The document discusses security issues with software as a service (SaaS) and platform as a service (PaaS) models and the need for greater transparency from cloud providers. It mentions several large data breaches and outlines efforts by the Cloud Security Alliance (CSA) to establish standards and best practices through research groups and guidance documents. While compliance does not guarantee security, the CSA works to educate organizations and help negotiate security understandings between vendors and customers.

2. Anyone spent 10minutes with a security guy?

3. Anyone told Sales “its not ready to sell?”

4. Compromise: We’ll fix it later

6. And then there is Outages

7. Gartner (July 2008) “ Cloud computing is the least transparent externally sourced delivery method,” “ [cloud] not only introduces the same risks as any externally provided service, it also includes some unique risk challenges.” reduced visibility, the complication of compliance, and the loss of control over the location of the data. Reliability and recoverability become a concern when outsourcing to a commodity provider, as does the viability of that supplier. “ assess the risks of using any cloud computing provider, and to demand greater transparency than many are currently willing to offer”

12. So is CSA a good or bad thing? ” Yes” if you don’t like being pwned “ Yes” if cloud is to be Long-term credible Can create a perception of “one size fits all” Is this Sarbanes Oxley for service providers? “ No” if it only benefits big/incumbent vendors

13. A compliance comparison… Credit: Sense of Security and aisaorgau

14. Heartland was PCI Compliant

15. So…compliance does not always deliver what is needed but…

17. All your clouds must be transparent thanks! david DOT jones AT gmail DOT com @djinoz