New CSA initiative to oversee SaaS security

At the RSA Conference last month, the Cloud Security Alliance created a new group that will oversee, as well as aid and evalute, security solutions being provided in Software-as-a-Service models. 

The CSA's mission statement is to promote the best practices in relation to security assurance when dealing with the managed IT service. In addition, the body aims to educate companies and workers on the uses of cloud computing in order to secure other forms of computing.

"To date, CSA has primarily focused on the first part of the mission statement," said Michael Sutton, vice president of security research at Zscaler and head of the new initiative. However, the new group will focus on the second part.

Sutton said many cloud providers claim they offer effective security solutions, "however, there has been very little done to define [Security-as-a-Service] and establish best practices. We aim to change that."

The working group will begin creating a consensus definition of what Security-as-a-Service means, as well as categorizing different offerings and providing guidance to companies regarding reasonable implementation practices.

As companies currently in the cloud plan to increase their investment by 10 percent during 2011, according to Osterman Research, having an informational and educational body such as the CSA initiative could be beneficial.