cloud standards

Alibaba Cloud Becomes the First Cloud Computing Company to Obtain C5 Attestation with Additional Requirements

Grazed from Alibaba Cloud

Alibaba Cloud, the cloud computing arm of the Alibaba Group, announced today that it had completed its assessment for the Cloud Computing Compliance Controls Catalogue (C5) set out by the Federal Office for Information Security in Germany, also known as Bundesamt für Sicherheit in der Informationstechnik (BSI). Alibaba Cloud is the world's first cloud provider to achieve this attestation with the additional requirements. The attestation covers Elastic Compute Service ("ECS"), Relational Database Service ("RDS"), Object Storage Service ("OSS"), Content Delivery Network ("CDN"), Server Load Balancer ("SLB"), Virtual Private Cloud ("VPC") and Alibaba Cloud Security available on Alibaba Cloud's regions in Singapore and Germany.

Alibaba Cloud's commitment to applying the highest levels of compliance in controls and security is shown by meeting the C5 standard that serves not only as a benchmark for the German market, but also increasingly as a benchmark for institutions across Europe. With the attestation, customers in German states can leverage the work performed under this BSI audit to comply with stringent local requirements and operate secure workloads using Alibaba Cloud services.

C5 is intended primarily for professional cloud service providers, their auditors and customers of the cloud service providers. It has 17 distinct control requirements that the cloud providers either have to comply with or meet defined minimum standards. It is a required assessment for working with the public sector in Germany and is being increasingly adopted by the private sector. The philosophy behind C5 is to unify the currently fragmented certification of cloud provisions that are measured against no agreed standards and possess no coherent oversight.

Cloud Standards Customer Council Announces Version 3.0 of Practical Guide to Cloud Computing

Grazed from The Cloud Standards Customer Council

The Cloud Standards Customer Council (CSCC), an end user advocacy group dedicated to accelerating cloud's successful adoption, today published version 3.0 of its seminal deliverable, the Practical Guide to Cloud Computing. The Practical Guide to Cloud Computing was the first deliverable published by the CSCC in 2011. It is aimed at helping technology and business leaders adopt cloud computing to solve business challenges. Version 3.0 of the guide is available for download at http://www.cloud-council.org/deliverables/practical-guide-to-cloud-computing.htm.

More than two dozen CSCC members contributed their expertise, best practices, and lessons learned to write this guide and successive version updates. "There's been so many exciting new offerings and capabilities in the cloud computing industry in the past several years and the team has been hard at work to incorporate their insights and expertise in the latest update of this foundational guide," said William Van Order, Lockheed Martin fellow and lead on the CSCC Steering Committee.

Cloud Standards Customer Council Publishes Cloud Customer Architecture for Hybrid Integration

Grazed from Cloud Standards Customer Council (CSCC)

The Cloud Standards Customer Council (CSCC) has published a new reference architecture to assist enterprise IT professionals with the integration requirements of hybrid cloud computing. IT environments are now fundamentally hybrid in nature - devices, systems, and people are spread across the globe, and at the same time virtualized. Achieving integration across this ever-changing environment, and doing so at the pace of modern digital initiatives, is a significant challenge. This deliverable explains the core reference architecture and concepts for hybrid integration in the enterprise. It is available for download at: http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-hybrid-integration.htm.

ODVA to Develop Standards for a Common Industrial Cloud Interface

Grazed from ARC. Author: Craig Resnick.

In its media briefing held at the Hannover Messe, ODVA announced a significant new area of technical work to develop standards for the gateway and interface technology needed to transport data between the cloud and CIP-enabled industrial control systems (ICS) populated with EtherNet/IP and DeviceNet devices. Ultimately, this work will result in The Common Industrial Cloud Interface Specification, a major new addition to ODVA's technology portfolio.

ODVA's scope of work for developing the Common Industrial Cloud Interface will encompass two elements in the ecosystem for the industrial cloud: a cloud gateway appliance (Gateway) and an application program interface (API) for the transport of data from the Gateway to the cloud and from the cloud back to the ICS and its devices. Based on open and interoperable standards supported by multiple vendors, ODVA's new Common Industrial Cloud Interface will help accelerate an architectural transformation inclusive of cloud computing to support device management, process analytics, notifications, remote access, virtualization, visualization and, in the future, control...

Microsoft adopts international standard for cloud privacy

Grazed from PCWorld. Author: John Ribeiro.

