CloudAudit goes to 1.0 with new API standards Staff

CloudAudit takes another stab at cloud standards
A group of industry veterans, led by inimitable security wonk Chris Hoff, has announced a working draft for a set of new capabilities

    Requires Free Membership to View

for cloud provider application programming interfaces (APIs). CloudAudit 1.0, formerly A6 (or Automated Audit, Assertion, Assessment, and Assurance API), is trying to provide a standard way for cloud users to get detailed, automated stats about performance and security in the same way that they turn servers off and on.

"CloudAudit provides a common interface, naming convention, set of processes and technologies utilizing the HTTP protocol to enable cloud service providers to automate the collection and assertion of operational, security, audit, assessment, and assurance information," reads the opening of the draft, listed under the Individual Submissions section of the Internet Engineering Task Force (IETF) active documents repository.

The individuals involved are part of some pretty big names in the IT world. Hoff works for Cisco, Sam Johnston now works for Google, George Reese founded cross-cloud system manger enStratus and Ben Sapiro is the security research director for TELUS. That's not an industry consortium like the one behind the Cloud Security Alliance (CSA), but guys like those (Reese excepted) don't write IETF documents without some level of company approval.

So cloud providers, read the draft; you might find some very big customers asking which parts of A6 you can provide in the not too distant future, along with competitors already on the move. Amazon has expressed qualified support for the idea, you know.

Amazon S3 adds policy, visibility features
In other news, Amazon Web Services has added another layer of capabilities to its Simple Storage Service (S3) that it's calling Bucket Policies. Users can control access control lists (ACL) and short-term access URLs (the query string authentication mechanism) "using a single unified mechanism," according to the post.

User can also now write complex security policies directly into their applications using the Bucket Policy tools, automating a once limited and tedious task. What an original idea!

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: