The goal of CloudAudit (codename: A6) is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.
Our execution mantra is to:
- Keep it simple, lightweight and easy to implement; offer primitive definitions & language structure using HTTP(S)
- Allow for extension and elaboration by providers and choice of trusted assertion validation sources, checklist definitions, etc.
- Not require adoption of other platform-specific APIs
- Provide interfaces to Cloud naming and registry services
You can also read an excellent interview from the folks at SearchCloudComputing
Benefits Of CloudAudit/A6
The benefits to the Cloud Service Provider are to enable the automation of typically one-off labor-intensive, repetitive and costly auditing, assurance and compliance functions and provide a controlled set of interfaces to allow for assessments by consumers of their services.
The benefits to the “consumer” of the Cloud services or their duly-authorized representatives are to provide a consistent and standardized interface to the information produced by the service provider.
We intend not to be prescriptive as to the mechanisms used to gather the data or how these interfaces are presented, but rather provide a consistent representation to the consumer and the tools they choose to utilize. There will likely be programmatic interfaces (in the classical definition of an API) but we will focus initially on representative schema and data structures mapped to existing compliance, security and assurance frameworks.
Core Team Members
There are over 250 participants/interested parties supporting CloudAudit/A6. The “core team” below are those that have committed to participate on a regular basis and establish leadership roles within the group. Anyone and everyone is welcome to contribute and participate. To join, sign up on the forums and participate in the weekly calls held Monday.
| Name | Affiliation |
| Lew Tucker | Sun[shine] |
| Doug Egan | CSC |
| George Reese | Enstratus |
| Gunnar Peterson | Arctec |
| Andy Ellis | Akamai |
| Craig Nelson | Microsoft |
| Allwyn Sequeira | VMware |
| Sam Johnston | |
| Shlomo Swidler | Orchestratus |
| Scott Sanchez | Unisys |
| Steve Riley | Amazon Web Services |
| Ken Owens | Savvis |
| Chris Drumgoole | Terremark |
| Bret Piatt | Rackspace Cloud |
| John Menerick | - |
| Randy Bias | CloudScaling |
| James Urquhart | Cisco |
Here is the introduction presentation from the group call on 2/12/10:
Note: CloudAudit/A6 Working Group calls are scheduled weekly Mondays (starting 3/15/10) at 10am PST/1PM EST. Please see the Forums for dial-in information and recordings from previous calls.