Cloud consortium appeals for help
New Common Assurance Metric initiative aims to help users put their trust in the security of cloud providers
Weighing the benefits: CAM compares cloud providers
Common Assurance Metric (CAM), a global initiative aimed at verifying the quality of security offered by cloud providers, is on the hunt for collaborators.
The newly launched consortium has tasked itself with establishing a system to help end users make “objective comparisons” between cloud providers based on the level of security they offer.
Already, 25 organisations have signed up for the project, including Google, Amazon and Microsoft, and the existing members are keen to attract more.
Brian Honan, principal consultant at CAM member BH Consulting, said the invitation is open to any firm that wants to show how seriously it takes cloud security.
“It is a collaborative effort between stakeholders with no one firm taking the lead,” explained Honan.
“The fact we already have some recognised players on board is a good indicator of how serious the industry is about cloud security.”
The group hopes to have a framework in place for this classification system by the end of the year, said Honan, with members taking an active role in driving its adoption among third-party and internal cloud providers.
He said: “We hope members will set an example by implementing the system to make people aware that it exists and that, in turn, will encourage other organisations to take it on.”
Andy Burton, chairman of the Cloud Industry Forum (CIF), said he supports what the consortium is trying to achieve, but has reservations.
“We would want assurances that what they are trying to achieve would be certifiable, vendor agnostic and supported by a proper corporate governance model,” he said.
Val Bercovici, new chairman of the Storage Networking Industry Association’s (SNIA) Cloud Storage Initiative, said legal issues could also put people off.
Bercovici explained: “It needs to be clearly established where responsibility will fall should a [high-rating] cloud provider fail to provide the level of service this system says it does.”
Bob Tarzey, service director at market watcher Quocirca, said the project should
help to reassure more nervous adopters of cloud-based services.
He added: “They have said upfront that these assurances will also be applicable to internally hosted systems, which underlines the point that the security issues are less to do with cloud computing per se, but more to do with opening up any
computing resource to remote users.”