Aiming to tackle security concerns about cloud computing, the Distributed Management Task Force has launched an effort to develop cloud computing audit specifications.
The DMTF, an industry group that develops systems management standards, recently formed the Cloud Audit Data Federation Work Group (CADF), which will develop specifications that address a cloud provider’s ability to audit its systems for security.
The work group is “focused on being able to come up with a standard way to federate all the audit information about IT resources, logs and reports, and coming up with a common way to describe and extract that information,” Winston Bumpus, DMTF president, said in an interview.
Cloud service customers need to be able to get information on what’s going on in the infrastructure, he said. “If there are outages, failures or other events – to be able to expose that in a standard way,” he said.
“One of the things cloud tends do is hide a lot of the complexities by having these virtualized environments,” Bumpus said. “Understanding what’s going on in the infrastructure is important when you’re running production applications and services in the cloud.”
Ultimately, the group’s goal is to instill greater confidence in cloud services. Security is one of the key challenges to achieving the vision of cloud computing, along with interoperability and portability, Bumpus said. Standards like those being developed by CADF are needed “to take advantage of the promise of cloud computing,” he added.
The working group will collaborate with DMFT alliance partners, including the Cloud Security Alliance. The CSA’s CloudAudit has come up with a standardized namespace, which the CADF group will integrate into its work, Bumpus said.
The CADF effort is part of the DMTF’s overall cloud computing strategy. The DMTF’s Cloud Management Work Group has released Open Virtualization Format, which Bumpus said addresses the portability issue by providing a standard way to package workloads that are exchanged between clouds. Also, DMTF last year launched its Software License Management Incubator, which is working on the issue of how companies can ensure they’re complying with license entitlements when they move workloads from a private data center to the cloud.
The CADF work group plans to release specifications next year.
The DMTF counts 160 member companies and more than 4,000 participants in 43 countries. Its board of directors includes representatives from Cisco Systems, Microsoft, IBM and Intel.