At the RSA Conference, a new security organization was launched and released a document regarding improving security of cloud computing environments.

The report was titled "Security Guidance for Critical Areas of Focus in Cloud Computing," an 83-page document outlining 15 areas that need the most attention to, particularly two: governance of the cloud, and operations within the cloud.

Within the report, issues regarding risk management and governance encountered by both service providers and the companies availing of their services were tackled. It recommended that companies regularly avail risk assessments conducted by third parties, and that the results be released to their customers.

It also promoted compliance to industry standards, particularly to the ISO 27001 certifications and the SAS Type II audits.  With all these certifications however, they also recommended uniformity in classifying them. Other topics discussed in detail in the paper included storage, encryption, key management and application security concerns

As companies began moving resources to cloud service providers and the virtualization of systems to cut costs and increase efficiency, Cloud Service alliance plans to host events to give cloud service providers and companies a place for discussion of security issues with industry experts, as well as a venue to report on the latest trends and most efficient practices for cloud computing implementations.

This new group was founded in order to promote the awareness of cloud computing security, especially with the rising popularity of the service within the industry. The non-profit group had hoped that the report can serve as a guideline for companies beginning to implement virtualization or those looking for the right cloud service provider. Dave Cullinane, eBay’s CISO and vice president of global information security and an adviser of the organization shares his experience as an early adopter of cloud computing. Even eBay had suffered from a lack of information or the experience of efficient usage practices for cloud computing, and hopes the organization can help companies feeling the same way.

The group’s membership includes passionate individuals with deep interests in cloud security as well as representatives from vendors such as Microsoft, PGP Corp., Zscaler Inc. among others.