Two years ago I edited the Cloud Security Alliance’s Guidance (v2.1) with a couple other folks, and it nearly ended me. Pulling together a consensus with such a diverse group of global contributors, each running with very few constraints, lead to… certain quality issues.

The CSA learned their lesson and Version 3.0 is under much better control. Aside from a lot more consistency and dedicated editors (our own Chris Pepper edited v2.1), the process is much better organized.

Many groups have finished their initial work (including mine: Data Security) and the documents are up for public review. You can see the drafts and submit comments.

I highly encourage you to get involved if you are interested in cloud security at all. This Guidance will probably live for 2-3 years, and it is already used extensively by end users and vendors to help guide their projects.

I could also use some specific review in my domain (Information Management and Data Security):

  • What do you think of the new lifecycle?
  • Did we capture the right controls?
  • Is the technology depth where it needs to be?
  • Did we balance the practical with the strategic?

If you don’t want to go through the full track-changes thing, feel free to email me directly or comment here.