Security Certifications and Promoting Cloud Computing

September 13th, 2010

There is an abundance of certifications in the IT industry covering application development, project management, security, and vendor tool specific.  An interesting spin to all of this is a security framework tied specifically to cloud computing.

The Cloud Security Alliance (CSA) published the second edition of its guidelines for secure cloud computing, delivering a document that sets out an architectural framework and makes a host of recommendations around cloud security.

NIST created a notional definition of Cloud Computing in October 2009 and CSA has provided a more elaborate definition on cloud computing, which has been the subject of much hype in recent years.  According to the CSA, cloud computing environments feature on-demand, self-service consumption; allow broad access via networks; draw from a pool of shared computing resources; can be quickly scaled up or down depending on demand; and involve some type of metering to track usage.

The CSA’s report tackles cloud security on 13 different domains, from governance issues like e-discovery, compliance and audits to operational concerns such as disaster recovery, application security and identity management.

Domain                        Title

  1.                  Clouding Computing Architecture Framework
  2.                  Governance and enterprise Risk Management
  3.                  Legal and Electronic Discovery
  4.                  Compliance and Audit
  5.                  Information Lifecycle Management
  6.                  Portability and Interoperability
  7.                  Traditional Security, Business Continuity, and Disaster Recovery
  8.                  Data Center Operations
  9.                  Incident Response, Notification, and Remediation
  10.                 Application Security
  11.                 Encryption and Key Management
  12.                 Identity and Access Management
  13.                 Virtualization

This new security certification is called the Certificate of Cloud Security Knowledge, the designation is earned by studying “Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1” and “Cloud Computing: Benefits, Risks and Recommendations for Information Security” and passing an on-line test.

Let Daniel L. Ruggles  and the team at PM Kinetics, LLC help you navigate the complexities of IT Governance, Cloud Computing, Sourcing & Capital Planning, Vendor Management, IT Security, and Infrastructure planning & execution.  For more information on our technical consultancy services, contact or call PM Kinetics today at (678) 528-7399.