Sunday, November 21, 2010

About Cloud Audit

In this blog post, I plan to talk about the cloud audit(A6) . According to the following website:
About: "The goal of CloudAudit (codename: A6) is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology."

The short term goal of A6 is to get it utilized as a common standard by which cloud providers, regardless of location -- that could be internal private cloud or could be public cloud -- essentially agree on the same set of standards by which consumers or interested parties can pull for information.

The long term goad is to improve visibility and transparency of cloud provider and to provide automated tools for auditing. It will be exciting to evaluate such tool.

The open source tool is located at http://cloudaudit.googlecode.com/svn/trunk/. The tool is a zip file that you can unzip and use it. You can specify which compliance framework you need to use, for example, it can be PCI, HIPAA, NIST 800-53 (FISMA), etc. The goal is to have a commons set of API which can be used to map the security controls and to help to gather the auditing data through the tool.

Ken Huang
Director of Cloud Security
CGI Federal
Fairfax, VA, 22033

1 comment:

  1. AvaHost is definitely the best web-hosting company with plans for all of your hosting needs.

    ReplyDelete