Microsoft has adopted a new standard for cloud privacy that commits the company to protect the privacy of customers' data, not to use it for advertisement purposes, and to inform the customer of legal requests for personal data. The company said Monday it was adopting the ISO/IEC 27018, published last year by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which outlines a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a processor of personally identifiable information.

Microsoft said the British Standards Institute had verified that both Office 365 and Dynamics CRM Online, in addition to Microsoft Azure, are in line with the standard's code for the protection of personal data in the public cloud. Microsoft Intune was similarly certified by testing company Bureau Veritas...

Canada Moves Closer to Private Cloud Computing Standard

Grazed from MSPAlliance.  Author: Editorial Staff.

In a move I have predicted long ago, Canada is one of many countries making moves to establish cloud computing guidelines to protect end-user data. While some countries are making very superficial steps, Canada is actually following the path of Germany, Brazil, and other nations, by wanting to establish transparency guidelines to know precisely where Canadian cloud data resides and who is accessing that data.

Oh, Cloud Canada!

The proposed guidelines seem to deal only with cloud computing as it relates to Canadian government projects involving the cloud. However, if the government adopts such a framework, it could be likely that private industry within Canada could also adopt such a stance, at least regarding certain types of data...

DISA releases new security guide for cloud computing

Grazed from DefenseSystems. Author: Kevin McCaney.

The Defense Information Systems Agency has released its new security requirements guide for cloud computing, which is intended to make it easier—and quicker—for Defense Department agencies to procure commercial cloud services while still ensuring security. The new SRG puts out to pasture the Cloud Security Model, under which only a handful of vendors had received authorization, and more closely follows the Federal Risk and Authorization Management Program used by civilian federal agencies—although it does set additional requirements in areas where extra security is needed. In many cases, cloud providers will seek to comply with the SRG in coordination with their FedRAMP reauthorization.

"The SRG is designed to ensure that DOD can attain the full economic and technical advantages of using the commercial cloud without putting the department’s data and missions at risk," Mark Orndorff, DISA Risk Management Executive, said in a statement. The new guide sets the security requirements for information up to the Secret classification, sets standards for what systems or information can be handled in a virtual environment and what data should be physically separated, and tweaks the impact levels identified under the old Cloud Security Model...

Top three emerging cloud standards

Grazed from TechTarget. Author: Tom Noelle.

Information Technology's great advances -- mainframes, minicomputers, personal computers and even virtualization -- all developed without significant support of standards. Yet standard APIs, operating systems and middleware seem essential today. Networking followed a similar path, with ad hoc TCP/IP defeating formal international standards like OSI, only to be challenged by software-defined and standards-based networking.

The cloud is the fusion of IT and networking, and it's fair to ask what role standards will play in its evolution. The scope of cloud standards and the variety of cloud models, however, complicate the topic. The National Institute of Standards and Technology has published an excellent summary of cloud standards that are particularly applicable for the government sector but also valuable to enterprises...

Cloud Computing: Will European Union SLA Standards Go Global?

Grazed from TalkinCloud. Author: Chris Talbot.

Although it's a European Union change, the service level agreement (SLA) standardization issued last month by the European Commission's Cloud Select Industry Group - Subgroup on Service Level Agreement (C-SIG-SLA ... 'cause that's a catchy name) could become a global standard. Even if it doesn't, American cloud providers (among others) will very soon feel its effects, according to an article written by Kenneth N. Rashbaum Esq. and Jason M. Tenenbaum of Barton LLP.

The two lawyers indicated in their article that with the Edward Snowden disclosures of last year, there has been an increasing focus around the world on government and technology company transparency. Those pushing ahead the quickest are in Europe, as the Union has been amongst the strongest advocates for change. And the new SLA standardization for cloud services providers it released on June 6 are its first big step in creating that transparency...

Feds Pursue Cloud Forensics Standards

Grazed from InformationWeek. Author: William Welsh.

NIST identifies 65 challenges that forensic investigators face in gathering and analyzing digital information stored in the cloud, seeks help developing standards to aid law enforcement. The National Institute of Standards and Technology has released a draft report for public comment that sets forth the daunting challenges forensic examiners face in tracking down and using digital information stored in the cloud.

The draft report, "NIST Cloud Computing Forensic Science Challenges," sets forth 65 challenges of cloud forensics divided into nine categories that a working group drawn from the government, private sector and academia has identified in the course of its examination of the challenge...