DMTF Releases Cloud Auditing Data Federation Standard
New data format and interface definitions ease cloud security concerns and preserve critical process investments.
DMTF has announced release of its latest standard: the Cloud Auditing Data Federation (CADF) Data Format and Interface Definitions 1.0. More than a format, the CADF standard defines a full event model anyone can use to fill in the essential data needed to certify, self-manage, and self-audit application security in cloud environments.
Potential consumers of cloud deployments need assurance that the security policies they require on their applications are as consistently managed and enforced “in the cloud” as they would be in their enterprise. CADF is an open standard that addresses this need by enabling cross-vendor information sharing via today’s newly-released data format and interface definitions. Supporting the federation of normative audit event data to and from cloud providers, CADF delivers new levels of insight into the provider’s hardware, software, and network infrastructure used to run specific tenant applications in a multi-vendor environment – whether private, public, or hybrid.
With a robust query interface that can be extended to reflect the unique resources of each provider, this standard also defines a means to attach domain-specific identifiers, event classification values, and tags that can be used to dynamically generate customized logs and reports for cloud subscribers or customers. In addition, CADF goes beyond log-based periodic audits to offer the ability to perform real-time performance metering and monitoring, which can be used to assure customer Quality-of-Service.
“Organizations should be able to preserve their investments in the processes and tooling that provides them with the audit data they need, regardless of the cloud deployment model or the provider hosting the application,” said Winston Bumpus, DMTF chair of the board. “Open standards for cloud auditing data formats, along with open standardized interfaces for interacting with that data, help assuage security concerns and allow companies to easily compare the costs of hosting their application with various cloud providers without losing the ability to audit them.”
Detailed information on all of DMTF standards can be found at www.dmtf.org/standards. Those interested in supporting and joining DMTF’s efforts to identify and create standards can be found at www.dmtf.org/join.
This article was originally posted “Data Center Platform from Cloudistics®” from Cloud Strategy Magazine.