Simply Security - News, Views, and Opinions from Trend Micro

Posted on September 7th, 2012 in Cloud Security by Simply Security | Be the first to comment | Tags: Cloud Security

CSA officials are pushing for more explicit cloud privacy requirements.

The Cloud Security Alliance (CSA) is off to a fast start in September with ambitious initiatives taking place on several fronts. The industry association is taking aim at data security doubts that have inhibited cloud adoption in the past by proposing a new privacy framework to be embedded in service provider contracts. Meanwhile, the CSA has set up a separate working group to explore plausible protection strategies that will scale to meet the demands of big data.

Cloud security criteria

CSA officials presented plans for their new Privacy Level Agreement (PLA) Working Group before the European Parliament this week to further the progress made by national data protection regulators as it applies to the cloud. The collective seeks to establish baseline compliance levels as well as a common criteria by which third-party hosts can detail the extent of their privacy measures. As a result, service providers will have a clearer idea of what is expected of them and potential customers will know what to look for when vetting security practices.

"The goal of this working group is to create a structure for privacy disclosures that will provide both cloud providers and their customers with an objective and comparable way by which to communicate their personal data handling practices," CSA regional managing director Daniele Catteddu explained. "This is especially problematic in the European Union, which maintains the most stringent regulations on privacy as compared to the rest of the world."

Big data, bigger risks

While the EU will serve as the proving ground for the CSA's cloud privacy framework, it is addressing big data concerns on the global scale which they demand. Fujitsu, eBay and Verizon will all offer their insights in a new research initiative intended to address the unique security concerns amplified by the "velocity, volume and variety" of big data.

"Everyday, 2.5 quintillion bytes of data are being created, resulting in a myriad number of data security and cloud computing security concerns," Fujitsu Laboratories of America software systems director Sreeranga Rajan noted. "By collaborating as a global community of thought leaders and researchers, we are not only looking to help the industry overcome these challenges, but also leverage new opportunities for the monitoring and detection of security threats enabled by big data."

The primary areas of focus outlined by the CSA working group included progressing cryptography techniques to big data scale, assessing cloud infrastructure and putting big data analysis to work on security solutions. Researchers will begin with test data sets framed in the context of healthcare and ecommerce before expanding to additional verticals.

Cloud Computing News from SimplySecurity.com by Trend Micro