csa cloud trust protocol and a4cloud: enforcing cloud accountability through security continuous...
DESCRIPTION
VERDIKT conference 2013TRANSCRIPT
![Page 1: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/1.jpg)
www.cloudsecurityalliance.orgCopyright © 2013 CloudSecurity Alliance
CSA Cloud Trust Protocol andA4Cloud:
Enforcing cloud accountabilitythrough security continuous
monitoringNovember 2013, Research Council of Norway
Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director
![Page 2: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/2.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
About the Cloud Security Alliance
Global, not-for-profit organisation
Over 48,000 individual members, more than 180corporate members, and 65 chapters
Building best practices and a trusted cloud ecosystem
Agile philosophy, rapid development of applied researchGRC: Balance compliance with risk management
Reference models: build using existing standards
Identity: a key foundation of a functioning cloud economy
Champion interoperability
Enable innovation
Advocacy of prudent public policy
“To promote the use of best practices for providing securityassurance within Cloud Computing, and provide education on the
uses of Cloud Computing to help secure all other forms of
computing.”
![Page 3: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/3.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 4: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/4.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 5: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/5.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 6: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/6.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
SecurityBenefits
![Page 7: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/7.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
SecurityBenefits
Economy of Scale
![Page 8: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/8.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
RISKS
![Page 9: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/9.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 10: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/10.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
OPENNESS & TRANSPARENCY
![Page 11: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/11.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
NEW GOVERNANCE MODELS
![Page 12: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/12.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
ACCOUNTABILITY
![Page 13: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/13.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud Accountability Project
The project focuses on accountability as themost critical prerequisite for effectivegovernance and control of corporate and privatedata processed by cloud-based IT services.
It aims to assist cloud service providers with:
• Techniques to make services moretrustworthy
• Ways to satisfy business policies anddemonstrate compliance
• Allowing differentiation
![Page 14: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/14.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud Members
Industry
Community
Research
![Page 15: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/15.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Globalisation and new technologies• Cloud computing presents a paradigm shift in how IT is deployed and consumed
Uncertainty and lack of visibility (for consumers, clients andregulators)• Privacy and trust comes from sound stewardship of information by service providers
for which we need to hold them accountable
Regulatory complexity in global business environments,especially for cloud• Accountability addresses global interoperability
• Clear and consistent framework of data protection rules
• Allows avoidance of complex matrix of national laws and reduces unnecessary layersof complexity for cloud providers
• New technologies like cloud are straining traditional privacy frameworks
Drivers for accountability
![Page 16: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/16.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Context
Principles,Regulations andSocietal Norms
DesignAccountability
What is the rightthing?
How to do the rightthing
Trying to getorganisations to do the
right thing
Holding them toaccount if they don’t Facilitating redress
supports
complements
![Page 17: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/17.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Context
Principles,Regulations andSocietal Norms
DesignAccountability
What is the rightthing?
How to do the rightthing
Trying to getorganisations to do the
right thing
Holding them toaccount if they don’t Facilitating redress
supports
complements
Control over practicalaspects of compliance
Obligation to provethat principles put
into effect
![Page 18: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/18.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud ecosystem
![Page 19: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/19.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Model of Accountability
![Page 20: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/20.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability
Attributes
Practices
Mechanisms
organisational
operational
abstract
concrete
conceptual
Conceptual model ofaccountability
With what?
How?
What?
![Page 21: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/21.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability
Attributes
Practices
Mechanisms
Defining accountability
Accountability consists of defining
governance to comply in a
responsible manner with internal
and external criteria, ensuring
implementation of appropriate
actions, explaining and justifying
those actions and remedying any
failure to act properly.
