The Jericho
Forum, a security think tank founded by IT security
professionals, has joined forces with the
Cloud Security
Alliance (CSA) to push for technology and standards to allow
businesses to collaborate securely in the cloud.
The groups aim to present a united front to suppliers, to
persuade them to develop the technology businesses need to exchange
information securely.
"We want the vendors to go out and deliver what the industry
needs. It is very important we speak using the same language and
the same concepts, so suppliers do not hear mixed messages," said
Paul Simmonds, a founding member of Jericho and information
security director.
Despite the proliferation of suppliers pushing cloud computing
technology, Jericho believes that businesses have only scratched
the surface of cloud computing.
The technology to allow businesses to collaborate securely in
the cloud is still a long way off, said Simmonds. "No one has got
there yet. The security models, standards and protocols do not
exist. There is currently no way to extend your security systems
into the cloud," he said.
Jim Reavis, co-founder of the CSA, said it could be three or
four years before the majority of cloud computing suppliers develop
the security businesses need.
"The problem is that cloud providers are moving very rapidly in
different directions. Jericho Forum and ourselves, within a year,
are going to very well aligned. However, we are going to continue
to play catch-up with the large cloud providers and thousands of
cloud start-ups. They are not going to necessarily build in what we
need. It will be a multiple-year project before we have the
baseline security we need," he said.
Both groups have published guidelines on cloud computing. The
Jericho Forum issued its
Cloud Cube Model, which helps organisations assess cloud
computing services from different suppliers earlier this year. The
CSA published a paper
at the RSA
security conference in April..
The CSA plans to revise its guidelines by the autumn to bring it
more closely into line with Jericho's long-term vision. The new
guidelines will include more advice on data privacy, said
Reavis
"The CSA is very much about here and now, and Jericho is more
blue sky and conceptual. The cloud is really a good place to
collaborate. We do not compete. We dovetail in," said Simmonds.
Adrian Seccombe, chief information security officer and senior
enterprise information architect at Eli Lilly and Jericho board
member, said the alliance would aim to dispel some of the hype and
confusion stirred up by the cloud.
"The cloud represents a compelling opportunity to achieve more
with less, but at the same time presents considerable security
challenges. For businesses to get the most out of it, this new
development must be addressed responsibly and with eyes fully
open," he said.
The CSA was founded in December 2008. Its members include large
suppliers and IT users.
The Jericho Forum represents companies including AstaZeneca, BP,
KLP, IBM and Symantec.