Definition

CloudAudit

CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks.

The goal of CloudAudit is to provide cloud service providers with a way to make their performance and security data readily available for potential customers. The specification provides a standard way to present and share detailed, automated statistics about performance and security.

Standardized information makes comparisons among providers easier, reducing the resources required to assemble documentation and analyze the data. CloudAudit is intended to benefit cloud computing providers as well. For example, the cost of responding to a potential customer's compliance controls may be minuscule for a large vendor. However, a small vendor may find it burdensome to provide that information to multiple prospective customers. With CloudAudit, vendors can provide information once and only update when there are changes.

CloudAudit’s development codename was A6 (Automated Audit, Assertion, Assessment, and Assurance API). According to the Internet Engineering Task Force (IETF) draft document, CloudAudit provides “a common interface, naming convention, set of processes and technologies utilizing the HTTP protocol to enable cloud service providers to automate the collection and assertion of operational, security, audit, assessment, and assurance information."

Christofer Hoff, director of cloud and virtualization systems at Cisco Systems Inc., developed the CloudAudit initiative. Others involved in the project include cloud providers, virtualization platform and cloud platform providers, end users, auditors and system integrators. The volunteer, cross-industry effort became an official project of the nonprofit Cloud Security Alliance (CSA) in October 2010.

CSA released CloudAudit as part of a free tool suite for cloud-based Governance, Risk and Compliance (GRC) in November 2010.  The tool consists of a directory or common namespace that serves as an organized repository. Cloud computing providers can put whatever they want within the directories (PDF files, text documents, links to websites, etc.) to indicate how they are addressing requirements within various control frameworks.  The first set of namespaces is compliance-driven with a focus on PCI-DSS, HIPAA, COBIT, ISO 27002 and NIST 800-53.

 

See also: enterprise risk management (ERM), cloud backup, private cloud, government cloud computing plan, GRC software

This was last updated in June 2011
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchCloudSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: