This year’s theme is “Have a safe journey” and features thought leaders such as Jim Reavis from CSA and Tim Grance from NIST, in a full day’s programme bringing CXO attendees through security issues surrounding Cloud Computing.
CloudSec 2012 was held at Raffles City Convention Centre in Singapore on 15 August.
I sat through a panel discussion over lunch that shed some light on the thoughts that Reavis, Grance and Nicholas Tan (VMware) had on cloud security.
Jim Reavis, Co-founder & Executive Director Cloud Security Alliance (CSA)
One opinion that may come as a surprise to many people is Reaves’ belief that the choice of whether a company should adopt a private, public or hybrid cloud should not be driven by security alone, which is what most people would use as the immediate and main consideration, if not the sole determinant for their decision.
He felt that security could be a red herring in deciding between the different types of cloud implementation.
Instead, the decision should be based on compliance (regulations on cloud use and location of data centres), performance (whether on-premise servers are needed to reduce latency) and legacy support (transition from existing IT architecture).
Timothy Grance, Senior Computer Scientist, National Institute of Standards and Technology (NIST)
Grance added that all the models are viable and the choice also involved the need for scale, which has to be balanced with the risk appetite of the organisation making the choice.
All the panelists were unanimous that, in reality, the considerations for security for cloud is no different from traditional systems, although the specific technology employed may be different.
Whether your systems are on a cloud or not, you would be facing threats, you still need to be vigilant, you still need to be rigorous about security, and you’d still need quality people to design and operate the system.
Last year’s CloudSec 2011 at The Sheraton Towers saw more than 300 participants examining the theme of “Have a vision not clouded by fear”.
This year, Trend Micro made the event bigger with more than 500 showing up at the Raffles City Convention Centre on 15 August.
This year’s core theme of “Have a safe journey” highlights how organisations are no longer debating about cloud adoption, but are embracing the reality that cloud is here to stay.
There is therefore a need to embrace best practices and technologies to secure physical, virtual and cloud infrastructure efficiently and effectively.
Trend Micro announced that it has expanded its Smart Protection Network to incorporate advanced big data analytic capabilities to identify new security threats across a broader of data sources, delivering global threat intelligence that stops threats even faster than before.
The Cloud Security Alliance (CSA) also announced that it will establish its new CSA corporate headquarters in Singapore, under an effort led by the Infocomm Development Authority of Singapore (IDA), Singapore Economic Development Board (EDB), and Trend Micro.
The CSA will undertake a three-year strategic private-public partnership with support from the Singapore government to further the security of cloud computing.
As part of the agreement, the CSA will establish a Global Research Centre, Global Standards Secretariat, and Global Centre of Excellence for CCSK training and education in Singapore.
Tags: cloud, cloud computing, CloudSec, CSA, EDB, enterprise IT, hybrid cloud, IDA, NIST, private cloud, public cloud, security, Trend Micro, VMware