160 likes | 318 Views
LIR Annual Seminar. Liberty Hall, Dublin March 30th 2012. Is the future secure?. Brian Honan CSA - UK & Ireland Chapter. Cloud Security Alliance. Global, not-for-profit organization Over 23,000 individual members, 100 corporate members, 50 chapters
E N D
LIR Annual Seminar Liberty Hall, Dublin March 30th 2012
Is the future secure? Brian Honan CSA - UK & Ireland Chapter
Cloud Security Alliance • Global, not-for-profit organization • Over 23,000 individual members, 100 corporate members, 50 chapters • Building best practices and a trusted cloud ecosystem • Agile philosophy, rapid development of applied research • GRC: Balance compliance with risk management • Reference models: build using existing standards • Identity: a key foundation of a functioning cloud economy • Champion interoperability • Enable innovation • Advocacy of prudent public policy “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
UK & Ireland chapter • Over 2,000 individual members • Focused on Information Risk Management “To provide the guidance and tools required to allow business and home users of cloud services to manage risks to their information in order to embrace the opportunities afforded by the interconnected information society of the 21st century.”
We’re going on a journey… …from the Knights Templar to Jeremy Clarkson, onto James May and beyond!
What is it to be secure? “the state of being free from danger or threat”
Why the Knights Templar?… • The original ‘trust authority’ • Conveyed money around the middle east during the crusades • Founders of modern banking systems… • …which are based on trust
Trust in modern banking… • Money isn’t real • You trust the bank to pay you – based on a promise!
…is it misplaced? • The bank teller model worked for centuries • Until the 1990’s • When trust moved…
Are we keeping up? • Web 2.0 creates new challenges… • …for which we create new controls • Which surely enhance security? • Enter our second guest…
Remember Jeremy Clarkson?… • Published bank details after HMRC breach in 2008 • Direct debit setup to make charitable contribution “The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again” Jeremy Clarkson
What does this prove? • That the boundaries have moved • Security no longer exists as we understand it • That technology can’t be controlled using traditional thinking • That we need to evolve our thinking Time for our third guest…
Enter James May! • Understanding your assets allows tangible benefit • Defined frameworks are required • Requires constant re-evaluation to achieve goals
So what about the future? • You’re here, now! • The line between consumerisation and business is dissolving rapidly • Technology and adoption evolves faster than ever before • Risks are not to be feared, but managed • Compliance will not help you!
So where do we start? • Ask questions about your business • Determine the information assets being used • Don’t assume control context • Determine the information risks you need managing • Determine responsibility for operating controls • Ensure metrics measure desired control performance
Have your say and be heard in the Cloud discussion Joining us is free Join at www.cloud-security.org.uk Email me on brian.honan@cloud-security.org.uk Follow us on twitter: @CSAUKEire Want to know more?