Stuart Boardman, Co-Chair of the Security for the Cloud and SOA project, gave a presentation summarizing its work, and Ian Dobson, Forum Director of the Security and Jericho Forums, gave an overview of the Cloud-related work done by these bodies.
It was noted that bodies outside The Open Group, including the Cloud Security Alliance, the US National Institute of Science and Technology (NIST), ISO, the US Government FEDRAMP initiative, and possibly the IEEE, are also doing relevant work.
Several useful potential work items were identified:
- A set of security-related questions that enterprises procuring Cloud services should ask
- A Cloud Security reference architecture
- Standards and guidelines that would enable an enterprise to develop and implement a common administration policy across Cloud solutions, which typically have administration roles defined in terms of "siloed" cultures
- Development of artifacts identified by the Jericho Forum's data protection white paper
The Security for the Cloud and SOA project has defined a set of architectural building blocks and a set of architectural principles for Cloud Security, but has not defined a full Cloud Security reference architecture.
The Security for the Cloud and SOA project should ensure that the excellent work that it has done is properly packaged and available, but is not expected to engage in further activities.
The Security and Jericho Forums will continue their work on Security, and the Cloud Work Group will continue its work on Cloud. These bodies will communicate and co-operate on Cloud Security.