The Cloud Security Alliance on Wednesday announced a partnership with the International Organization for Standardization to develop cloud security standards.
The partnership, which was announced at the CSA Summit at Infosecurity Europe in London, involves the CSA, establishing a Category C liaison relationship with ISO/International Electrotechnical Commission’s Joint Technical Committee 1/Sub Committee 27 (JTC 1/SC27). According to the CSA, Category C liaisons are organizations that “make an effective technical contribution and participate actively” in the working groups under SC 27.
The CSA said it will initially collaborate on two projects with the SC 27: A new work item proposal for cloud security that reinforces work done on the Code of Practice for Information Security Management within the ISO/IEC 27002 standard, and a new section on information security for supplier relationships under the ISO/IEC 27036 standard.
“The security and privacy of cloud computing services are an ever-growing concern to users and consumers of these services,” SC 27 Chairman Walter Fumy said in a prepared statement. “ISO/IEC JTC 1/SC 27 is now embarking on the development of a series of standards that will address the security and privacy issues of cloud computing services.”
The cooperation with the CSA, he said, “adds significant value to this work … as it facilities an important communication channel for the promotion of cloud computing security standards amongst the security community.”
Dave Cullinane, CSA chairman of the board, said in a prepared statement: “By working closely with the ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now.”
The non-profit CSA is a coalition of security practitioners, industry experts and vendors. The group, which has more than 13,000 members, has published security guidance on the critical areas of focus for cloud computing, a paper on top cloud computing threats, and last fall released the CSA Governance, Risk Management and Compliance Stack. The GRC stack is a set of three free tools designed to help companies, cloud providers and others to assess both private and public clouds against industry standards, best practices and compliance requirements.