Cloud Security Alliance Releases Cloud Services API
The Cloud Security Alliance (CSA) acts as a not-for-profit organization that promotes the use of best practices in cloud computing. As part of its participation in the Secure Provisioning of Cloud Services (SPECS) program, it has announced the release of a prototype Cloud Trust Protocol application programming interface.
The SPECS program, which is developing a security-as-a-service framework that relies on components of individual service level agreements, will host the CTP API, which will provide an interface for monitoring the SPECS itself. CTP API still remains in its infancy, but it has the power to request and receive information about cloud service customers and handle their application security with that information in tow.
CSA says that one of its main goals in the release of CTP API is to promote transparency in the way that security is handled in the cloud. Transparency can lead to trust in the interface, and the fulfillment of trust means that enterprises can feel free to use their cloud-based applications to the fullest extent. Trust can also lead to those same companies moving more of their operations to the cloud.
Rightfully so, TMC has pointed out that the use of APIs can make the path to cloud migration much easier. This notion may prove correct for many business styles in a wide range of markets. In the case of CSA, the addition of this API tries to grab two birds with one stone: ease of migration and application security.
The CTP server first allows enterprises to push security measurements to the CTP server. This can be anything from basic file or folder permissions to device access for a collection of employees. Once such permissions exist in the server, the CTP API can handle access to those measurements through user queries. This way, individuals in charge of handling an entire enterprise’s network security can easily view the list of security protocols it already has in place, which can provide an avenue for facilitating future changes to that list.
More than just a handle on cloud security, the CTP API also reaching into the world of open source by arriving under the Apache License 2. This gives enterprises permission to modify the API as they see fit, so the entire project has the potential to expand in the hands of those ambitious enterprise that wish to modify its code.
Edited by Kyle Piscioniere