Novell, Cloud Security Alliance Join Forces For Certification


Novell teamed up with the Cloud Security Alliance (CSA) Monday to launch a new cloud security certification program in a bid to spur more mainstream cloud adoption and increase confidence in cloud security.

The vendor-neutral Trusted Security Certification program marks the industry's first foray into security-specific cloud certification, education and outreach for cloud providers. Dubbed the "Trusted Cloud Initiative," the program is designed to arm cloud solution providers with the knowledge to offer industry-recommended, security and interoperable identity, access and compliance management configurations and practices. Essentially, companies considering cloud computing will have a standard to remove concerns about cloud security, governance and control of their data and IT assets.

Comparing the initiative to what VeriSign has done for secure e-commerce; Novell hopes the Trusted Security Certification program establishes trust for cloud adopters and resellers alike.

"It all starts with trust," said Dipto Chavarkarty, Novell's general manager of cloud security and vice president of worldwide engineering, adding that establishing trust is key when end customers don't know where their resources will be located: they may be on premise or off premise, they may be leased, they may be hosted. "You don't know where the resources are and you have nowhere near the control."

Chavarkarty said Novell wants the certification to be the checkmark, the seal of authenticity to illustrate that solutions and services are secure.

"What we want to establish is the seal of trust that the cloud environment is trustworthy," he said.

Anita Moorthy, Novell's senior solutions marketing manager for cloud computing, added that a cloud security seal of approval can also alleviate market confusion while stratifying the difference between various cloud elements like infrastructure as a service, platform as a service and software as a service.

And for the channel, Moorthy said the Trusted Security Certification in the cloud establishes a consistent terminology when it comes to talking about security in the cloud, an area the channel can benefit.

"It basically creates a standard vocabulary so the channel can have these conversations with customers," she said. They can use it as a base model in conversations and discussions."

For Novell and the CSA, the initiative is a move toward creating a single, cloud-specific definition for what is secure. It also creates a streamline process for provider evaluation and lets VARs offer solutions to clients that have been certified to work in secure environments. Meanwhile, it arms VARs with a new way to ease clients' cloud adoption fears by offering proof that solutions are secure.

Members of the CSA will now work to define the certification criteria, the seal and the roadmap. The CSA is a non-profit comprising industry stakeholders, end users and cloud service, SaaS and technology providers such as Novell, Microsoft, Dell, Rackspace, Qualys, HP Intel, Cisco, McAfee, ISACA, DMTF and Symantec along with individual corporate and governmental representatives. The CSA was formed to promote the use of best practices and to provide security assurance around cloud computing.

Novell Vice President of Product Management for Identity and Security Nick Nikols will serve as co-chair for the Trusted Security Certification initiative, while Liam Lynch, eBay chief security strategist, has been named the working group leader.

"In traditional IT environments, the organization controls its applications, servers, and storage infrastructure. However, the control architecture changes profoundly for public cloud offerings," Jim Reavis, executive director of CSA, said in a statement. "When an organization moves IT resources and sensitive data such as personal names, addresses, and phone numbers into the cloud, control and trust issues must be addressed through a trusted third-party certification program."

For educational outreach, the CSA will work to help security, IT audit and software development professionals within solution providers and enterprises better understand the security, identity and access, compliance, data governance, portability and interoperability requirements organizations need to demonstrate compliance and mitigate the risk of the cloud.