Welcome!

News Feed Item

DMTF Releases Cloud Auditing Data Federation Standard

DMTF, the organization bringing the IT industry together to collaborate on the development, validation and promotion of infrastructure management standards, today announced release of its latest standard: the Cloud Auditing Data Federation (CADF) Data Format and Interface Definitions 1.0. More than a format, the CADF standard defines a full event model anyone can use to fill in the essential data needed to certify, self-manage and self-audit application security in cloud environments.

Potential consumers of cloud deployments need assurance that the security policies they require on their applications are as consistently managed and enforced “in the cloud” as they would be in their enterprise. CADF is an open standard that addresses this need by enabling cross-vendor information sharing via today’s newly-released data format and interface definitions. Supporting the federation of normative audit event data to and from cloud providers, CADF delivers new levels of insight into the provider’s hardware, software, and network infrastructure used to run specific tenant applications in a multi-vendor environment – whether private, public or hybrid.

With a robust query interface that can be extended to reflect the unique resources of each provider, this standard also defines a means to attach domain-specific identifiers, event classification values, and tags that can be used to dynamically generate customized logs and reports for cloud subscribers or customers. In addition, CADF goes beyond log-based periodic audits to offer the ability to perform real-time performance metering and monitoring, which can be used to assure customer Quality-of-Service.

“Organizations should be able to preserve their investments in the processes and tooling that provides them with the audit data they need, regardless of the cloud deployment model or the provider hosting the application,” said Winston Bumpus, DMTF chair of the board. “Open standards for cloud auditing data formats, along with open standardized interfaces for interacting with that data, help assuage security concerns and allow companies to easily compare the costs of hosting their application with various cloud providers without losing the ability to audit them.”

To learn more about the CADF standard and its importance to cloud infrastructures, please join today's live webinar at 9:00 a.m. US central time in the DMTF Learning Center at www.dmtf.org/education/webinars.

Industry Support for the DMTF CADF Standard

“As a DMTF board member and an active member of CADF working group, Fujitsu is pleased with the release of the CADF standard. Standardization of cloud computing technologies is important to our users, and we have contributed to the development of various standards and open-source activities. This significant milestone enables cloud vendors and open-source communities to provide interoperable auditing and monitoring of cloud services,” said Hiroshi Nagakura, VP of Strategy and Technology Division, Platform Strategic Planning Unit, Fujitsu Limited.

“We are gratified with the rapid adoption of the CADF standard in support of enhanced auditing features of cloud deployments. This is one of those features that will make cloud deployments more practical for serious business use,” said Yoshiki Matsuda, vice president, IT Platform R & D Management Division, Hitachi, Ltd.

“The release of the DMTF Cloud Auditing Data Federation (CADF) v1.0 standard is a significant step forward in providing enterprise customers an open standard to reliably audit their critical applications and data in Cloud deployments providing validation of corporate and industry compliance,” said Angel Diaz, VP Open Technology and Cloud Performance at IBM. “CADF, now integrated in OpenStack, also enables the accurate monitoring of Cloud infrastructures and resources by providing real-time, analytic data to immediately identify and dynamically adapt to operational and performance challenges.”

“NetIQ® is pleased to be a contributor to the DMTF's Cloud Auditing Data Federation standard 1.0 to help define the essential data needed to audit and certify clouds in a normative, prescriptive manner,” commented John Delk, vice president, Product Management at NetIQ. “Such standards are critical for today’s organizations seeking greater security intelligence on the complex threat landscape and how they impact security postures and organizational risk.”

Detailed information on all of DMTF standards can be found at www.dmtf.org/standards. Those interested in supporting and joining DMTF’s efforts to identify and create standards can be found at www.dmtf.org/join.

About DMTF

DMTF standards enable effective management of IT environments. The organization is comprised of industry-leading member companies that collaborate on the development, validation and promotion of infrastructure management standards. These standards specify well-defined interfaces that collectively deliver complete management capabilities. DMTF standard interfaces are critical to enabling interoperability among multi-vendor IT infrastructures, and systems and network management including cloud, virtualization, desktop, network, servers and storage. DMTF spans the globe with member companies and organizations representing varied industry sectors. The DMTF board of directors is led by 17 industry-leading technology companies including: Broadcom Corporation; CA Technologies; Cisco; Citrix Systems, Inc.; Dell; Emerson Network Power; Fujitsu; Hitachi, Ltd.; HP; Intel Corporation; Microsoft Corporation; NetApp; Oracle; Software AG; SunGard Availability Services; Telecom Italia and VMware, Inc. Information about the organization, its technologies and activities can be found at www.dmtf.org.

Copyright© 2014 NetIQ Corporation. All Rights Reserved. NetIQ and the NetIQ logo are trademarks or registered trademarks of NetIQ Corporation in the USA. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists discussed...
After more than five years of DevOps, definitions are evolving, boundaries are expanding, ‘unicorns’ are no longer rare, enterprises are on board, and pundits are moving on. Can we now look at an evolution of DevOps? Should we? Is the foundation of DevOps ‘done’, or is there still too much left to do? What is mature, and what is still missing? What does the next 5 years of DevOps look like? In this Power Panel at DevOps Summit, moderated by DevOps Summit Conference Chair Andi Mann, panelists loo...