Transcript Cloud Security Alliance

Cloud Security Alliance
Overview and Organizational Plans
Jim Reavis, Co-founder & Executive Director
August 5, 2009
Agenda
•
•
•
•
About the Cloud Security Alliance
Organizational Structure
Membership
Projects
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
About the Cloud Security Alliance
•
•
Global, not-for-profit organization
•
We believe Cloud Computing has a robust future, we
want to make it better
Inclusive membership, supporting broad spectrum of
subject matter expertise: cloud experts, security,
legal, compliance, virtualization, and on and on…
“To promote the use of best practices for providing security assurance
within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Organizational Structure
• Board of Directors
•
Jerry Archer, CISO Intuit
•
Alan Boehme, EVP ING
•
Dave Cullinane, CISO eBay
•
Paul Kurtz, Good Harbor
•
Nils Puhlmann, Co-founder
•
Jim Reavis, Co-founder
• Executive Committee
• Solution Provider Advisory Council
• Volunteer Working Groups
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Getting Involved
• Individual Membership (free)
• Subject matter experts for research
• Interested in learning about the topic
• Administrative & organizational help
• Corporate Members
• Help fund outreach, events
• Solution Provider Advisory Council
• Affiliated Organizations (free)
• Joint projects in the community interest
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Current corporate members
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Current affiliates
Cloud-Standards.org
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Individual Members
•
•
•
3,512 as of August 3rd
Broad Geographical Distribution
Active Working Groups
•
•
•
•
Editorial
•
•
•
•
•
•
Legal & E-Discovery
Educational Outreach
Architecture
Governance, Risk Mgt, Compliance, Business
Continuity
•
New Working Groups
•
•
•
•
Healthcare
Cloud Threat Analysis
US Federal Government
Financial Services
Portability, Interoperability and Application Security
Identity and Access Mgt, Encryption & Key Mgt
Data Center Operations and Incident Response
Information Lifecycle Management & Storage
Virtualization and Technology Compartmentalization
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Key Challenges
• We aren’t moving to the cloud.. We are reinventing in the
cloud
•
•
•
•
•
Accelerated pace of change
Globalization
Massive multi-tenancy
Pressure on traditional organizational boundaries
Challenges traditional thinking
•
•
•
How do we build standards?
How do we create architectures?
What is the ecosystem required to managed, operate, assess and audit cloud
systems?
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Project Roadmap
•
April 2009: Security Guidance for Critical Areas of Focus for
Cloud Computing – Version 1
•
•
July 2009: Version 1 translated into Japanese
•
•
•
•
October 2009: Top Ten Cloud Threats (monthly)
October 2009: Security Guidance for Critical Areas of Focus for
Cloud Computing – Version 2
November 2009: Provider & Customer Checklists
December 2009: eHealth Guidance
Global CSA Executive Summits
•
Q1 2010 – Europe
• Q1 or Q2 2010 - US
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Summary
• Cloud Computing is real and transformational
• Challenges for People, Process, Technology,
Organizations and Countries
•
•
•
Broad governance approach needed
Tactical fixes needed
Combination of updating existing best practices and
creating completely new best practices
• Common sense not optional
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Call to Action
•
•
Join us, help make our work better
•
•
•
Hold regional CSA meetups
Discussions & announcements on LinkedIn &
GoogleGroups
Volunteer for existing research
Brainstorm new research initiatives
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Contact
•
•
•
•
www.cloudsecurityalliance.org
[email protected]
Twitter: @cloudsa, #csaguide
LinkedIn: www.linkedin.com/groups?gid=1864210
Copyright © 2009 Cloud Security Alliance
www.cloudsecurityalliance.org
Thank You!
www.cloudsecurityalliance.org