DMTF,
the organization bringing the IT industry together to collaborate on the
development, validation and promotion of infrastructure management
standards, today announced release of its latest standard: the Cloud
Auditing Data Federation (CADF) Data Format and Interface Definitions
1.0. More than a format, the CADF standard defines a full event model
anyone can use to fill in the essential data needed to certify,
self-manage and self-audit application security in cloud environments.
Potential consumers of cloud deployments need assurance that the
security policies they require on their applications are as consistently
managed and enforced “in the cloud” as they would be in their
enterprise. CADF is an open standard that addresses this need by
enabling cross-vendor information sharing via today’s newly-released
data format and interface definitions. Supporting the federation of
normative audit event data to and from cloud providers, CADF delivers
new levels of insight into the provider’s hardware, software, and
network infrastructure used to run specific tenant applications in a
multi-vendor environment – whether private, public or hybrid.
With a robust query interface that can be extended to reflect the unique
resources of each provider, this standard also defines a means to attach
domain-specific identifiers, event classification values, and tags that
can be used to dynamically generate customized logs and reports for
cloud subscribers or customers. In addition, CADF goes beyond log-based
periodic audits to offer the ability to perform real-time performance
metering and monitoring, which can be used to assure customer
Quality-of-Service.
“Organizations should be able to preserve their investments in the
processes and tooling that provides them with the audit data they need,
regardless of the cloud deployment model or the provider hosting the
application,” said Winston Bumpus, DMTF chair of the board. “Open
standards for cloud auditing data formats, along with open standardized
interfaces for interacting with that data, help assuage security
concerns and allow companies to easily compare the costs of hosting
their application with various cloud providers without losing the
ability to audit them.”
To learn more about the CADF standard and its importance to cloud
infrastructures, please join today's live webinar at 9:00 a.m. US
central time in the DMTF Learning Center at www.dmtf.org/education/webinars.
Industry Support for the DMTF CADF Standard
“As a DMTF board member and an active member of CADF working group,
Fujitsu is pleased with the release of the CADF standard.
Standardization of cloud computing technologies is important to our
users, and we have contributed to the development of various standards
and open-source activities. This significant milestone enables cloud
vendors and open-source communities to provide interoperable auditing
and monitoring of cloud services,” said Hiroshi Nagakura, VP of Strategy
and Technology Division, Platform Strategic Planning Unit, Fujitsu
Limited.
“We are gratified with the rapid adoption of the CADF standard in
support of enhanced auditing features of cloud deployments. This is one
of those features that will make cloud deployments more practical for
serious business use,” said Yoshiki Matsuda, vice president, IT Platform
R & D Management Division, Hitachi, Ltd.
“The release of the DMTF Cloud Auditing Data Federation (CADF) v1.0
standard is a significant step forward in providing enterprise customers
an open standard to reliably audit their critical applications and data
in Cloud deployments providing validation of corporate and industry
compliance,” said Angel Diaz, VP Open Technology and Cloud Performance
at IBM. “CADF, now integrated in OpenStack, also enables the accurate
monitoring of Cloud infrastructures and resources by providing
real-time, analytic data to immediately identify and dynamically adapt
to operational and performance challenges.”
“NetIQ® is pleased to be a contributor to the DMTF's Cloud Auditing Data
Federation standard 1.0 to help define the essential data needed to
audit and certify clouds in a normative, prescriptive manner,” commented
John Delk, vice president, Product Management at NetIQ. “Such standards
are critical for today’s organizations seeking greater security
intelligence on the complex threat landscape and how they impact
security postures and organizational risk.”
Detailed information on all of DMTF standards can be found at www.dmtf.org/standards.
Those interested in supporting and joining DMTF’s efforts to identify
and create standards can be found at www.dmtf.org/join.