Cloud Security Conference – The Cloud Circle

English: Diagram showing overview of cloud com...

I spent a mind-stretching few hours yesterday at the Cloud Security Conference organised by The Cloud Circle.

Summing up the whole day into a few points is hard, but these were the key things I took away:

  • Security for the Cloud is mostly “just” security, with a few new architectures and contract models
  • Know what data you collect and use, and the associated risks
  • Know where your data goes, how it gets there and how it might be exposed
  • Cloud delivery usually gives you less control
  • But sometimes less control is also less risk
  • Different landscapes give you different control & risk profiles (IaaS / PaaS / SaaS)
  • The importance of knowing about data location and what jurisdictions apply – remember services are often composites from many sub-providers
  • if it’s important to you, talk about it with the vendor and get it in the contract – and involve the legal advisors early
  • But don’t expect a custom contract for 5p/hr computing bought on a credit card!
  • The importance of standards (but this is still an immature market, so not everything has a standard)
  • Plan for something to fail, because it will
  • Cloud makes you ask questions you should already be asking

I can say with absolute certainty that I am not doing full service to the depth of presentations – I recommend looking for the slides on The Cloud Circle’s website.

Key References

Some key reference sources cited by one or more speakers


Steve Plank, Microsoft

Rashmi Knowles, RSA

James Snow, Google

Mark Webber, Osborne Clarke

George Anderson, Webroot

Kris Meulemans, Mozy

The Cloud Circle

I’ve been to a few events organised by The Cloud Circle, and I whole-heartedly recommend them. The events are sponsored, and free for delegates. The organisers are pretty good at keeping speakers relatively agnostic and avoiding overt sales pitches, regardless there are always a good mix of vendors, so with care you can pick out the common threads.

The delegates are a good mix, and I always learn something from the questions from the floor.

Proactive application of technology to business

My interests include technology, personal knowledge management, social change