Guide: Examining cloud computing security standards, guidelines

Guide: Examining cloud computing security standards, guidelines

Providing security assurance in cloud computing environments isn’t easy, but thankfully, there are a variety of industry cloud computing standards and guidelines that can be used to assess CSP security and ensure cloud service providers (CSP) are following best practices.

This mini learning guide outlines a variety of could computing security standards and guidelines, including CSA’s STAR, NIST’s SP500 and the SSAE16 auditing standard and explains how enterprises can use them to achieve security assurance in in the cloud.

Table of contents:

Using SSAE 16 standard, SOC reports to assess cloud provider security

The Statement on Auditing Standards No. 70 report, usually referred to as SAS 70, has been replaced by the SSAE 16 and SOC reports as the audit standard of enterprise financial and infrastructure-related internal controls. But, do SSAE 16 and SOC reports give organizations any more visibility into a cloud provider’s security?

In this article, security expert Dave Shackleford explains the SSAE standard and SOC reports, and examines how enterprises can use them to evaluate cloud service provider (CSP) security.

CSA launches cloud security certification initiative for service providers

The Cloud Security Alliance (CSA) recently announced its Open Certification Framework, a cloud security certification program designed to enable certification that cloud service providers implement security controls in line with the CSA’s guidance. The program involves working with standards bodies such as ISO to enable cloud provider certification as well as offering an independent certification.

FedRAMP cloud computing standards initiative spurs optimism, criticism

The Federal Risk and Authorization Program (FedRAMP), which sets a standard approach for assessing the security of cloud services and products against a baseline of controls with the goal of cutting the cost and time spent on agency cloud authorizations has garnered both optimism and criticism from industry experts. Some argue that while FedRAMP provides some potential benefits, it also faces possible pitfalls.

Calls for cloud security guidelines, transparency getting louder

Enterprises are elevating the need for cloud transparency in negotiations with cloud computing providers. Mechanisms such as the Cloud Security Alliance’s STAR registry provide customers and providers with a standard for sharing security information in a public forum.

In this news piece, learn more about the need and demand for cloud computing security transparency, as well as the standards-based effort to increase and regulate transparency.

Tim Rains on cloud computing security standards, CSP transparency

In this video interview, conducted at RSA Conference 2012, Tim Rains, director of product management in Microsoft’s Trustworthy Computing group, discusses emerging cloud computing security standards efforts, the need for cloud provider transparency, and Microsoft’s efforts in several of CSA projects, including the Cloud Controls Matrix.

FedRAMP certification draws interest; cloud monitoring guidelines coming soon

FedRAMP certification is drawing interest from numerous cloud computing providers, according to David McClure, associate administrator of the General Services Administration's Office of Citizen Services and Communication