Judeumeh's Blog

Wednesday’s BCS event on IT security certainly made that point on many different levels. If I was a betting man, I’d wager that the IT security industry is on the brink of a major revolution, on the back of that vague and fluffy thing called the Cloud.

Case in point, my question of how many people in the audience actively use the Cloud saw only a pitiful couple of hands raised. However when put in another way, by one of the presenters, i.e. how many people used Android phones for example; a few other hands went up along with looks of dawning comprehension. The Cloud rightfully exists behind the scenes, powering various services that are often taken for granted by the consumer, and the Android example simply confirms that in spite of all the buzz, your common, garden variety, consumer has little understanding or interest in this techie catnip known as cloud computing. And who can blame her, after all was it not the same geeky fads that brought us other similar buzzwords as: Application Service Provider (or ASP), Grid computing, and heck even Web 2.0?

But I digress, what’s this got to do with IT Security you ask? The answer is very simple, if the Cloud is really a behind-the-scenes enabler, then Cloud security should also be behind the scenes; but I get this uneasy feeling in the pit of my stomach (no, not from eating too many nibbles after the event), that it won’t be long before someone gets sued over some security breach emanating from the Cloud. How long before we get Cloud Compliance and Cloud Security Risk Assessment models, regulations and perhaps even some exotic insurance policy for Cloud based services? Furthermore, the Internet (and consequently the Cloud) is essentially borderless technology, which means that various national and international data governance regimes may have a thing or two to say about where data is stored – assuming it can be found in one place!

Finally, we also learnt that some clever Silicon Valley types are actively seeking ways to commoditize The Cloud, and Cloud based services, such that it can be traded as a financial instrument. Now where have we seen that one before – does Collateralized Debt Obligation ring a bell? Suffice it to say there’s a lot of food for thought when it comes to Cloud Security, and far better qualified people than I have pondered, spoken and written about it (e.g. see my  review of an excellent book about Cloud Security), so I shall just leave well enough alone.

Aside from the cloudy issue of cloud security (sic), the event provided many opportunities for attendees to hear and debate other key topics of interest in IT Security, and our four speakers did a great job of keeping people engaged throughout. More information, including presentation slides, can be found on the BCS NLB website.