UK Cloud Security Alliance Reigns Over Info Risks
The CSA UK & Ireland set out its manifesto for raising cloud information storage risks at KPMG, London
At the inaugural meeting of the Cloud Security Alliance (CSA) UK & Ireland, president Des Ward said he welcomed the blossoming of similar organisations because he would like to see more debate on information risk management.
“The cloud affects us all,” he said. “Consumers, business, everyone has an investment in the cloud – whether they know it or not. We have to raise awareness of the risk that this involves and educate parents and business leaders alike on how to manage it.”
Security entails risk management
Vice president Gerry O’Neill actually banned the use of the word “security” at the UK & Ireland chapter meeting because it “clouds the issue”.
“Security makes people think of firewalls, AV [antivirus] and parental controls. What we are talking about goes beyond this. Information risk management is what it’s about. The way in which information can be stored and accessed, with or without our knowledge, is another element of security which is receiving less attention than the technology.”
“We decided to form a UK and Ireland chapter of the CSA in January so it’s only been a few weeks since we recruited an executive board,” he said. “We organised this meeting at short notice because we have a bigger meeting planned for the Infosecurity Europe event in April. The attendance today shows how much interest there is in cloud information risk management.”
Aside from initiating the free-membership, not-for-profit organisiation, the purpose of the gathering was to set the basis for its 2011 research and information dissemination activities.
“It was good to see so many ideas coming from the floor,” O’Neill said. “We can’t promise to follow up every suggestion because there was such a good response but we will take our priorities from the membership to ensure that we are covering as many of the pain points that cloud is creating.”
Children in the cloud
In his inaugural speech, Ward pointed out that parents are at a loss when it comes to managing their families’ cloud risks.
“Parents often leave their children to their own devices because they don’t understand computers and the Internet,” he said, “and the children seem to know more about technology than they do. At best, they often think that setting access controls in place is sufficient.”
Ward believes that educating the parents will ensure that the next generation of digital kids will have a more responsible attitude to the IT clouds that will surround them. He also thinks that there is a lot to be done in helping businesses to meet the governance issues that they face.
The CSA will be hitting the road to hold events in other parts of the country. Members of the group can register to attend the 12th annual National Information Security Conference at St Andrews, Scotland, in June.