SAN JOSE, Calif., June 29, 2015 /PRNewswire/ -- Recognized as the fastest-growing segment of cloud security, the cloud access security broker (CASB) space is still an emerging one where standards have yet to coalesce. To fill this gap, CipherCloud, the leader in cloud visibility and data protection, and the Cloud Security Alliance (CSA) are forming a Cloud Security Open API Working Group to jointly define protocols and best practices for implementing cloud data security as a part of the CASB framework. Deloitte, InfoSys, Intel Security, SAP and other technology leaders will also contribute.
The Cloud Security Open API Working Group will provide guidance on vendor-neutral data-security implementation to help accelerate cloud services adoption. Collaboration on these guidelines will also further accelerate security integrations across multiple clouds and with third-party technologies. This initiative will enable enterprises to leverage standards-based APIs to protect data via encryption, tokenization and other technologies across cloud environments, helping eliminate the need for custom integration for each cloud. The working group plans to produce API specifications and a reference architecture to guide cloud data protection.
"Standards are an important frontier for the cloud security ecosystem," said Jim Reavis, CEO of CSA. "The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment – a win for vendors, partners and users. Standardizing APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications."
"Cloud is the killer app for security innovation," said Pravin Kothari, founder and CEO of CipherCloud. "But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security. Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in CASB, we are excited to co-lead this initiative with CSA to accelerate security across clouds."
"Enterprises and governments are struggling with the challenge of how to manage their cyber risks as they move data and compute to the cloud," said Jeff Margolies, principal, Deloitte & Touche LLP. "Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure. By bringing together vendor, channel and customer constituents, this working group plans to provide clarity on leading practices for integration, critical to continued cloud adoption."
"We believe that customers will be the ultimate beneficiaries of these standards," said Nayaki Nayyar, senior vice president, Cloud for Customer Engagement, SAP. "A clear set of cloud security standards and best practices will help enable organizations to reap the benefits of the cloud in less time with added assurance that their data is secure."
"With enterprises scaling their use of hybrid cloud solutions to drive their business, the role of interoperable cloud security based on standard APIs is critical," said Curt Aubley, vice president and Data Center Group CTO at Intel. "Intel is committed to working with the industry to develop the foundation for interoperable cloud security and applauds CSA's continued leadership within this arena."
Working group activities will formally commence in early July upon completion of the CSA corporate member subject matter expert review. Participation is open to all qualified experts. Please contact firstname.lastname@example.org to be added to the Open API WG announcement list.
CipherCloud, the leader in cloud visibility and data protection, delivers cloud adoption while ensuring security, compliance and control. CipherCloud's open platform provides comprehensive cloud application discovery and risk assessment, data protection – searchable strong encryption, tokenization, data loss prevention, key management and malware detection – and extensive user activity and anomaly monitoring services.
Director of Corporate Communications
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Kari Walker for the CSA
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. See http://www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
All other product and service names mentioned are the trademarks of their respective companies.
SAP Forward-looking Statement
Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as "anticipate," "believe," "estimate," "expect," "forecast," "intend," "may," "plan," "project," "predict," "should" and "will" and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SAP's future financial results are discussed more fully in SAP's filings with the U.S. Securities and Exchange Commission ("SEC"), including SAP's most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.