Inherent Trust in the Cloud – ISACA Update

ISACA Silicon Valley ChapterI attended the ISACA Silicon Valley chapter 2012 Summer Conference, Enabling Trust: Business in the Cloud, on August 23rd and 24th.  Some of the organizations presenting included Qualys, SurveyMonkey, EMC Consulting, StrongAuth, Allgress, PwC, Apollo Group, iStreet Solutions, Check Point Software Technologies and Layered Tech.

Along with some lively panel discussions, the conference offered an eclectic mix of speakers from different points and perspectives within the cloud.  Layered Tech was privileged to be the only Infrastructure as a Service (IaaS) provider presenting and that allowed me to offer the view of the cloud as a framework that can have inherent trust along with appropriate controls.  This was the first presentation that I delivered where a majority of the attendees acknowledged using the cloud – all but one, in fact.  This indicates that more of us are recognizing that the cloud is here and now our job is to better identify the components and how they interrelate.  We may be at or near the tipping point of recognition of cloud computing as a valid means to leverage virtualization and the economies of scale.

I was interested to hear, through much of the conference, that some still consider the only options to be Public Cloud vs. on-premise facilities.  With the offerings of compliance and security-centric providers and the utilization of strong security tools, many of which were discussed by the presenters, we can demonstrate that hybrid and community clouds have a role to play in cloud options and can be made to be as secure, if not more secure, than many traditional on-premise facilities.

I will be presenting more extensions of these views at ConSec’12 – Consumerization of Enterprise IT-Are You Keeping Pace? on September 17-19 in Austin, TX.  I hope to see you there.

Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

Comments are currently closed.