When Openstack project was announced on Monday, there were two reasons for my excitement. The foremost being its open source licensing with a potential to disrupt the industry. The second one was the tweets by Chris Hoff (@beaker) whose initial reaction was positive and his thinking that Openstack and CloudAudit can work together. Whether we like it or not, security is one of the biggest concerns for enterprises moving to cloud. As a first step to having a more secure cloud environment, a group of security gurus and people involved in the field of cloud computing came together to form CloudAudit.org. Their goal is to develop a common interface and namespace to help cloud computing vendors automate Audit, Assertion, Assessment, and Assurance of the cloud infrastructure.
Douglas Barbin, Director at SAS 70 Solutions, wrote a blog post highlighting the audit and compliance considerations vis a vis Openstack.
  • With an increased number of providers not to mention open source itself, the need for transparency of controls is even greater.
  • A by-product of OpenStack will be the increase of service provider to sub-service provider relationships (e.g. a SaaS company hosts at an IaaS co-lo and has their systems maintained by a managed service provider.   The most important thing for cloud providers is to be able to map out all their customers’ control and compliance requirements ensuring there are no “gaps” where on provider thinks the other is doing (and vice versa).
  • Service providers need to carefully evaluate what assurance and compliance tools suit their customers best.  This involves doing a requirements and cost-benefit analysis of SAS 70 / SSAE 16 audits and assessments, PCI DSS validation, SysTrust, ISO 27001 certification, or any combination of those and more.
It didn’t take long for the Openstack community to address this issue. Today Brett Piatt, a leading Openstacker and Rackspace employee, announced on Twitter that he has spoken with folks at CloudAudit and soon they will be working together to see how the recommendations by CloudAudit will be implemented in Openstack.
Looking forward to working with #CloudAudit on #OpenStack, good blog post today by @DougBarbin — talked to @Beaker early in the week.
This is a very important first step. It not only helps Openstack gain further legitimacy, it will also lure enterprises looking for cloud based solutions to consider Openstack seriously. This is a pretty exciting news for those who have faith in the potential of Openstack. I will keep a close tab on the progress and come back to this space to update about their progress.
CloudAve is exclusively sponsored by
Krishnan Subramanian

Krish dons several avatars including entrepreneur in exile, analyst cum researcher, technology evangelist, blogger, ex-physicist, social/political commentator, etc.. My main focus is research and analysis on various high impact topics in the fields of Open Source, Cloud Computing and the interface between them. I also evangelize Open Source and Cloud Computing in various media outlets, blogs and other public forums. I offer strategic advise to both Cloud Computing and Open Source providers and, also, help other companies take advantage of Open Source and Cloud Computing. In my opinion, Open Source commoditized software and Cloud Computing commoditized computing resources. A combination of these two developments offers a strong competitive advantage to companies of all sizes and shapes. Due to various factors, including fear, the adoption of both Open Source and Cloud Computing are relatively slow in the business sector. So, I take it upon myself to clear any confusion in this regard and educate, enrich and advise users/customers to take advantage of the benefits offered by these technologies. I am also a managing partner in two consulting companies based in India. I blog about Open Source topics at http://open.krishworld.com and Cloud Computing related topics at http://www.cloudave.com.

Leave a Reply