Cloud Security Open API: The Future of Cloud Security

Today, CipherCloud announced that the Cloud Security Alliance (CSA) is launching a Cloud Security Open API Working Group, co-led by CipherCloud. The charter of the working group is to provide guidance for enterprises and cloud service providers on the operation and interoperability of cloud security functions, with a specific goal to protect PII and sensitive data across multiple clouds. Current members of the working group include Deloitte, Intel Security, CipherCloud, SAP, Symantec, Infosys, and a few others.

Unlike many API efforts where the APIs typically allow access to a particular solution provider’s core code base, this effort aims to span multiple cloud services and bridge the gap between proprietary cloud environments.

Why Focus on Cloud Security Open APIs?
As cloud deployments become more extensive in enterprise, the ecosystem surrounding cloud deployments is becoming more and more complex. The number of places that touch personal data, company IPs, and other confidential information are quickly ballooning out of control. This is a conceptual diagram that illustrates the cloud ecosystem of an enterprise. As seen, personal data from the enterprise could go into CSP1, CSP2, and CSP3. In addition, partner app1 and partner app 2 may process personal data as well as the ISVs that help integration and customization efforts.


For the enterprise to retain complete control over your security and compliance-sensitive data in such an environment, it requires a monumental effort. Not only you need to have complete visibility of the entire ecosystem including partner applications outside of clouds with which you work directly. You must also exercise gate-keeping functions at each integration point, which quickly becomes non-scalable.

The Cloud Security Open APIs provide a layer of abstraction via which cloud users and third party technology providers can access and integrate with the core functions of cloud services. This common layer of abstraction across clouds allows end-user organizations the ability to exercise standard integrations with ease, eliminating the need for costly one-off custom development efforts. Ultimately, this will accelerate the pace of cloud adoption and innovation.

An analogy to the Cloud Security Open APIs is the Automated Clearing House (ACH) network in the banking industry. ACH is a widely adopted industry standard across different financial institutions and clearing houses. A bank can switch from one clearing house to another without changing the way they do funds transfers and payment processing. This is possible because the clearing houses and the banking institutions all adhere to the ACH standards. In a way, the Cloud Security Open APIs is the ACH standard for cloud security operations.

Benefits of Cloud Security Open APIs
Expedite cloud deployments: A well-known and standard API layer will give enterprise developers the ability to leverage core cloud functions quickly, thus expediting the pace of cloud deployments.

Foster cross-cloud innovations: With the Cloud Security Open APIs, developers now have a way to write cross-cloud functions without having to custom integrate with each cloud that it touches. This may open up breakthrough innovations in new economic venues, new ways of doing business for cloud users and providers alike.

Extend cloud services reach to new functionality: From the perspective of a cloud service provider (CSP), the Cloud Security Open APIs will allow a much larger set of developers (than those within the CSP’s own company) to leverage the CSP’s core code base/data and deliver adjacent functionality.  Sometimes this model can lead to entirely new and unexpected user experiences and technology advances, which can make the service much more appealing to end users.

What Will the Working Group Produce and What Does It Mean for You?
Today the business drivers for the Cloud Security Open APIs are about eliminating business and technology frictions when organizations move to embrace cloud applications. With this in mind, the working group will execute this roadmap going forward:

  1. Defining a set of concrete security use cases covered by the Open APIs
  2. Produce the Cloud Security Open API framework
  3. Generate a reference architecture that implements the API framework
  4. Produce industry guidance and white papers

If you are a cloud service provider, participating in the Open API program will allow you to go beyond just a service and become a platform for innovation. If you are a technology provider to the cloud environment, being part of the Open API will make your offering more agile and more appealing to a broad set of partners and users. If you are an end-user organization, the Cloud Security Open APIs really aim to make your life easier and should represent what you want to see in the security ecosystem. Your input therefore is extremely important.

The CSA Working Group and ways to participate can be found here. Get involved and get your voice heard!

Leave a Reply

The name and email fields are solely used to comment on posts. Cloud Security Alliance does no further processing of this data. See Section 3 of the CSA Privacy Policy for details.

Share this content on your favorite Social Network.