Feeds

Cloud Security Alliance crosses the Pond

Bringing cloud to the masses

Top three mobile application threats

“The cloud agenda has to move beyond the security field and into business,” says Jacqui Taylor, freshly minted director of communications for the UK and Ireland wing of the Cloud Security Alliance (CSA).

“There is an education process that has to be done, and it needs an independent voice. That is where we come in.”

A not-for-profit organisation, the CSA was set up in the US to establish and promote best practice for IT security in cloud computing.

Local heroes

The launch of the local chapter, CSA UK & Ireland, earlier this year was prompted by a recognition that the issues raised by cloud computing vary hugely across regions, and that local context is needed to provide the best guidance to members.

But even this remit is too narrow.

“We held a meeting at Infosec this year,” Taylor says. “Something like 80 or 90 people came and most stayed for the whole debate. We are still pulling together all the strands from that, but it is clear that we are not at the point where we can focus just on IT security professionals.”

Cloud is now a mainstream proposition, attracting interest from users outside IT: teachers, small businesses, parents and executives.

“Cloud can deliver what a business needs, while it still needs it. We are not talking two or three years development time, but months or even weeks from someone having an idea to being able to realise it,” Taylor says.

“In my day job, we see much less technical involvement in these projects. It used to be maybe 80 per cent IT, 20 per cent management. Now it is the other way round, and that is going to increase as generation Y comes into the workplace. They don’t have a background of doing it the hard way.”

Age of innocence

The explosion of mainstream interest in cloud means it is necessary to take a step back and “re-do cloud 101”. It is also dangerous to assume too much technical knowledge.

“I don’t think we realised when we launched how much we had to explain. The brief is wider in terms of our members,” Taylor says.

"We see people who are using cloud but have no idea they are doing so”

“Before 2011, I don’t think we were having these debates. It was all very industry focused. We are still dealing with early adopters, but the curve is growing. We see people who are using cloud but have no idea they are doing so.”

The members of the CSA UK & Ireland board come from a range of backgrounds. Some, such as Peter Wood, are dyed-in-the-wool IT security professionals; Amanda Goodyear works in security in government and Benedict Olaoya works in the NHS.

It means that in the course of their normal work they confront just about every issue cloud computing can raise, and bring that experience to the alliance.

Free speech

It also means president Des Ward can draw on a good roster of speakers to help pursue the next goal: that no cloud or security-related conference agenda should be without one of the alliance members appearing as a speaker.

The task now is to sift through the mountains of feedback and suggestions for research. “I’d love to tell you what is on the list, but the shortlist has 45 proposals still. We need to prioritise,” says Taylor.

She adds that the organisation also aims to make information available on the web site.

“We will start by collecting the information that is already there and making it available to people who want to use it,” Taylor says.

“That includes material from presentations any of our board members make, but we will develop new material, too, such as whitepapers, presentations and so on.

“We want to be the first resource for people who want to know about security and the cloud.” ®

Seven Steps to Software Security

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.