What am I talking about? I recommend you visit these two links.
The obvious issues of protecting data, ensuring it stays within national borders, issues of privacy, seperation of infrastructure yet maximising the benefits of cost reduction and infrastructure re-use are all coming together. The formation of joint organisations calling for the creations of laws and standards will serve to maximise the leverage of combined purchasing power.
What the hell does that all mean? I'm making two points:
- It is a very clear and powerful example of where security has been engaged at the executive level and now forcing people to change the way we do business. This is the way security needs to start engaging stakeholders, so pay attention! But more importantly...
- The realisation that a standardised approach to ensuring the security of information is becoming paramount to the success of cloud computing. This means the development of formalised standards, audits, assurance programs, increase in tech and jobs. Not only is this great for security professionals but great for the consumer.
While there is the potential for the usual whitewashing of security assurance that I've seen over the years, it is clear that the usual slapdashery approach and adhoc application of IT controls cannot be ignored any further. When executives are forced to sit back and as tough questions - as well as taking a good long look at the affairs of their own house - changes will happen.
Big businesses like Telstra and CBA are now onboard with the Enterprise Cloud Buyers Council (ECBC) through the TMforum. There are other big companies and government groups looking at the cloud for solutions. While the TMforum caters more to the Enterprise Architecture crowd, I home that groups like the Cloud Security Alliance and other security minded organisations become involved. If you happen to read this and are involved in a security organisation, do try and get involved in this space.
On that note, version two of the CSA's Guidance document was released late last year. Recommended reading if you're working in with cloud computing in any capacity.
I realise this post isn't the most timely of news - my apologies. But I don't think many people have really thought about this to any real extent and I figured it was worth pointing out.