CloudAudit

CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks. The specification provides a standard way to present and share detailed, automated statistics about performance and security.

CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks.

The goal of CloudAudit is to provide cloud service providers with a way to make their performance and security data readily available for potential customers. The specification provides a standard way to present and share detailed, automated statistics about performance and security.

Standardized information makes comparisons among providers easier, reducing the resources required to assemble documentation and analyze the data. CloudAudit is intended to benefit cloud computing providers as well. For example, the cost of responding to a potential customer's compliance controls may be minuscule for a large vendor. However, a small vendor may find it burdensome to provide that information to multiple prospective customers. With CloudAudit, vendors can provide information once and only update when there are changes.

CloudAudit’s development codename was A6 (Automated Audit, Assertion, Assessment, and Assurance API). According to the Internet Engineering Task Force (IETF) draft document, CloudAudit provides “a common interface, naming convention, set of processes and technologies utilizing the HTTP protocol to enable cloud service providers to automate the collection and assertion of operational, security, audit, assessment, and assurance information."

Christofer Hoff, director of cloud and virtualization systems at Cisco Systems Inc., developed the CloudAudit initiative. Others involved in the project include cloud providers, virtualization platform and cloud platform providers, end users, auditors and system integrators. The volunteer, cross-industry effort became an official project of the nonprofit Cloud Security Alliance (CSA) in October 2010.

CSA released CloudAudit as part of a free tool suite for cloud-based Governance, Risk and Compliance (GRC) in November 2010.  The tool consists of a directory or common namespace that serves as an organized repository. Cloud computing providers can put whatever they want within the directories (PDF files, text documents, links to websites, etc.) to indicate how they are addressing requirements within various control frameworks.  The first set of namespaces is compliance-driven with a focus on PCI-DSS, HIPAA, COBIT, ISO 27002 and NIST 800-53.

 

See also: enterprise risk management (ERM), cloud backup, private cloud, government cloud computing plan, GRC software

This was first published in June 2011

Continue Reading About CloudAudit

Glossary

'CloudAudit' is part of the:

View All Definitions

Dig deeper on Cloud Computing Frameworks and Standards

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

File Extensions and File Formats

Powered by:

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close