Click here to close now.

Welcome!

Cloud Expo Authors: Ian Khan, Carmen Gonzalez, Bernard Golden, Elizabeth White, Lori MacVittie

Related Topics: Cloud Expo, Microservices Journal, Virtualization, Security

Cloud Expo: Blog Feed Post

The STAR of Cloud Security

CSA STAR (Security, Trust and Assurance Registry) is open to all cloud providers whether they offer SaaS, PaaS or IaaS

The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, recently announced that they are launching (Q4 of 2011) a publicly accessible registry that will document the security controls provided by various cloud computing offerings.  The idea is to encourage transparency of security practices within cloud providers and help users evaluate and determine the security of their current cloud provider or a provider they are considering.  The service will be free.

CSA STAR (Security, Trust and Assurance Registry) is open to all cloud providers whether they offer SaaS, PaaS or IaaS and allows them to submit self assessment reports that document compliance in relation to the CSA published best practices.  The CSA says that the searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher-quality procurement experiences.  There are two different types of reports that the cloud provider can submit to to indicate their compliance with CSA best practices.  The Consensus Assessments Initiative Questionnaire (CAIQ), a 140 question document which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings and the Cloud Control Matrix (CCM) which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in areas like ISACA COBIT, PCI, and NIST.

Providers who chose to take part and submit the documents are on the ‘honor system’ since this is a self assessment and users will need to trust that the information is accurate.  CSA is encouraging providers to participate and says, in doing so, they will address some of the most urgent and important security questions buyers are asking, and can dramatically speed up the purchasing process for their services. In addition to self-assessments, CSA will provide a list of providers who have integrated CAIQ and CCM and other components from CSA’s Governance, Risk Management and Compliance (GRC) stack into their compliance management tools.

This should help with those who are still a bit hesitant about Cloud services.  The percentage of those claiming ‘security issues’ as a deterrent for cloud deployments has steadily dropped over the last year.  Last year around this time on any given survey, anywhere from 42% to 73% of those respondents said cloud technology does not provide adequate security safeguards and that that security concerns have prevented their adoption of cloud computing.  In a recent cloud computing study from TheInfoPro, only 13% cited security worries as a cloud roadblock, after up-front costs at 15%.  Big difference than a year ago.  In this most recent survey, they found that ‘fear of change’ to be the biggest hurdle for cloud adoption.  Ahhhh, change.  One of the things most difficult for humans.  Change is constant yet the basics are still the same – education, preparation, and anticipation of what cloud is about and what it can offer is a necessity for success.

ps

References:

Technorati Tags: F5, CSA, integration, cloud computing, Pete Silva, security, business, education, technology, application delivery, cloud, context-aware, infrastructure 2.0, web, internet

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


Read the original blog entry...

More Stories By Peter Silva

Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product evangelism for F5’s security line. He's also produced over 200 F5 videos and recorded over 50 audio whitepapers. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.

@CloudExpo Stories
SYS-CON Events announced today the DevOps Foundation Certification Course, being held June ?, 2015, in conjunction with DevOps Summit and 16th Cloud Expo at the Javits Center in New York City, NY. This sixteen (16) hour course provides an introduction to DevOps – the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will res...
As cloud gives an opportunity to businesses to buy services externally – how is cloud impacting your customers? In his General Session at 15th Cloud Expo, Fabio Gori, Director of Worldwide Cloud Marketing at Cisco, provided answers to big questions: Do you see hybrid cloud as where the world is going? What benefits does it bring? And how does Cisco connect all of these clouds? He also discussed Intercloud and Cisco’s investment on it.
SYS-CON Events announced today that B2Cloud, a provider of enterprise resource planning software, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. B2cloud develops the software you need. They have the ideal tools to help you work with your clients. B2Cloud’s main solutions include AGIS – ERP, CLOHC, AGIS – Invoice, and IZUM
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch ...
A new definition of Big Data & the practical applications of the defined components & associated technical architecture models This presentation introduces a new definition of Big Data, along with the practical applications of the defined components and associated technical architecture models. In his session at Big Data Expo, Tony Shan will start with looking into the concept of Big Data and tracing back the first definition by Doug Laney, and then he will dive deep into the description of 3V...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immed...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, a...
There are 182 billion emails sent every day, generating a lot of data about how recipients and ISPs respond. Many marketers take a more-is-better approach to stats, preferring to have the ability to slice and dice their email lists based numerous arbitrary stats. However, fundamentally what really matters is whether or not sending an email to a particular recipient will generate value. Data Scientists can design high-level insights such as engagement prediction models and content clusters that a...
Database apps on mobile devices shouldn't stop working when there's limited or no network connectivity. In his session at 16th Cloud Expo, Bradley Holt, a Developer Advocate for IBM Cloudant, will discuss how to bring data stored in a cloud database to the edge of the network (and back again), whenever an Internet connection is available. He will demonstrate techniques for replicating cloud databases with mobile devices in order to build offline-enabled mobile apps that can provide a better,...
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover ...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
This talk focuses on the application of DevOps fundamentals to include network infrastructure. It draws from real deployment case studies on the extension of today's paradigms to address the challenges of the network infrastructures' ability to seamlessly and cohesively integrate into agile workflows. In this session at DevOps Summit, Arista Networks will focus on configuration management using automation with a nod to future work necessary to include telemetry and ephemeral state information....
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization's assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? In...
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Data Storage Corporation (DSC), Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of ...
Between the compelling mockups and specs produced by your analysts and designers, and the resulting application built by your developers, there is a gulf where projects fail, costs spiral out of control, and applications fall short of requirements. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a new approach where business and development users collaborate – each using tools appropriate to their goals and expertise – to build mo...
To manage complex web services with lots of calls to the cloud, many businesses have invested in Application Performance Management (APM) and Network Performance Management (NPM) tools. Together APM and NPM tools are essential aids in improving a business's infrastructure required to support an effective web experience... but they are missing a critical component - Internet visibility. Internet connectivity has always played a role in customer access to web presence, but in the past few years u...