In a statement, they said they managed to “extract critical data such as passwords, encryption keys and certificates” virtual machines studied. For Professor Admad-Reza Sadeghi, who headed the Cased research group, it’s clear: “the problem is the lack of customer awareness and not Amazon Web Services.” Affected customers have been informed identified vulnerabilities.
The Cloud Security Alliance (CSA) and ISO have decided to join forces in the field of security in the naild. By creating a joint liaison committee between the two organizations, the CSA intends to actively contribute to the development of good practices and tools for measuring cloud security. In the end, to affix them the very precious seal of the ISO – Guaranteed reassuring effect with SMEs. As a relief, the cloud may well be on the brink of winning its trust contract.
This is the sentiment that comes with the announcement of a rapprochement between the Cloud Security Alliance, an association of industrial activists for the safety of the Cloud through good practices – officially inaugurated in 2009 at the RSA Conference – and the very serious ISO international standardization organization. The key: the definition of standards and best practices around cloud security as well as personal data, but also (especially) control indicators that will facilitate the measurement of the level of cloud security.
As part of this alliance, formalized on April 20, CSA has established a Category C Liaison Committee with the ISO Technical Joint Committee (referenced 1 / SC 27) which deals with the question ‘Information technology cloud security techniques’. CSA will play a key role in this technical committee by getting involved in development through contributions and sitting on working groups. Especially by getting closer to the ISO, CSA shows companies that its good practices are built to last and that they can then take ownership of them.
Presented as the # 1 blocking point in cloud adoption, data cloud security and data preservation in the cloud has been a big disappointment in recent weeks. Emphasizing somewhat the risks around the cloud. Amazon, for example, whose very large infrastructure failure, has immobilized many sites in the United States. But also the case of Sony and the double piracy of its online consumer games (PlayStation Network and Sony Online Entertainment), which resulted in the theft of credit card numbers of several million users.
In this context where cloud security and private data are being undermined, seeing the ISO focus on the issue has a “softening” effect for companies. This is the opinion of Eric Fradet, Director of Industrialization at Steria, for whom this merger should help to reassure. “The mission of the CSA stopped at the level of the best practices. If this is enough for us – we are constantly looking for certification and good practices to bring back customers – customers want more tangible items. The ISO should reassure them a bit more “.
As a first step, this alliance could therefore play for SMEs, he continues. Because “if large accounts have the resources to understand the cloud security of the cloud, SMEs, who are the natural user of the cloud, still need turnkey solutions that meet their immediate need,” he says. The famous ISO seal is a key to the cloud gate.
Moreover, Eric Fradet intends to promote this alliance with customers of the SSII. This idea of cloud security etiquette was also mentioned by Eurocloud in its 17 recommendations addressed to the government last March. Without indicating any standardization, the association in charge of the promotion of cloud computing in France (former ASP Forum) had recommended the creation of a security label for the Cloud (and especially the Saas) which would classify the offerers and solutions. He had also slipped a blacklisted concept that would list service providers, who had already been convicted – but whose scope would be limited to the borders of that provider’s house.