Transcript Building Trust into the Next Generation of Information Technology Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org.

Building Trust into the Next Generation of
Information Technology
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
About Us
• Global, not-for-profit, 501(c)6 organization
• Over 29,000 individual members, 120 corporate members, 60 chapters
• Building best practices and a trusted cloud ecosystem
• Agile philosophy, rapid development of applied research
•
• Balance compliance with risk management
• Reference models: build using existing standards
• Identity: a key foundation of a functioning cloud economy
• Champion interoperability
• Enable innovation
• Advocacy of prudent public policy
Launching Innovation Initiative at RSA 2012
“To promote the use of best practices for providing security assurance within Cloud
Computing, and provide education on the uses of Cloud Computing to help
secure all other forms of computing
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Rationale
• The traditional market has produced inadequate information
security for our community of users
• Innovators at all levels must navigate a highly inefficient system to:
• Reach customers in beta and release forms of product
• Develop “built in”, not “bolted on” security integration
• Integrate strong security in to all of their solutions
• Efficiently gain access to capital early on and for expansion
• Implement go to market strategies to reach the customers
• Alter existing solutions to address the unique requirements of
The Cloud and our community
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Our Mission
• To accelerate delivery of a trusted cloud ecosystem
• Identify key structural issues related to trust and security that will
inhibit the adoption of next generation information technology.
• Articulate the guiding principles and objectives that IT innovators
must address.
• Incubate technology solutions that align with our principles and
address the systemic gaps we have identified.
• Mission will take two forms
• Working Group inside of CSA
• For–profit entity working with innovators and other stakeholders
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
New
Venture
Successful
incubations
Candidate
solutions and
interested
experts,
customers
Innovation WG
•Public & Global
•Crowdsourcing
•Pain points
•Opportunities
•Venture Lead
Generation
CSA Newco
•CSA Licensed
Brand
•For Profit
•Boot Camps
•Focus Groups
•Biz Dev Strategy
•Private
Consultation
•Equity Stake
Copyright © 2011 Cloud Security Alliance
•Vetted by CSA
experts
•Built in customers
•Incubated rapidly
VCs
CSA Newco partners
www.cloudsecurityalliance.org
Tools CSA Provides Today
• Assessment
•
•
•
•
•
User Certifications
Best Practices
Provider Assessments
Procurement
Standards Creations
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
•Innovators develop
relevant solutions
with or without
CSA assistance
R&D
Assign
•CSA II working
group assesses the
value of the
solution within
community
Copyright © 2011 Cloud Security Alliance
•CSA II working
group recommends
resources to
innovator
Deliver
www.cloudsecurityalliance.org
Our Community Task
• Create a new initiative to speed the delivery of innovative
•
•
•
•
security solutions to our community and to the broader market
Create new efficiencies between innovators, our community,
capital and go to market expertise
Provide tools, forums, and resources to innovators to overcome
market inefficiency
Our job is to ensure that security is built in to the next generation
of IT (Cloud, Mobile, Social)
Have innovation occur more quickly and be vetted by the
community getting solutions to market faster
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Sample Opportunities to Address
• Group purchases or contracts to legitimize a desired solution
• Formalize the feedback loop between innovators, CISOs and
•
•
•
•
capital to get the highest likelihood of success
“Raise the bar” from existing IT approaches
Providing direction and value to innovators while respecting their
need for confidentiality
Helping innovators understand the complexity and differences in
solving for The Cloud
Provide innovators the tools to leverage more agile feedback
loops and crowd sourcing for some solutions
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Sample Opportunities to Address
• Provide innovators the resources to speed time to market and
•
•
•
•
scale for Cloud level deployments
Ensure “hardened” products by beta testing in the community
Match innovators with partners researching similar solutions to
find synergy and speed time to market
Working group and focus groups to provide current status
feedback and future feature functionality request
Providing direction and value to innovators while respecting their
need for confidentiality
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Sample Challenges to Address
• For capital, solve for the “adverse selection process” (if
•
the idea is good, everyone wants to invest but only a few
can invest creating dilution in second and third tier
competitive investments).
Marrying capital to the potential innovations which would
best serve the community as opposed to the adverse
selection dynamic today.
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Questions to Address for the Community
• What specific and hierarchical value does the community desire
•
•
in innovation over the next 18 to 36 months?
In what ways can the existing community assist innovators?
(i.e. beta testing, group purchasing or contracts, crowdsourcing
solutions unique to the cloud, providing feedback, advice and
expertise)
What specific benefits would the community want to see from
this initiative and is there a hierarchical ranking of benefits?
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Questions to Consider From the Innovators
• What issues do they believe prevent them from bringing great
•
products to market quickly?
How can CSA change this?
•
•
•
Customers
Feedback to create and modify product roadmaps?
Crowdsourcing?
•
•
•
First beta opportunities?
Premium support or access?
Roadmaps and features and benefits input
• What should and can they offer to CSA for our support?
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
What are we asking of you?
• We want to create an initial CSA II Task Force to help create and
•
•
•
•
vett the charter for the permanent CSA II (non-profit) Working
Group
Create the process for defining the for profit entity
Have key people commit
Socialize the idea with innovators, community members, capital
providers and successful CEOs and operating executives
Recruit a small number of volunteers from an appropriate cross
section of vested interests to help formulate a “straw man” to be
discussed by the community at RSA
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
RSA Meeting Goal
• Formalize the CSA II working group charter and members
• Have the working group develop a set of milestones for a launch
of the Innovation Initiative:
•
•
•
•
•
•
•
•
Goals and mission
Responsibilities
Resources required
Action items and commitments
Deliverables and deadlines
Communications
Announce the new working group to the entire community
Discuss for profit entity and identify tasks and people to initiate
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Help Us Launch The Innovation Initiative
• Volunteer to build the straw man with us pre RSA
• Participate in person at a meeting during RSA to be scheduled
with interested volunteers
• Participate in on-going meetings, teleconferences or specialized
task forces within the initiative post RSA
Contact:
Dennis Cline ([email protected])
(856) 287-0268
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org