On cloud transparency, providers offering 'too much information'
SAN FRANCISCO -- On the topic of cloud computing security transparency, Amazon, Google, Microsoft and many other top-tier cloud computing service providers are getting a bad rap, according to John Howie, chief operating officer at the Cloud Security Alliance (CSA). Oddly enough, it's reached the point where cloud providers now offer too much information.
"It's not really consumable by your average IT pro or procurement department who is looking to make a decision on which cloud provider to go with," Howie said. "So what the [CSA] has done, in conjunction with the major cloud providers, is come up with a means by which they can document how they operate their services in a fashion that is easily consumable and comparable to other cloud providers."
In this video, recorded at RSA Conference 2013, Howie details the frameworks the CSA has created to enable greater cloud transparency, and addresses the confusion in the industry regarding how providers should document the state of controls in their environments in lieu of SAS 70 and SOC Type 1. Howie also discusses the challenges surrounding transparency in cloud data storage.