security

Mastodon: What you need to know for your security and privacy - Sound common-sense advice from a well-known security expert #
Cloud Security Conference – The Cloud Circle
English: Diagram showing overview of cloud com...

I spent a mind-stretching few hours yesterday at the Cloud Security Conference organised by The Cloud Circle.

Summing up the whole day into a few points is hard, but these were the key things I took away:

  • Security for the Cloud is mostly “just” security, with a few new architectures and contract models
  • Know what data you collect and use, and the associated risks
  • Know where your data goes, how it gets there and how it might be exposed
  • Cloud delivery usually gives you less control
  • But sometimes less control is also less risk
  • Different landscapes give you different control & risk profiles (IaaS / PaaS / SaaS)
  • The importance of knowing about data location and what jurisdictions apply – remember services are often composites from many sub-providers
  • if it’s important to you, talk about it with the vendor and get it in the contract – and involve the legal advisors early
  • But don’t expect a custom contract for 5p/hr computing bought on a credit card!
  • The importance of standards (but this is still an immature market, so not everything has a standard)
  • Plan for something to fail, because it will
  • Cloud makes you ask questions you should already be asking

I can say with absolute certainty that I am not doing full service to the depth of presentations – I recommend looking for the slides on The Cloud Circle’s website.

Key References

Some key reference sources cited by one or more speakers

#