Story image

CipherCloud heads up cloud security open working group

30 Jun 15

The cloud access security broker space is still emerging, with standards yet to be fully defined. However, this space is recognised as the fastest-growing segment of cloud security.

In order to define protocols and best practices for implementing cloud data security as a part of the CASB framework, CipherCloud and the Cloud Security Alliance (CSA) are forming a Cloud Security Open API Working Group.

Deloitte, InfoSys, Intel Security, SAP and other companies will also contribute.

The Cloud Security Open API Working Group will provide guidance on vendor-neutral data-security implementation to help accelerate cloud services adoption.

The working group also plans to produce API specifications and a reference architecture to guide cloud data protection.

Collaboration on these guidelines will also further accelerate security integrations across multiple clouds and with third-party technologies.

The initiative will enable enterprises to leverage standards-based APIs to protect data via encryption, tokenization and other technologies across cloud environments, helping eliminate the need for custom integration for each cloud.

"Standards are an important frontier for the cloud security ecosystem," says Jim Reavis, CSA CEO.

"The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment - a win for vendors, partners and users.

“Standardising APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications," Reavis says.

"Cloud is the killer app for security innovation. But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security," says Pravin Kothari, CipherCloud founder and CEO.

“Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in CASB, we are excited to co-lead this initiative with CSA to accelerate security across clouds," he says.

Jeff Margolies, Deloitte & Touche LLP principal, says, "Enterprises and governments are struggling with the challenge of how to manage their cyber risks as they move data and compute to the cloud.  

"Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure. 

“By bringing together vendor, channel and customer constituents, this working group plans to provide clarity on leading practices for integration, critical to continued cloud adoption."

Nayaki Nayyar, SAP senior vice president cloud for customer engagement, believes customers will be the ultimate beneficiaries of these standards.

"A clear set of cloud security standards and best practices will help enable organisations to reap the benefits of the cloud in less time with added assurance that their data is secure," she says.

"With enterprises scaling their use of hybrid cloud solutions to drive their business, the role of interoperable cloud security based on standard APIs is critical," says Curt Aubley, Intel vice president and Data Center Group CTO.

"Intel is committed to working with the industry to develop the foundation for interoperable cloud security and applauds CSA's continued leadership within this arena," he says.

Working group activities will formally commence in early July upon completion of the CSA corporate member subject matter expert review. 

TCS collaborates with Red Hat to build digital transformation solutions
“By leveraging TCS' technology skills to build more secure, intelligent and responsive solutions, we aim to deliver superior end-user experiences."
Twitter suspects state-sponsored ties to support forum breach
One of Twitter’s support forums was hit by a data breach that may have ties to a state-sponsored attack, however users' personal data was exposed.
How McAfee aims to curb enterprise data loss
McAfee DLP aims to help safeguard intellectual property and ensure compliance by protecting sensitive data.
HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
2018 sees 1,500% increase in coinmining malware - report
This issue will only continue to grow as IoT forms the foundation of connected devices and smart city grids.
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Oracle announces a new set of cloud-native managed services
"Developers should have the flexibility to build and deploy their applications anywhere they choose without the threat of cloud vendor lock-in.”
How AT&T aims to help businesses recover faster from a disaster
"Companies need to be able to recover and continue operations ASAP, without pulling resources from other places to get back up and running."