Jericho Forum and CSA push for cloud security

The Jericho Forum, a security think tank founded by IT security professionals, has joined forces with the...

The Jericho Forum, a security think tank founded by IT security professionals, has joined forces with the Cloud Security Alliance (CSA) to push for technology and standards to allow businesses to collaborate securely in the cloud.

The groups aim to present a united front to suppliers, to persuade them to develop the technology businesses need to exchange information securely.

"We want the vendors to go out and deliver what the industry needs. It is very important we speak using the same language and the same concepts, so suppliers do not hear mixed messages," said Paul Simmonds, a founding member of Jericho and information security director.

Despite the proliferation of suppliers pushing cloud computing technology, Jericho believes that businesses have only scratched the surface of cloud computing.

The technology to allow businesses to collaborate securely in the cloud is still a long way off, said Simmonds. "No one has got there yet. The security models, standards and protocols do not exist. There is currently no way to extend your security systems into the cloud," he said.

Jim Reavis, co-founder of the CSA, said it could be three or four years before the majority of cloud computing suppliers develop the security businesses need.

"The problem is that cloud providers are moving very rapidly in different directions. Jericho Forum and ourselves, within a year, are going to very well aligned. However, we are going to continue to play catch-up with the large cloud providers and thousands of cloud start-ups. They are not going to necessarily build in what we need. It will be a multiple-year project before we have the baseline security we need," he said.

Both groups have published guidelines on cloud computing. The Jericho Forum issued its Cloud Cube Model, which helps organisations assess cloud computing services from different suppliers earlier this year. The CSA published a paper at the RSA security conference in April..

The CSA plans to revise its guidelines by the autumn to bring it more closely into line with Jericho's long-term vision. The new guidelines will include more advice on data privacy, said Reavis

"The CSA is very much about here and now, and Jericho is more blue sky and conceptual. The cloud is really a good place to collaborate. We do not compete. We dovetail in," said Simmonds.

Adrian Seccombe, chief information security officer and senior enterprise information architect at Eli Lilly and Jericho board member, said the alliance would aim to dispel some of the hype and confusion stirred up by the cloud.

"The cloud represents a compelling opportunity to achieve more with less, but at the same time presents considerable security challenges. For businesses to get the most out of it, this new development must be addressed responsibly and with eyes fully open," he said.

The CSA was founded in December 2008. Its members include large suppliers and IT users.

The Jericho Forum represents companies including AstaZeneca, BP, KLP, IBM and Symantec.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.