Recognised as the fastest-growing segment of cloud security, the cloud access security broker (CASB) space is still an emerging one where standards have yet to coalesce. To fill this gap, CipherCloud, the leader in cloud visibility and data protection, and the Cloud Security Alliance (CSA) are forming a Cloud Security Open API Working Group to jointly define protocols and best practices for implementing cloud data security as a part of the CASB framework. Deloitte, InfoSys, Intel Security, SAP and other technology leaders will also contribute.
The Cloud Security Open API Working Group will provide guidance on vendor-neutral data-security implementation to help accelerate cloud services adoption. Collaboration on these guidelines will also further accelerate security integrations across multiple clouds and with third-party technologies. This initiative will enable enterprises to leverage standards-based APIs to protect data via encryption, tokenisation and other technologies across cloud environments, helping eliminate the need for custom integration for each cloud. The working group plans to produce API specifications and a reference architecture to guide cloud data protection.
“Standards are an important frontier for the cloud security ecosystem,” said Jim Reavis, CEO of CSA. “The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment – a win for vendors, partners and users. Standardising APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications.”
“Cloud is the killer app for security innovation,” said Pravin Kothari, founder and CEO of CipherCloud. “But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security. Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in CASB, we are excited to co-lead this initiative with CSA to accelerate security across clouds.”
“Enterprises and governments are struggling with the challenge of how to manage their cyber risks as they move data and compute to the cloud,” said Jeff Margolies, principal, Deloitte & Touche LLP. “Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure. By bringing together vendor, channel and customer constituents, this working group plans to provide clarity on leading practices for integration, critical to continued cloud adoption.”
“We believe that customers will be the ultimate beneficiaries of these standards,” said Nayaki Nayyar, senior vice president, Cloud for Customer Engagement, SAP. “A clear set of cloud security standards and best practices will help enable organisations to reap the benefits of the cloud in less time with added assurance that their data is secure.”
“With enterprises scaling their use of hybrid cloud solutions to drive their business, the role of interoperable cloud security based on standard APIs is critical,” said Curt Aubley, vice president and Data Center Group CTO at Intel. “Intel is committed to working with the industry to develop the foundation for interoperable cloud security and applauds CSA’s continued leadership within this arena.”
Working group activities will formally commence in early July upon completion of the CSA corporate member subject matter expert review. Participation is open to all qualified experts. Please contact research@cloudsecurityalliance.org to be added to the Open API WG announcement list.
About CipherCloud
CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud’s open platform provides comprehensive cloud application discovery and risk assessment, data protection – searchable strong encryption, tokenization, data loss prevention, key management and malware detection – and extensive user activity and anomaly monitoring services.
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.