It has been some time since the last post and it was time to post again. We have been working hard, so it has been difficult to find the time needed to come back to post. In fact, last weeks we have been contributing to some very interesting initiatives that have keeped us completely busy:

  • ETSI Cloud Standards Coordination, that is working in helping the EU in identify future normalization issues and it is ending its report at this time.
  • SC38 Study Group on Future Work, that has been created inside ISO SubComittee 38 to work on the same idea (identify future works for this SC).
  • ISACA. In particular, in a work related con controls definitions and assurance in cloud that will be published in the following weeks.
  • ENISA. As a member of resilience and cloud working group, we have been reviewing some documents (that we could not mention yet).

We start watching some results of these efforts and, little by little, people is starting to talk about security labeling of cloud services, as in the following example we would like to comment:

  • First, the article "Security Labeling of IT Services Using a Rating Methodology" that has been published in ISACA Journal, volume 6.
  • And, secondly, in the report presented by ENISA in CloudforEurope Conference "Certification in the EU Cloud Strategy", where leet security has been included as one of the standards to be considered (PDF).

In summary, we see that, little by little, security industry start talking about security labelling... we will keep working on it.

You can follow us on twitter.com/leet_security

You can follow us on twitter.com/leet_security

19 de noviembre de 2013