Cloud Computing Audit Specifications

The Distributed Management Task Force (DMTF), an industry group that develops systems management standards, has recently began an effort to develop cloud computing audit specifications with the goal of dealing with security concerns about cloud computing. The Cloud Audit Data Federation Work Group (CADF) created by the DMTF will develop specifications that focus on a cloud provider’s ability to audit its systems for security. The Distributed Management Task Force consists of 160 member companies and over 4,000 participants in 43 countries. The Task Force Board of Directors consists of representatives from IBM, Microsoft, Cisco Systems, and Intel.

In an interview, DMTF President, Winston Bumpus said “The work group is focused on being able to come up with a standard way to federate all the audit information about IT resources, logs and reports, and coming up with a common way to describe and extract that information.” As well, Bumpus said, “One of the things cloud tends do is hide a lot of the complexities by having these virtualized environments. Cloud service customers need to be able to get information on what’s going on in the infrastructure. If there are outages, failures or other events – to be able to expose that in a standard way.”

The CADF will collaborate with DMTF alliance partners, including the Cloud Security Alliance with the goal of creating more confidence in cloud services. Bumpus said, “Security is one of the key challenges to achieving the vision of cloud computing, along with interoperability and portability,  Standards like those being developed by CADF are needed to take advantage of the promise of cloud computing.”

The CADF effort is part of the DMTF’s overall cloud computing strategy. Bumpus said,” The Cloud Management Work Group has released Open Virtualization Format which addresses the portability issue by providing a standard way to package workloads that are exchanged between clouds. Addressing the issue of security in cloud and virtual environments through our Cloud Audit Data Federation Work Group will be the next significant step forward in establishing an open cloud marketplace.”