CSC licences cloud trust protocol to Cloud Security Alliance

According to the CSA, the plan is to include the CTP standard as fourth pillar of the alliance's cloud Governance, Risk and Compliance (GRC) stack.

The CSA says that its GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.

Other pillars in the GRC stack include CloudAudit, the Cloud Controls Matrix and the Consensus Assessments Initiative Questionnaire.

The gameplan now is for the CSA to promote the use of the CTP as a security feature for use by corporates, consumers and, of course, cloud service providers.

The CSC says that the CTP was developed to provide cloud computing users with the correct information to "confidently make choices about what processes and data to put into what type of cloud, and to sustain information risk management decisions about cloud services."

Announcing the licensing deal, Jim Reavis, the director of the CSA, said that the protocol provides the dynamic, continuous monitoring capability needed in a complete GRC stack.

"It helps solve an increasingly important step in helping organisations realise the ultimate promise of cloud computing, and is a perfect addition to our evolving business", he said.

"The cloud trust protocol complements the foundation of the GRC stack and is already aligned with the objectives of the CSA GRC, so we will be able to make fast and important progress moving forward", he added.

Over at CSC, Ron Knode, the company's trust architect and the author of the CTP, said that the protocol places IT risk decision-making back in the hands of the cloud consumer by providing the data they need as they need it.

"Service providers that implement the CTP can provide information about the individual elements of transparency within the CTP as they apply to their clients’ applications and workloads", he explained.

What’s Hot on Infosecurity Magazine?