CloudAudit Cloud Computing

CloudAudit23 (codename: A6) has the following goal:

. . . to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their IaaS, PaaS, and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.

A draft specification, still undergoing revision, is available. It has been submitted to the Internet Engineering Task Force (IETF):

The first CloudAudit release is designed to be as simple as possible so as it can be implemented by creating a directory structure and uploading files to a standard web server that implements HTTP.25 Subsequent releases may add the ability to write definitions and assertions, and to request new assertions be generated (e.g. a network scan). That is, while 1.x versions are read-only, subsequent releases may be read-write.

A . . . client will typically interrogate the service and verify compliance with local policy before making use of it. It may do so by checking certain pre-defined parameters (for example, the geographical location of the servers, compliance with prevailing security standards, etc.) or it may enumerate some/all of the information available and present it to an operator for a manual decision. This process may be fully automated, for example when searching for least cost services or for an alternative service for failover.

As it is impossible to tell in advance what information will be of interest to clients and what service providers will be willing to expose, a safely extensible mechanism has been devised which allows any domain name owner to publish both definitions and assertions.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

Cloud Computing Topics