The Cloud: A white paper with guidance on security of cloud computing applications

[Cloud Security Alliance] The information security industry is taking on the task of providing guidance to enable secure Cloud Computing with today's formal launch of the Cloud Security Alliance. The Cloud Security Alliance's inaugural whitepaper, "Security Guidance for Critical Areas of Focus in Cloud Computing", is now available on the Cloud Security Alliance website, and a presentation of the findings will be made at the RSA conference today at 2:45pm at Orange Room 312 in the Moscone Center.

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The founding thought leaders behind the formation of the Cloud Security Alliance are leading security practitioners from a range of private and public organizations and leading security companies PGP Corporation, Qualys, Inc. and Zscaler, Inc.

"Aggressive adoption of cloud computing is clearly underway. The convergence of inexpensive computing, pervasive mobility and virtualization technologies has created a platform for more agile and cost effective business applications and IT infrastructure," said Jerry Archer, Chief Information Security Officer at Intuit, Inc. and part of the CISO leadership at the Cloud Security Alliance, "The cloud is forcing thoughtful adaptation of certain security controls, while creating an even greater demand for best practices in security program governance."

The whitepaper being presented at RSA, "Security Guidance for Critical Areas of Focus in Cloud Computing", outlines key issues and provides advice for both Cloud Computing customers and providers within 15 strategic domains. According to Alliance co-founders Nils Puhlmann and Jim Reavis, the several months of collaboration was worth the effort, "We would like to thank the many contributors to this initial effort. The great diversity of services offered via cloud computing requires careful analysis to understand the risks and mitigation appropriate in each case. At the same time, we see enormous potential for the cloud model to eventually simplify many difficult security problems. This initial deliverable is just the beginning of our efforts, and we would like to extend an open invitation to industry experts to help us create additional best practices for practitioners and the industry."

Cloud Security Alliance identifies key practices for secure adoption of Cloud Computing