The cloud access security broker space is still emerging, with standards yet to be fully defined. However, this space is recognised as the fastest-growing segment of cloud security.
In order to define protocols and best practices for implementing cloud data security as a part of the CASB framework, CipherCloud and the Cloud Security Alliance (CSA) are forming a Cloud Security Open API Working Group.
Deloitte, InfoSys, Intel Security, SAP and other companies will also contribute.
The Cloud Security Open API Working Group will provide guidance on vendor-neutral data-security implementation to help accelerate cloud services adoption.
The working group also plans to produce API specifications and a reference architecture to guide cloud data protection.
Collaboration on these guidelines will also further accelerate security integrations across multiple clouds and with third-party technologies.
The initiative will enable enterprises to leverage standards-based APIs to protect data via encryption, tokenization and other technologies across cloud environments, helping eliminate the need for custom integration for each cloud.
"Standards are an important frontier for the cloud security ecosystem," says Jim Reavis, CSA CEO.
"The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment - a win for vendors, partners and users.
“Standardising APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications," Reavis says.
"Cloud is the killer app for security innovation. But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security," says Pravin Kothari, CipherCloud founder and CEO.
“Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in CASB, we are excited to co-lead this initiative with CSA to accelerate security across clouds," he says.
Jeff Margolies, Deloitte & Touche LLP principal, says, "Enterprises and governments are struggling with the challenge of how to manage their cyber risks as they move data and compute to the cloud.
"Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure.
“By bringing together vendor, channel and customer constituents, this working group plans to provide clarity on leading practices for integration, critical to continued cloud adoption."
Nayaki Nayyar, SAP senior vice president cloud for customer engagement, believes customers will be the ultimate beneficiaries of these standards.
"A clear set of cloud security standards and best practices will help enable organisations to reap the benefits of the cloud in less time with added assurance that their data is secure," she says.
"With enterprises scaling their use of hybrid cloud solutions to drive their business, the role of interoperable cloud security based on standard APIs is critical," says Curt Aubley, Intel vice president and Data Center Group CTO.
"Intel is committed to working with the industry to develop the foundation for interoperable cloud security and applauds CSA's continued leadership within this arena," he says.
Working group activities will formally commence in early July upon completion of the CSA corporate member subject matter expert review.