February 24, 2010, 12:36 PM — CA Inc. has joined the Cloud Security Alliance to help organizations address security concerns, both actual and perceived, when adopting cloud computing.
The Islandia, N.Y.-based software vendor will work with other alliance members including technology vendors, customers and cloud providers to sort through the security issues, educate would-be cloud adopters and address the real issues, said Matthew Gardiner, director of CA's security and compliance business unit.
"It's no secret that one of the big areas of concern, both rational and perhaps irrational, about cloud is related to security and management because organizations are putting things where they hadn't before, applications and data," said Gardiner.
The Cloud Security Alliance is a non-profit organization promoting security best practices within cloud computing. Other members include Novell Inc., VMware Inc. and Microsoft Corp. Earlier this month, Santa Clara, Calif.-based chip maker Intel Corp. joined the Alliance.
CA will contribute its identity and access management knowledge to the alliance's initiatives and working groups, and provide input into the next release of the alliance's Security Guidance for Critical Areas of Focus in Cloud Computing.
The area of identity and access management is "underserved" in the cloud, said Gardiner.
While that will be CA's initial focus with the alliance, Gardiner said eventually the company's contribution will broaden to cover general IT management issues like performance governance and management. "All the things you are used to managing in the enterprise still have to be managed in the cloud," he said.
Jim Reavis, co-founder and executive director of the Cloud Security Alliance, said identity and access management remains a trust issue that is hindering enterprise adoption of cloud computing for critical business applications.
CA's core expertise in corporate identity management practices will be very useful toward the sort of practical guidance that the alliance provides, said Reavis.
"Organizations with expertise can help (others) bridge the gap between very mature internal identity management and this very nascent cloud market," said Reavis.
Gardiner said while there are cloud security issues with no foundation, there do exist some genuine security problems that must be addressed, including those regarding creation and adoption of standards.
Follow Kathleen Lau on Twitter: @KathleenLau