The Cloud Security Alliance (CSA), a not-for-profit organization that promotes the use of best practices for providing security assurance within cloud computing environments, unveiled this week the third version of its Security Guidance for Critical Areas of Focus in Cloud Computing. The effort provides a roadmap for organizations wanting to adopt cloud initiatives securely.
One of the key updates in Version Three is that the domains, or technology subject areas it covers, have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment. In addition, the guidelines now include a new domain for security-as-a-service.
“Cloud technologies and the adoption of cloud-based computing and standards have grown tremendously in the two years since the publication of our previous version of the Guidance,” Archie Reed, chief technologist for cloud security at Hewlett-Packard and one of the three editors of the guidelines, said in a statement. “The thinking on cloud—the tools and the techniques—has evolved significantly, and Version 3 provides the latest best practices to meet today’s challenges while demystifying the concept of cloud services.”
The new version “is a significant overhaul of a huge body of work, needed to keep up with the rapidly changing landscape of cloud technologies and challenges,” Jim Reavis, co-founder and executive director of the CSA, said in a statement.
The original version was released in April 2009 and Version 2.1 was released in January 2010.
CSA also said that Google, Verizon, Intel, McAfee, Microsoft and Savvis plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.