Cloud Security Alliance Innovation Initiative (CSA II)
Working GroupProposal
Executive Overview
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology. CSA-II has a mission to:
- Identify key structural issues related to trust and security that will inhibit the adoption of next generation information technology.
- Articulate the guiding principles and objectives that IT innovators must address.
- Help innovators incubate technology solutions that align with our principles and address the systemic gaps we have identified.
CSA II Scope and Responsibilities
The working group will be responsible for several primary tasks. These will include but are not limited to the following:
1)Create consensus lists or security gaps existent in the industry that technology innovation shows promise to address
2)Communicate the availability of CSA tools to innovators
3)Consider and review innovator’s proposals to work with CSA II to assess their technology and provide resources above and beyond those CSA tools available to the global community
4)Form “task forces” of community CIOs/CISOs, mentors and thought leaders to work with specific innovators and make recommendations to them as to improve their products and/or time to market capabilities.
5)Work with Governments, agencies and academicinstitutions to assist with standards and programs which would further the mission of CSA II.
6)Work with, for profit entities, which further the mission of CSA II or which closely, align themselves with CSA.
Peer Review
We should have a process for peer review in some fashion similar to other CSA working groups. Unlike traditional academic peer review, the CSA II will probably require outside perspective as to effectiveness of the scope of activity measured against the mission and charter of the group. Some of this should come from internal key performance indicators (KPIs) and some should come in the form of gap analysis of tasks we are not performing (lost opportunity cost, view). Internal CSA groups to perform peer review should include the Standards Secretariat and the Subject Matter Expert Working Group.
Deliverables
The proposed deliverables could include the following:
1)A permanent sub committee to create and implement outreach efforts to communicate to innovators the existence of CSA, CSA II and its tools and services.
2)A standing group or other process (possibly rotational schemes) to evaluate proposals from innovators to become actively supported or reviewed by the CSA II working group.
3)A process for referring innovators either internally to CSA II sub committees or to external partners or contacts.
4)A rotating sub committee of CIOs/CISOs, Capital partnersand technologist who meet with the vetted innovators to provide feedback to specific products or services that have been developed or are proposed to be developed. The feedback will be formalized and shared with the evaluation group to create a database of considered and evaluated technology, products and services.
5)A closed loop system for aggregating data from both internal and external referrals and outcomes to measure the effectiveness of the toil working group’s efforts.
6)Working with Governmental bodies and academic and standards bodies to ensure that CSA II data is incorporated in to standards.
The CSA II should deliver an ongoing stream of innovators and their companies in to the CSA community. The mission of the group can be met by bringing agreed upon numbers of innovators in to the CSA II process and measuring to outcomes.
The deliverables may come in the form of a report on an annual basis to the CSA from the working group providing the key metrics of performance and the measurable outcomes.
Infrastructure and Resource Requirements
The CSA II will require the following from CSA:
1)Centralized coordination of annual and quarterly meetings among any other groups or members who might have a vested interest in the CSA II work.
2)An analyst or researcher to continuously build the database of knowledge as we bring innovators and ideas through the CSA II for evaluation. In addition, tracking outcomes to see where and to what degree the CSA II efforts are affecting outcomes for products and services that go to market.
3)Promotion of the existence of CSA II among the larger CSA community and to target audiences outside of CSA.
Communication Methods
The communication methods will initially include announcing the formation of the CSA II to the CSA community and to the larger security community at RSA. On an on-going basis the working group will communicate by: (here is where we need some ideas bases on others past successes)
Duration
The CSA II should remain a permanent working group. That recommendation is conditioned upon the measurable and database review establishing that the group is indeed delivering upon its mission to influence and assist innovators.