By J.R. Santos, Vice President/Research and Member Services, Cloud Security Alliance
It is becoming increasingly difficult to protect customer data in the clouds, which in turn is causing more and more cloud providers and cloud consuming organizations to embrace data governance strategies. To address this need, Cloud Security Alliance (CSA) recently created the Cloud Data Governance 2.0 working group.
The Cloud Data Governance working group has been created to design a universal set of principles and map to emerging technologies and techniques for ensuring the privacy, confidentiality, availability, integrity and security of data across private and public clouds. The group has recently released a data governance framework to ensure the privacy, availability, integrity and overall security of data in different cloud models. These will feed into the GRC stack and can be implemented as controls across CSA’s CAIQ, CCM and STAR.
The Cloud Data Governance working group will look to develop thought leadership materials to promote CSA’s leadership across the spheres of data privacy, data protection and data governance. One key issue is that the over-emphasis on technology controls often leads to underlying weaknesses in processes. The group will work to harmonize data privacy regulations to a set of data protection principles that can help cloud consuming organizations and cloud service providers meet new data privacy requirements in a more efficient and proactive manner.
Chaired Evelyn de Souza of Cisco, the group is comprised of representatives from across the industry, with collaboration between key industry leaders from different verticals, academia, industry analyst associations and vendor subject matter experts.
The Governance Framework is tied to the CSA Cloud Controls Matrix and examines the three phases to govern:
- Plan (Plan & Organize)
- Do (Acquire and Implement, Deliver and Support)
- Check, Act (Monitor and Evaluate)
The Cloud Data Governance working group has some exciting research coming up later in 2015, including reviewing and streamlining the values of security risk management, going from ad hoc to optimal. Also research on data privacy – measuring the changing perceptions to data heat index – is scheduled for release.
If you are planning to attend Cloud Expo in New York next, you are invited to attend a presentation being given by Evelyn that will focus on how to set up a cloud data governance program and spans setting up an executive board to ensuring the availability, integrity, security and privacy of cloud data through its lifecycle.
To learn more about the Cloud Data Governance 2.0 working group, please join the LinkedIn group: CSA Cloud Data Governance Working Group or join the mailing list.