Professional Documents
Culture Documents
VALUE Captured
Delivering evidence-based confidence…
with compliance-supporting data & artifacts.
References
1. See “Digital Trust in the Cloud”, August 2009, www.csc.com/security/insights/32270-
digital_trust_in_the_cloud
2. See “Digital Trust in the Cloud: A Precis on the CloudTrust Protocol (V2.0)”, July 2010,
http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp
3. See “CSA + CTP = Nebula Nova”, 25 July 2011, http://www.csc.com/cloud/blog/68078-
csa_ctp_nebula_nova_a_commentary_and_essay
July 2011 | Ron Knode CloudTrust Protocol Orientation
Research
Conclusions Summary
Initial Results-August 2009
• Syntax
• Semantics
• Self-defined response
(No insistence on orthodoxy)
– Asset model
– Scope of response
– Implementation/deployment options
• Extension
Private Cloud
Other Public Clouds
CSC Trusted Cloud
Transparency as a Service
(TaaS)
CloudTrust Protocol (CTP) Transparency as a Service (TaaS)
Reclaiming Digital Trust Across
Security, Privacy, and Compliance Needs
SAS70, SSAE 16, HIPAA, ITAR, FRCP, HITECH, GLBA, PCI Responding to
DSS, CFATS, DIACAP, NIST 800-53, ISO27001, CAG, all elements of
ENISA, CSA V2.3, …
transparency TaaS
TaaS
Dashboard
TaaS
Private CTP
Trusted
Cloud
Cloud Responding to •
Trust all elements of •
Agent transparency •
Using reclaimed visibility into the cloud
Downstream to confirm security and create digital
compliance trust
processing
Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp
Elements of Transparency in the CTP
6 TYPES
FAMILIES
Initiation
Service Statistics
Admin
Specs Transparency Requests Extensions
& Ops
Assertions Evidence Affirmations
Anchoring: 8, 9, 10
Configuration Security capabilities and Configuration &
(geographic,
definition: 20 operations: 17 vulnerabilities: 3,4,5,6,7
platform, process)
23 1
CTP
Transparency-as-a-Service
Legend:
Provider dimension
Deployment dimension
Source:
http://www.csc.com/cloud/insights/57785-
into_the_cloud_with_ctp
Multiple Styles of Implementation
The CTP is machine and human readable
RESTful
Web
Service
OUT-OF-BAND
RESTful Web
Service
Cloud Cloud
Consumer Provider RESTful
Trust Web
Evidence Service
(Elements of
transparency) RESTful Web
CloudTrust Service
Protocol
Service Cloud Cloud
Consumer Provider
Trust
Evidence
(Elements of
IN-BAND CloudTrust
transparency)
Protocol
Service
Source:
http://www.csc.com/cloud/insights/57785-
into_the_cloud_with_ctp
Scope of TaaS Enterprise or
Client-Specific
RESTful
Web
Service
RESTful Web
CLIENT SPECIFIC
Service
Cloud Cloud
Consumer Provider RESTful
Trust Web
Evidence Service
(Elements of Client
transparency)
CloudTrust
Deployed
Protocol Application
Service Cloud Cloud
Consumer Provider
Client Trust
Evidence
(Partial
ENTERPRISE CloudTrust
elements of
transparency)
Protocol
Service
Source:
http://www.csc.com/cloud/insights/57785-
into_the_cloud_with_ctp
Undecideds…
• Evidence Request category “integrity and
liability verification technique”
– Attest to the content, provenance, and imputability of the
response (with legal import)
– Transmission integrity not sufficient; Require legal liability of
intent to provide response as delivered
• E.g, Surety AbsoluteProof technique
• Final namespace
• Trust package correlation with all
contributing (traditional) security services
• Identity store for transparency service
authorizations
July 2011 | Ron Knode CloudTrust Protocol Orientation
Undecideds…
• EoT extension technique
– Characteristics of specification
– Degree of automation