The goal of Cloud Security Audit is to provide a common interface and namespace that allows enterprises who are interested in streamlining their audit processes as well as cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.
The benefits to the Cloud Service Provider are to enable the automation of typically one-off labor-intensive, repetitive and costly auditing, assurance and compliance functions and provide a controlled set of interfaces to allow for assessments by consumers of their services.
We at Vserv intend not to be prescriptive as to the mechanisms used to gather the data or how these interfaces are presented, but rather provide a consistent representation to the consumer and the tools they choose to utilize. We will focus initially on representative schema and data structures mapped to existing compliance, security and assurance frameworks.