The Cloud Security Alliance recently announced a licensing agreement for a tool designed by IT service provider CSC to provide cloud transparency.
The tool, Cloud Trust Protocol, will become part of the CSA’s Governance, Risk and Compliance stack, an integrated suite of tools for assessing cloud computing services against industry best practices and standards. Like the rest of the GRC stack, the CTP will be available for free download.
The CTP provides a standard mechanism for cloud customers to request and receive information from cloud providers on 23 areas of cloud transparency, including vulnerabilities, configurations, access and authorizations.
“This enables customers to get the information they need to make the most important decisions about their data in the cloud,” said Matt Metheny, senior product manager of cloud controls and compliance services at Falls Church, Va.-based CSC.
For example, customers who must adhere to restrictions on data location can find out if and where their data will be anchored, he said.
The CTP adds another layer onto the CSA’s GRC stack, which has components that are tied to specific control frameworks, Metheny said. While the CTP provides support for specific controls, it isn’t tied to a specific framework.
“The whole point is restoring digital trust -- giving the consumer the ownership to make a decision,” Matheny said. “The level of transparency is up to consumers to make. The more they can know about their information in the cloud, the better.”
CSC granted a no-cost, royalty-free license to CSA for CTP.