At the RSA conference this week, the Cloud Security Alliance (CSA) held a half-day summit which served as the venue for the global introduction of several research projects, including research on governance, cloud security reference architectures and cloud-specific computer security incident response teams. The emphasis of the conference on cloud computing security indicates the importance of this area for mainstream adoptions of cloud computing by organizations. Cloud computing, which moves on-premise organizations resources into a shared virtual environment, has become appealing to organizations of all sizes because of its scalability, increased efficiency, and potential cost savings.
The Summit was kicked off with a keynote from the CEO of one of the industry’s leading cloud service providers, Marc Benioff of Salesforce.com.
Benioff introduced his vision of ‘Cloud 2’. “The best days are still very much ahead of us in this industry”, he told the audience.
As social networking goes beyond email, and next-generation internet and applications emerge, “people are changing not only what they are doing online, but how they are doing it”, he said.
“For the first time, we have seen an instance of PC shipping numbers dropping, as we move into the year of the tabloid. This is one of the most exciting technology opportunities of our time”, Benioff argued, as he explained his belief that security and innovation are very closely linked”.
Salesforce.com, and its launch of ‘Chatter’ – a Cloud 2 initiative, a collaboration application for the enterprise to connect and share information securely with people at work in real-time, “is moving us into a social, mobile, more open cloud. The new question we should be asking is ‘why isn’t all enterprise software like Facebook’?”
With continuously new innovations in the cloud, new security threats are popping up, and CSA is being proactive and trying to respond to the ever growing security threats. According to Jim Reavis, executive director of CSA, “We have learned from previous technical innovations that we cannot ignore security, We are dealing with such accelerated innovation in the cloud that there will continue to be a lot of risk if we don’t maintain eternal vigilance.”
In addition, CSA has put together an incident response research program with cloud providers and security experts. This response research program will gather, share, and collaborate on security threats incidents, to find the best suited remedy. CSA has also established in September 2011 a certification program for cloud IT professionals. The test is based on the information contained in the best practice guide, “Guidance for Critical Areas of Focus in Cloud Computing”, the cloud computing security issues contained in this work will help IT professionals better understand what questions to ask, current recommended practices, and potential mistakes to avoid. CSA has done little to promote this certification, but it plans to extend it to include more technical cloud computing material.