Cloud Component Specifications Working Group

Introduction to the Cloud Component Specifications Working Group

From a user perspective, Cloud is a service. However, for Cloud Service Providers (CSPs), integrators and channel partners who construct or build the Cloud, the Cloud architecture is comprised of many Cloud computing components. Examples of these components are hypervisors, Cloud operating systems (CloudOS) components such as “Swift”, “Glance” for OpenStack, virtual desktop infrastructure (VDI) platforms, cloud dedicated firewalls and so on.

How can we evaluate the security of these Cloud components? Currently, most of the security standards related to Cloud Computing focus on the information security management system (ISMS). However, these standards are insufficient to evaluate cloud component security because they focus on management security rather than the technical security requirements of the components. In order to address this gap, we propose to develop internationally recognized technical security specifications for cloud components.

Cloud Component Specifications Working Group Leadership

Cloud Component Specifications Co-chairs

Xiaoyu Ge

Xiaoyu Ge

Xiaoyu Ge is the Senior Security Standards Manager of Huawei IT Product Line which include cloud computing, big data, storage, and server products and services. He is also active as security expert in SDOs, He is the ISO/IEC JTC1 SC27 WG expert of China Nation Body, he is the rapporteur of several SC27 project such as “Requirements for establishing roots of trust for virtualized environment”. He participated in CSA several years ago, he is the main contributor of CSA “Best Practices for Mitigating Risks in Virtualized Environments”. He is also the CSA ISC member. Currently, his research interests focus on cloud security.

Cloud Component Specifications Working Group Initiatives

Please contact Working Group Leadership for more information.

Join Working Group

Address Information

In what ways do you see yourself contributing?

Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:

Cloud Component Specifications Working Group Downloads

Cloud OS Security Specification

Cloud OS Security Specification

This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security.

Release Date: 05/07/2019