Directories

Cloud Standards Customer Council Forms Security Working Group and Initiates Work On Service Level Agreement Guidance Document

2012-02-08
  • Company:
  • The Cloud Standards Customer Council
  • (Company Info)

NEEDHAM, Mass. ---- Members of the Cloud Standards Customer Council (CSCC) have formed a new Security working group and are soliciting participation. The Security working group will be led by David E. Harris, Ph.D., Sr. Regulatory Compliance Architect, Boeing, and Ryan Kean, Director, Enterprise Platform Technical Services, The Kroger Co.

Security is consistently highlighted as one of the top inhibitors to the adoption of cloud computing and an area of great interest to customers. The Security working group will focus on developing high priority use cases for cloud security that reflect the issues and pain points customers are experiencing in various cloud deployment models (private, public and hybrid). A wide range of security issues including identity and access management (IAM), security policy, audit and compliance, trust, data protection and privacy will be considered. In addition to use case development, the group will provide guidance and best practices for addressing specific security concerns related to cloud.

In addition to the new Security working group, the CSCC's Practical Guide working group is actively working on a guidance document for Service Level Agreements (SLA) targeted at cloud consumers. The core team, consisting of more than a dozen member companies, will take a deeper dive into the critical elements of a SLA for cloud computing and will provide guidance on what to expect and what to be aware of in an SLA. The group plans to articulate a set of requirements from a consumer's perspective and identify elements that need to be addressed via open standards through CSCC’s SDO liaison partners.

"Today, customers complain regularly that SLA’s are just another form of vendor boilerplate, to the extent they exist at all, and that it is difficult if not impossible to get much modification. They also point out that they want the SLA because it will cause the provider to put some skin in the game, not because the penalties would solve their problems in the case of outages or other situations covered by the SLA. That doesn’t mean we don’t need SLA’s; we do. It's important we make it clear what is going on now versus what we would like to see/influence for the future and when we are hoping that future will occur." Amy Wohl, principal consultant of Wohl Associates and member of the Practical Guide working group.

The next virtual CSCC meeting will be held on February 15. The next face-to-face meeting will be held on March 19-20 in Reston, VA, featuring the “Public Sector Cloud Summit.” Agendas and registration information are available.

About the Cloud Standards Customer Council

The Cloud Standards Customer Council (CSCC) is an OMG® end user advocacy group dedicated to accelerating cloud’s successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud. The Council is not a standards organization, but will complement existing cloud standards efforts and establish a core set of client-driven requirements to ensure cloud users will have the same freedom of choice, flexibility, and openness they have with traditional IT environments. The Cloud Standards Customer Council is open to all end-user organizations. IBM, Kaavo, Rackspace and Software AG are Founding Sponsors.

Related Downloads

Enterprise Security Reporter 3.00

Enterprise Security Reporter automates the documentation of Windows security for compliance audits and security reviews, preventing data theft, protecting confidential records and meeting regulatory

Quest Authentication Services

Quest Authentication Services 4.0

Quest Authentication Services is patented technology that addresses the authentication needs of more than 1,000 enterprise customers with more than 5 million installed seats by extending the security and compliance of Active Directory to Unix, Linux...

MetaCompliance Enterprise Client 3.0

MetaCompliance Enterprise is a comprehensive solution that helps organizations simplify, achieve, and sustain IT security and compliance across the enterprise. MetaCompliance enables compliance and security managers to automate the creation and...

Hedgehog Sensor 4.1

Databases store an enterprise’s most sensitive information; data that is often subject to regulatory compliance requirements and also frequently targeted for breach by external hackers and malicious insiders. DBscanner streamlines the process...

MDG Technology for CORBA 1.0

MDG Technologies allow users to extend Enterprise Architect's modeling capabilities to specific domains and notations. MDG Technologies seamlessly plug into Enterprise Architect to provide additional toolboxes, UML profiles, patterns, templates...

ADAudit Plus

ADAudit Plus 4.1

ADAudit Plus is an enterprise-wide Active Directory change auditing software with reports and alerts that:
- Addresses the most-needed security, audit and compliance demands set forth by regulatory and government bodies, and
- Provides an...

NetWrix Group Policy Reporter SCOM Pack 1.017.0

Group Policy auditing is an essential process in providing enterprise security for all organizations relying on Group Policy infrastructure, because even small unwanted changes to security policies can impose major security and compliance risks for...

JBoss Developer Studio

JBoss Developer Studio 4.0

JBoss Developer Studio Portfolio Edition needs you with everything you need to develop, test and deploy rich web applications, enterprise applications and SOA services.
JBoss Developer Studio Portfolio Edition provides a certified open source...

MDG Technology for TOGAF 2.4

MDG Technology provides open standards modeling for TOGAF 9
Sparx Systems equips Enterprise Architect users with a model-based framework for implementing architectures using the TOGAF 9 Architecture Development Method. Tightly integrated with...

MDG Link for Eclipse

MDG Link for Eclipse 4.0

The Model Driven Generation (MDG) Link for Eclipse provides an integrated solution for users of the Professional and Corporate versions of Enterprise Architect and Eclipse. With a host of new features the MDG Link for Eclipse enhances user...