Just a few weeks ago I had the honor of presenting a keynote at the Cloud Security Alliance (CSA) Congress 2012 in Orlando, Florida. My talk focused on the cloud security themes and topics that have been top of mind for Chief Information Security Officers (CISOs) and other security professionals that I have been talking to about cloud security.
Several trends have been influencing the ways security professionals have been thinking about the roles that Information Technology (IT) plays in their organizations and how associated risks are managed. The consumerization of IT, Big Data, the evolution of consumer privacy, targeted attacks, governments’ roles in cybersecurity, are all influencing conversations about IT and cloud computing.
Frank Simorjay and I on stage at CSA Congress 2012
I was joined on stage by Frank Simorjay, a Senior Product Marketing Manager from Trustworthy Computing at Microsoft. Frank demonstrated a new free tool that Microsoft recently released called the Cloud Security Readiness Tool. I plan to write an article on this tool in the near future, but in a nutshell, it allows you to take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.
The Cloud Security Readiness Tool available at: http://technet.microsoft.com/en-US/security/jj554736
While at the CSA Congress 2012, I also participated on a panel discussing the topic of Big Data. I had the good fortune of being on this panel with several experts in this field including Arnab Roy (Researcher, Fujitsu Laboratories of America), Russell Dietz (CVP and CTO SafeNet Inc.), Todd Thiemann (Senior Director, Vormetric Inc.), and Steve Warner (Technical Fellow, R&D Manager and Chief Scientist, Northrop Grumman Information Systems). During this panel discussion the topic of Differential Privacy (DP) came up. Essentially this approach adds noise to the results of database queries in an effort to help prevent results of queries from being linked to other data that could later be used to identify individuals. This is a very interesting topic in the context of Big Data. If you are interested in learning more about Differential Privacy, Microsoft recently published a new whitepaper on this topic.
At the conference I had the opportunity to meet and talk with many people from different organizations who are either already using the cloud or in the process of evaluating cloud services. Cloud security topics such as security controls, security standards, compliance, auditing, were the themes of most of these conversations. It’s clear that transparency continues to be a critical ingredient in successful partnerships between cloud providers and their customers.