Archive for December 2011

What You Need to Know About the Cloud Security Alliance

Monday, December 19th, 2011

There’s been a lot of talk recently around security within the cloud. Last month we wrote about cloud compliance, and what you need to know when moving your organization to the cloud. One topic we didn’t touch on was some of the standards agencies, which are tasked with setting standards and best practices for cloud computing. Chief amongst these agencies is the Cloud Security Alliance. Below, we discuss the alliance, what it does, what it’s done thus far and why you should care.

What is the Cloud Security Alliance (CSA)?
The CSA is an open alliance within the private sector aimed at establishing new IT controls and best practices for cloud computing. It is a not-for-profit organization led by corporations like eBay, security groups including PGP and RSA, financial associations including AMEX and Citibank and industry leaders and designed to provide education on the uses of cloud computing.

How and why was it formed?
After discussing the need for secure cloud computing at the 2008 ISSA CISO Forum, key industry leaders formed the CSA in December 2008. Their goals were to promote the use of best practices for providing security assurance within cloud computing and to create a common body of knowledge that is well-understood and documented.

What has it done so far?
The CSA has focused on detailing the critical areas of cloud computing, such as the development and maintenance of cloud computing services as an open alliance between cloud providers, cloud consumers, and financial groups (including organizations such as the ISSA from security, ISACA for the audit community, and for members such as eBay, AMEX, and Citibank). As a result of industry leaders and scores of volunteers researching, authoring, editing, and reviewing information, they published their first white paper in 2009. Since its inception, the CSA has served as an important resource in helping consumers understand what they should expect from their cloud providers.

Certification Program
The CSA has developed the Certificate of Cloud Knowledge (CCSK), a certification program designed to guide companies through the process of understanding how cloud computing actually works, and what the security features are. Via intense training courses offered all over the world, the certification program allows security, IT and other professionals to demonstrate thorough cloud security knowledge based on the CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing

Why do we care?
Designed to provide a consistent way of developing cloud security competency, the CCSK is positioned to become the industry certification standard as more and more companies adopt it as a means for following cloud security best practices. As we touched upon in our previous blog post, security is the No. 1 stumbling block in moving to the cloud because enterprises may be hesitant to trust third parties with sensitive data. With a CSA certification that offers comprehensive guidelines and security best practices, professionals can present customers with an official document that verifies their expertise in cloud security, allowing more businesses to move into the cloud with confidence. Ultimately, a CCSK certification can help build trust between IT professionals and their customers.

At EVault, we understand the apprehensions customers face in switching to cloud computing. Security is often cited as the main concern and CCSK can help provide a comprehensive understanding of cloud security issues and a foundation of knowledge in best practices. Professionals who go through CCSK training make a smart decision – increased knowledge of best practices will lead to more confidence in moving to the cloud and more trust and communication in relationships with their service providers.

Where can I get more information on the CSA and its certification program?
More information can be found on their website, and their forums are an excellent resource for getting questions answered and obtaining detailed information from experts. Authored by CSA founding members, the book Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance is a great print resource for those considering adopting cloud computing and seeking to learn more about the cloud.

Share

Tags: , ,
Posted in Cloud Connected | No Comments »

Datanational Partners with EVault and Becomes Cloud-Connected Service Provider Partner

Friday, December 9th, 2011

Anyone familiar with the backup and recovery industry is well aware that tape-based backups are a thing of the past, being rapidly replaced by disk and cloud solutions. Datanational Corporation, a Michigan-based provider of enterprise software solutions, has seen first-hand the benefits that cloud and disk backup solutions provide customers. Recently, Datanational announced a partnership with i365 and will now resell EVault services to its customers as a part of its managed services practice.

Datanational first saw the benefits of a secure and efficient cloud-based solution while utilizing EVault with its IBM System i clients. Through the new EVault Cloud-Connected Service Provider (CCSP)  partnership, Datanational is now able to deliver a more efficient backup solution and much higher quality of service to its managed service clients. Additionally, using EVault’s disaster recovery solutions, Datanational can now provide an upgraded level of service to its DR clients.  These clients can now eliminate their daily tape backups and spend their time on more productive business support system activities.

The partnership also anoints Datanational as an EVault Cloud-Connected Service Provider (CCSP). As part of the EVault CCSP program, Datanational receives a solid package of EVault’s best practices and technology to help expand their offerings and build a profitable cloud-connected service.

To read more about i365’s EVault partnership with Datanational, please click here.

Share

Tags: , , , , , , ,
Posted in Cloud Connected | No Comments »