[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Certification and audit / Vendors
Hi guys To build on the last email thread, one key area I would highlight and suggest is audit and certification. I.e. If public Cloud providers can be verified to be 'GovCloud Level 3 Secure', meaning they are approved to host government data up to infosec classification level 3, then this would greatly empower government procurement process. It seems most governments have such a classification system, which while the terminology differs seem much the same, eg. I think the UK calls them IL levels 1-4, so the question is how might Cloud providers be Approved to this end? By who? How? etc. Hosting providers currently go through this type of assessment, such as SAS70, however this stops at the Cloud layer, only dealing with data-centre facilities mainly. So to start answering this I'd highlight: - Kantara Trust Framework: I've proposed the inclusion of the Kantara CloudIDsec group because Kantara provides one component part of this, that could be built on. They have recently been approved by the USA Govt in this regard for identity systems: http://tinyurl.com/888epe7 Given they are setting up an industry ecosystem for this audit and approvals mechanism, we could build on this for purposes of certifying Cloud providers to this overall end. - Vendors: One question I have is how might vendors be involved into this process? I mainly work in this area and while they obviously have a bias, a product to push, they also tend to pioneer capabilities that pave the way for standards. Here`s the main group I`m setting up just now: http://cloudbestpractices.net/board/ And one of these I`d highlight is Guardtime, because they have a technology that can guarantee Cloud environments haven`t been tampered with etc. see: http://www.guardtime.com/software/for-cloud/ Clearly this could play a pivotal role in achieving these Trusted Cloud Providers, so how might this help drive associated standards development? Regards, -- Neil McEvoy Founder and President Level 5 Consulting Group http://L5consulting.net
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]