FedRAMP among other topics. Attendance for this full-day conference is free for government. CCSK Training will follow the summit For more information visit:...
CSA ASEAN Summit 2015
June 11–12, 2015, Bangkok, Thailand The ASEAN CSA Summit 2015 is an ASEAN industry event for IT security professionals and executives. The event aims to bring awareness to and further educate conference attendees about the rapidly evolving subject of cloud security. In addition, it offers best practices and practical solutions for the security in clouds....
CSA Norway Summer Conference
June 15, 2015, Oslo, Norway Annual Conference Focus on strategy and business use of security and cloud Targets: Norway and the Nordics Largest CISO/Security Strategy focused conference Community driven The One Conference to attend 4 Parallel tracks Conference site
CSA Taiwan Congress 2015
August 18-20, 2015, Taipei, Taiwan In the era of cloud computing, information security issues have become global in nature and are no longer confined to geographical boundaries. The CSA Taiwan Congress 2015 will be held in conjunction with the The Honeynet Project Taiwan Conference 2015. The event will aim to keep attendees up-to-date with the...
CSA APAC Summit 2015
July 21, 2015, Singapore “Safe Cities: Securing the Cyber – World of Greying Boundaries” With the prevalence of mobile computing and the Internet-of-Things, the boundaries of data, devices, people and their operations have already began to blur. This creates new challenges for information security as protection at the edges only is no longer seen as...
CSA Congress US
CSA Congress at the Privacy. Security. Risk. Conference September 29 – October 1, 2015, Las Vegas, NV Now accepting speaker proposals! The deadline for submissions is March 13th. Click here for Speaker Guidelines & Submissions Pre-register between now and April 30th and save $200 off Early Bird rates—that’s $400 off of the regular main conference...
CSA Congress EMEA
November 17 – 20, 2015, Berlin, Germany Now accepting speaker proposals! The Deadline for submissions is June 1, 2015 Click here for speaker guidelines Click here for Speaker Submissions