The Cloud Security Alliance (CSA) made its inaugural splash at last week's RSA Security Conference 2009 in San Francisco. The group kicked off an ambitious white paper that attempts to define everything from the architecture of cloud services to the impact of cloud services on litigation and encryption. It was a herculean effort to try to get this off the ground. And there is still much more work to do -- especially in the one area the group left out.

This is a great article that talks about the problems of putting all your security eggs into one basket.

Last night, I finally had a chance to read the CSA's paper Security Guidance for Critical Areas of Focus in Cloud Computing. To say it is a colossal task to attempt to define and demark the various flavors of cloud computing, plus explain the impact the cloud models will have on IT architecture, governance and enterprise risk management, compliance, BC/DR, portability of data, identity and access management, encryption and key management -- is an absurd understatement. Name the technical aspect of cloud computing: and this paper takes a swing at it.

The overarching goal of this paper is to not only help to bring some sense to cloud computing terminology (which currently consumes the first 30 minutes of any attempt at in-depth discussion on the subject), but also help guide service providers and application developers as to what they need to do to ensure they're providing a sustainable, secure, regulatory friendly platform or service.

The link for this article located at InformationWeek is no longer available.