![Page 22: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/22.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Observabililty
• Verifiability
• Attributability
• Transparency
• Responsibility
• Liability
• Remediation
Accountability attributes
Accountability
Attributes
Practices
Mechanisms
![Page 23: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/23.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Define governance
• Ensure implementation
• Explain & justify actions
• Remedy failures
Accountability practices
Accountability
Attributes
Practices
Mechanisms
![Page 24: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/24.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability
Attributes
Practices
Mechanisms
• Business processes
• Non-technical
instruments
• Technical tools
Accountability mechanisms
contain
![Page 25: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/25.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Business processes
• Non-technical
instruments
• Technical tools
Accountability Mechanisms
contain
Auditing,Risk assessment, etc
Accountability
Attributes
Practices
Mechanisms
![Page 26: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/26.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Business processes
• Non-technical
instruments
• Technical tools
Accountability Mechanisms
contain
Contracts,Legal means, etc
Accountability
Attributes
Practices
Mechanisms
![Page 27: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/27.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Business processes
• Non-technical
instruments
• Technical tools
Accountability Mechanisms
contain
Tracking andtransparency toolsNotification of policyviolation, etc
Accountability
Attributes
Practices
Mechanisms
![Page 28: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/28.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Accountability framework
• Accountability metrics• Accountability evidence
mechanisms and tools• Auditing mechanisms
and tools
• Policy compliancemechanisms and tools
• Reference architecturefor accountability
• Interoperablemechanisms and tools
What is needed
A4Cloud project
Trustworthyarchitecture
Privacyassurance
Trustassurance
GovernanceSecurityand trust
economics
Policies
Transparent
security
• Risk and trust models foraccountability
• Accountability policylanguage
• Enforcementmechanisms foraccountability
• User-centricaccountability tools
![Page 29: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/29.jpg)
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud & CSA
A4Cloud results are relevant to a number ofnumber of CSA research, educational activities,as well as in the context of the Open CertificationFramework
![Page 30: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/30.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
The Cloud Trust Protocol (CTP) is designed to be amechanism by which cloud service clients can ask for andreceive information related to the security of the servicesthey use in the cloud, promoting transparency and trust.
![Page 31: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/31.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
An idea for a consumer/provider protocol
+ Commitments= Reports + Alerts
CTPconsumer provider
Confidentialitylevel
Uptime…
![Page 32: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/32.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Transparency and trust
OCF level 2: Third-party cloud certification
OCF level 1: Cloud self-certification
OCF level 3: Cloud monitoring based certification
Goal: Transparency and trust
![Page 33: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/33.jpg)
www.cloudsecurityalliance.org
What we have today…
1. API & Data Model1. API & Data Model
2. Security attributecatalogue
2. Security attributecatalogue
3. A prototype3. A prototype
What is…A report, a commitment, an alert?A security attribute?A resource, a service?
“Availability”, “timely incident reporting”,“confidentiality level”…
REST + XML
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 34: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/34.jpg)
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
The API is the easy part...
![Page 35: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/35.jpg)
www.cloudsecurityalliance.org
Challenge 1:
Standardizing cloud security attributes
0.06 kWh 0.06 kWh 0.06 kWh
99.95% 99.95% 99.95%
= =
=
Cloud availability
Electricity consumption
=
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 36: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/36.jpg)
www.cloudsecurityalliance.org
Challenge 2:
Finding good security attributes
1Vulnerability found
5Vulnerabilities found
<?
100 vulnerabilities published in 2013 (NVD)9 relevant to our platform8 tested1 found exploitable (severity=6.0)Time between discovery and fix = 5 days.
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
![Page 37: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/37.jpg)
www.cloudsecurityalliance.org
Challenge 3:
Fitting CTP in OCF level 3
www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
The CSA Open Certification Framework is an industry initiative toallow global, accredited, trusted certification of cloud providers.
![Page 38: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/38.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Challenge 4:
Integrating CTP in A4Cloud
![Page 39: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/39.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Lessons already learned
Well defined - consistently measured
Cheap to evaluate – automated
Correlated to consumer utility
Some interesting but tricky areas:
Vulnerability management, data location, staff data
access, incident response….
Good attributes need to be:
![Page 40: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/40.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Now it’s your turn!
![Page 41: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/41.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
The CTP working group
Objective 1: Define CTP Vision, goals, design principles.
Objective 2: Define CTP data model.
Objective 3: Specify the CTP API.
Objective 4: Specify CTP core security attributes.
Objective 5: Implement a CTP pilot.
Objective 6: Support OCF monitoring based certification
CSA launches the CTP working group:
![Page 42: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/42.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance
Help Us Secure Cloud Computingwww.cloudsecurityalliance.org
www.linkedin.com/groups?gid=1864210
www.a4cloud.eu
![Page 43: CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA](https://reader031.vdocument.in/reader031/viewer/2022020122/546c3111b4af9f8e2c8b506d/html5/thumbnails/43.jpg)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2013 Cloud Security Alliance