To help businesses and consumers become more comfortable storing information in the cloud, the Cloud Security Alliance recently announced a partnership with the International Organization for Standardization to establish cloud security and privacy standards.
Announced at the CSA Summit at Infosecurity Europe in London last week, the CSA said it will have a “key role in the development of cloud security and privacy standards under” the ISO and International Electrotechnical Commission, and will work on two projects with the Joint Technical Committee 1’s subcommittee 27.
One project will work to reinforce work already done on the Code of Practice for Information Security Management, or ISMS. The CSA stated that it will look to provide information security guidelines for cloud services based on the ISMS. The other project will involve information security for supplier relationships.
“By working closely with ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now,” said Dave Cullinane, CSA chairman of the board.
Even as more experts agree that the cloud can provide more security than many on-premise IT solutions, the lack of standards is still seen by many as a barrier for cloud computing adoption. However, the CSA isn’t the only organization looking to establish standards for the cloud.
For example, the Institute of Electrical and Electronics Engineers recently announced the establishment of two working groups tasked with developing cloud standards. One group, the IEEE P2301, will support the development of standards already in progress. Meanwhile, the other group, IEEE P2302, will address standards as they refer to governance, functionality, protocols and other aspects of the cloud.