Open API Efforts Begin
Ciphercloud and the Cloud Security Alliance (CSA) have been working to fill a gap in the cloud access security broker market. It is a new working group for defining a uniform Open API. The group is led by CipherCloud and also includes from Deloitte, Infosys, Intel Security and SAP. The Open API looks to define a standard for the emerging cloud access security broker (CASB) space. CASB will cover four categories: data protection, threat prevention, visibility and compliance.
Cloud identity is mainly handled by Security Assertion Markup Language (SAML) assertions, which can enable federated identity across cloud vendors. Chenxi Wang, vice president of Cloud Security & Strategy at CipherCloud, explains that identity management is only part of the battle in cloud security, and that the API will cover not only identity management but also data classification, data protection and access management.
Wang describes, “We will not propose new protocols to replace SAML, but instead, we will fill gaps where existing standards are lacking. For instance, how does the enterprise specify to the cloud service that a particular piece of data and content can only be stored in a particular geography? You can’t do that today automatically.
“This Open API effort will standardize the specification, control and assessment across the tiers of the cloud infrastructure, which will in turn significantly lessen the work on the developers’ part and hence expedite time to market for cloud adoption. The immediate goals of this effort are to issue specifications for the API framework, reference architecture documents, as well as a few whitepapers. After that, we may propose to incorporate that as part of the CSA STAR, if the industry embraces the API standards.”
The group is focused on its immediate goals first and foremost. While the groups formation was announced in late June, it is expected to begin operations in July.