NewsInfrastructure

The Cloud Security Alliance (CSA) today announced to develop cloud security and privacy standards under ISO/IEC.

ISO/IEC is short for International Organization for Standardization/International Electrotechnical Commission. 

The CSA has established a Category C liaison relationship with ISO/IEC's Joint Technical Committee 1/Sub Committee 27 (JTC 1/SC 27). Category C liaisons are organizations which make an effective technical contribution and participate actively in the working groups (WG) under SC 27.

ISO/IEC JTC 1/SC 27 has started to develop of a series of standards that will address the security and privacy issues of cloud computing services. This development is being carried out in collaboration with various standardization partners including ITU-T and ISO/IEC JTC 1/SC 38 together with CSA. 

"This new cooperation with the CSA is expected to facilitate an important communication channel for the promotion of cloud computing security standards amongst the information security community," said Dr. Walter Fumy, chairman of Sub Committee 27.

The Cloud Security Alliance will initially collaborate on two projects with the SC 27:

"By working closely with ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now," said Dave Cullinane, board chairman, CSA.

Dr. Meng-Chow Kang, Convenor WG 4 under SC 27, stated, "The step towards standardization that CSA is taking is both strategic and critical. Strategic in that it could leverage standards to provide the required baselines to improve security and interoperability in cloud services. Critical in that this could help pave a way towards better security assurance of cloud services, a common concern of cloud users."

"The Security & Privacy Standards Technical Committee (SPSTC) under the Singapore IT Standards Committee (ITSC) recognizes the importance of having international standards in the area of cloud computing. In particular, there is a strong need to address the concerns of cloud security from both service provider and end-user perspectives," said Kin-Chong Chan, chairman of the SPSTC, ITSC Singapore.