There is currently an urgent need for customers of cloud computing and third party IT services to be able to make an objective comparison between providers on the basis of their security features. As ENISA’s work on cloud computing, has shown, security is the number one concern for many businesses and governments. Existing mechanisms to measure security are often subjective and in many cases are bespoke solutions. This makes quantifiable measurement of security profiles difficult, and imposes the need to apply a bespoke approach, impacting in time, and of course cost. The CAM aims to bridge the divide between what is available, and what is required. By using existing standards that are often industry specific, the CAM will provide a singular approach of benefit to all organisations regardless of geography or industry.

The project team anticipate delivery of the framework in late 2010 followed by a process towards global adoption for organisations wishing to obtain an objective measurement of security provided by cloud providers, as well as the level of security for systems hosted internally.