Efforts to formalise security best practice for cloud computing have taken a step forward with the announcement that the Jericho Forum, and the Cloud Security Alliance, are to work together on the issue.
The Jericho Forum is a top level independent security expert group that pioneered the concept of de-perimiterisation – focusing on safeguarding data, rather than just the end points of the network.
The Cloud Security Alliance a not-for-profit group of information security and cloud computing security leaders.
“This is good news for the industry” said Adrian Seccombe, chief information security officer and senior enterprise information architect at pharmaceutical giant Eli Lilly and Jericho Forum board member.
“The Cloud represents a compelling opportunity to achieve more with less but at the same time presents considerable security challenges. For business to get the most out of it, this new development must be addressed responsibly and with eyes fully open.”
Jim Reavis, Co-founder of the Cloud Security Alliance (CSA) said, "The Cloud represents a fundamental shift in computing. Solving the new set of risk issues it introduces is a shared responsibility of cloud provider and customer alike," said Jim Reavis, Co-founder of the Cloud Security Alliance (CSA).
"The Jericho Forum has shown early leadership in articulating and addressing the de-perimeterisation concept. We are proud to join forces with them to provide pragmatic guidance for safely leveraging the cloud today as well as a clear vision for a future of pervasive and secure cloud computing."
After its pioneering work on de-preimiterisation, the Jericho Forum last year the group published a Collaboration Oriented Architectures framework presenting a set of design principles allowing businesses to protect themselves against the security challenges posed by increased collaboration and the business potential offered by Web 2.0.
The Cloud Security Alliance has also pioneered work on governance, law, network security, audit, application security, storage, cryptography, virtualisation and risk management.
Both groups recently published initial guidelines for cloud computing. The Jericho Forum published a Cloud Cube Model designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving in to the cloud.
At RSA in San Francisco, Cloud Security Alliance announced its formation and published an inaugural whitepaper, "Guidance for Critical Areas of Focus in Cloud Computing".