A key concern for many organisations adopting cloud computing is security. Moving to the cloud means many aspects of security are handled by the cloud provider, especially when using Platform as a Service (PaaS). In addition to security, the operational, policy and regulatory procedures of cloud providers is a concern.
Businesses who require information on security policies and auditory and compliance from a cloud provider have many problems in gathering the information. Firstly, public cloud providers cannot spend all their time providing this information for their customers. Secondly, it is easy to misunderstand what is actually being asked of the provider by their customers resulting in the incorrect information being provided.
To help solve this problem for both cloud providers and cloud consumers, a welcome development is the formation of the Cloud Audit Organisation. The goal of this organisation is to provide a common interface and namespace that enables cloud computing providers to automate the audit, assertion, assessment and assurance of their Infrastructure (IaaS), Platform (PaaS) and Application (SaaS) environments. The result will be the ability of authorised cloud consumers to automatically gather the required security and audit information in a standard manner without any misunderstanding or ambiguity and with no burden on the cloud provider. This follows a key benefit of the cloud – self service.
The Cloud Audit Organisation is a cross industry effort that currently has over 250 participants comprising members of all the leading Cloud Computing providers including Google, Amazon, Microsoft, VMWare, Cisco and many others. As anybody who has attended Learning Tree’s Cloud Computing course and participated in the course workshops knows, this organisation is a welcome and vital development in removing one of the perceived barriers to Cloud Computing adoption.