Rackspace to host cloud security sharing centre
The not-for-profit Cloud Security Alliance (CSA), has launched an initiative to unite cloud providers and create a peer-based information sharing centre.
The sharing space will be co-chaired by Brian Kelly, CSO at cloud firm Rackspace and the co-founder of anonymous cyber incident sharing platform TruStar, David Cullinane, who previously was corporate information security officer at both Wells Fargo Bank and eBay.
Featured
Speaking with ZDNet, Kelly said the initiative will allow sharing centre members from cloud firms such as Rackspace, Amazon, Google, Microsoft, and Dropbox to share information and leverage off each other's knowledge base.
"The whole concept emerged from what we refer to as Presidential Decision Directive 63, which we started back in May of 1998. Under the Clinton administration they convened a group of people to look at the initiatives needed for the protection of the nation's critical infrastructure.
"It had a number of directives, one of which being the formation of a range of information sharing and analysis centres, and a few of them formed immediately -- financial services, information technology and telecommunications."
Kelly said that over the 15 years that these centres have been operational, they have learnt what has worked and what they can do better in this new independent information sharing centre.
"I think, largely, they were ineffective for the initial 5-10 years as participants weren't really providing anything and they were just there to consume information, and it was not really timely enough, nor was it actionable.
"From a security perspective, we need to represent a unified front. We have to work as one team. I need to be able to call my buddy at Amazon on a moment's notice, and Google needs to be able to call me to tell me what they've found," Kelly said.
"We're all in agreement now, we've had meetings, and we're launching a cloud information sharing centre. The main thing that we are after is how we can share information in a matter of minutes and hours, rather than waiting until the attack has already happened."
Kelly said that there is no reason a provider should not get behind the initiative, as the information that will be shared in the forum does not provide a company with a competitive advantage in the cloud marketplace.
"If I'm the unfortunate victim of an attack -- that's not exactly something that I monetise -- it can only hurt me, it can't help me.
"I think the real advantage is if the large cloud service providers can truly present a unified front and share this information quickly, so we can all quickly defend -- I think in the long run it's going to help us all.
"What's been holding back cloud adoption is security or uncertainty. If organisations see that the major cloud service providers actually do work well together, then some of that uncertainty and fear starts to go away and we might see broader adoption of the cloud."
Rackspace is currently positioning itself to host the technology, and TruStar has created the application that the forum will run on, a decision Kelly says was a purposeful one to allow for the anonomysing of physical attribution, which in turn allows for a cloud provider to share the technical details of an attack, whilst stripping away any potential identifying information.
"We'll be sharing indicators of compromise, and tactics, techniques, and practises as quickly as possible -- and to do that you do not need to provide any client or customer identifying information."
Kelly said that under the direction of Jim Reavis, founder and CEO at the 65,000 member-strong CSA, the alliance is currently working on creating standards around information sharing that will provide the basis for the online sharing centre to succeed.