IGT2008 World Cloud Computing Summit Videos Now Online
Shortly before the holiday break, I presented my take on Cloud Computing and Security at the IGT2008 World Cloud Computing Summit in Tel Aviv, Israel.
This was a great conference for me personally as it was an opportunity to meet face to face with some very smart people that are passionate about the Cloud. It also provided an even greater insight into the steamroller that is the Cloud - company after company lining up to either “Clouderize” their current offerings or in most cases, “doing something new”. I met a few startups looking to solve some tricky problem including a stealth mode security outfit looking to provide enhanced security for SaaS (I can’t say more right now but watch this space).
The main thrust of my talk was that there needs to be a deeper conversation about the security implications of Cloud Computing and Cloud Services in general. That’s not because I think there is anything innately insecure about Cloud offerings, more that we are venturing into the great unknown with layers of offerings, greater trust transitivity and new (and old) technologies meshed together in ways we frankly don’t understand. We need to progress the dialogue beyond crying out that the ‘Cloud is insecure’ or just saying ‘the biggest Cloud issue is security’ and get into the nitty gritty details. But my argument is we can only do that if the providers engage in that conversation. It’s one of the reasons I encourage Cloud providers to reach out and talk security - most large enterprises have responsibilities that mean they cannot treat the Cloud as a black box.
The 25 minute talk is split into 2 parts:
- after a brief intro - I believe I was the only one there not representing a company - I laid out what I mean by ’security’. As this wasn’t an information security conference and there was a wide range of people present, I wanted to lay out what I mean by “information security” to provide context for what was to follow. If you’ve been “doing” enterprise security for years, you can safely skip the first 10 minutes (unless you want to critique me!).
- the second half focused on the need for a new risk model that better represents the ebb and flow of risk in Cloud environments - especially with Cloud Stacks (if someone has a better term, let me know) followed by the Enterprise Cloud Security version of “Hot or Not” - complete with audience voting. Given that some of the providers I’d included in the game were sitting in the audience, this sparked some decent conversations later that evening. If you are a Cloud provider featured in the presentation and you didn’t catch my talk, feel free to contact me to discuss your “hotness” ;-).
The videos are now online (IE only), along with the slides. My talk was on Day 2 in the afternoon (halfway down the right hand side). I welcome your feedback - feel free to leave comments or ask questions.