lir annual seminar

www.cloud-security.org.ukCopyright © 2012 Cloud Security Alliance – UK & Ireland

Liberty Hall, Dublin March 30th 2012

LIR Annual Seminar

http://www.cloudsecurityalliance.org/


Brian HonanCSA - UK & Ireland Chapter

Is the future secure?




Cloud Security Alliance• Global, not-for-profit organization• Over 23,000 individual members, 100 corporate

members, 50 chapters• Building best practices and a trusted cloud

ecosystem• Agile philosophy, rapid development of applied

research• GRC: Balance compliance with risk management• Reference models: build using existing standards• Identity: a key foundation of a functioning cloud economy• Champion interoperability• Enable innovation• Advocacy of prudent public policy

“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud

Computing to help secure all other forms of computing.”





UK & Ireland chapter• Over 2,000 individual members• Focused on Information Risk

Management

“To provide the guidance and tools required to allow business and home users of cloud services to manage risks to their information in order to embrace the opportunities afforded by the

interconnected information society of the 21st century.”





…from the Knights Templar to Jeremy Clarkson, onto James May and beyond!

We’re going on a journey…





What is it to be secure?“the state of being free from danger or threat”





• The original ‘trust authority’

• Conveyed money around the middle east during the crusades

• Founders of modern banking systems…

• …which are based on trust

Why the Knights Templar?…





• Money isn’t real• You trust the bank to pay you –

based on a promise!

Trust in modern banking…





• The bank teller model worked for centuries

• Until the 1990’s• When trust moved…

…is it misplaced?





• Web 2.0 creates new challenges…

• …for which we create new controls

• Which surely enhance security?

• Enter our second guest…

Are we keeping up?





• Published bank details after HMRC breach in 2008

• Direct debit setup to make charitable contribution

“The bank cannot find out who did this because of the Data

Protection Act and they cannot stop it from happening

again”Jeremy Clarkson

Remember Jeremy Clarkson?…





What does this prove?• That the boundaries have moved• Security no longer exists as we

understand it• That technology can’t be controlled

using traditional thinking• That we need to evolve our thinkingTime for our third guest…





• Understanding your assets allows tangible benefit

• Defined frameworks are required

• Requires constant re-evaluation to achieve goals

Enter James May!





So what about the future?• You’re here, now!• The line between consumerisation

and business is dissolving rapidly• Technology and adoption evolves

faster than ever before• Risks are not to be feared, but

managed• Compliance will not help you!





So where do we start?• Ask questions about your business• Determine the information assets

being used• Don’t assume control context• Determine the information risks you

need managing• Determine responsibility for operating

controls• Ensure metrics measure desired

control performance





Want to know more?Have your say and be heard in the Cloud discussion

• Joining us is free• Join at www.cloud-security.org.uk • Email me on

[email protected]• Follow us on twitter: @CSAUKEire



http://www.cloud-security.org.uk/

mailto:[email protected]

lir annual seminar

Documents

security assurance

uses of cloud computing

home users of cloud

swhen trust

information risk management

knights templar

use of best practices

individual membersfocused