November 7 and 8th, 2012, Orlando Florida was again the host for the 2012 Cloud Security Alliance Congress. The Cloud Security Alliance or CSA is a not for profit organization that seeks to promote best security practices to provide assurance for the Cloud. The CSA has been organized for a few years now and continues to grow. It’s involvement with organizations such as ISO, NIST, the European Union and others continue to grow. In fact, it held it's first ever EMEA Congress this year, and it has opened offices in Singapore. The CSA is growing very quickly and is widely being recognized for its leadership role in cloud security. I was again able to attend the CSA Congress in Orlando this year and wanted to speak briefly about one of the keynote speakers, Mr. Dave Cullinane, CEO of Security Starfish LLC. The subject of his speech was the need for the security industry to improve its collaboration as it pertains to attacks and threats. He discussed how those that are perpetrating fraud and cyber attacks are heavily engaged in collaboration. They exchange information, they discuss what attacks work well, what technology and tools are available and how to use them. Conversely, the private and public sectors are reticent to acknowledge, discuss or share details of the threats and incidents that they routinely encounter. His argument was that we, as security professionals and businesses need to change that. We need to find ways to protect our intellectual property and the interests of our businesses, yet still be able to share our combined knowledge and experience with each other. I thought it was an excellent presentation and an idea that I wanted to look into, hence my reason for sharing it with you here.
The Internet has and is rapidly changing everything, and cloud services are certainly leading the way in this change and the Cloud Security Alliance is certainly on the leading edge of a collaborative effort to develop a more secure cloud services environment. NICE recognized years ago the important role that of providing assurance through the Trust Principals of Security, Privacy, Confidentiality, Processing Integrity and Availability and that one of the best ways for NICE to develop that assurance would be to associate with and be actively involved in organizations such as the Cloud Security Alliance.
Whether you are a Cloud Service Provider or a Cloud User, I would encourage you to get involved. The CSA is a method open to cloud users and providers and offers guidance for both groups in addition to being a resource for finding and being involved in other security centered organizations and initiatives. I am currently a co-chair for the CSA Subject Matter Experts Council, if you have an interest in the CSA, but do not know where to begin, please contact me. I would be happy to help find answers to questions you might have about the Cloud Security Alliance.
