Cloud Security Alliance UK Chapter

One of the things that we, as a UK chapter, are keen to deliver to our members is some local flavour to the comprehensive but generic guidance produced by the wider global Cloud Security Alliance.    To that aim, I thought it worthwhile to highlight some of the local, UK-specific, sources of security guidance to help out those of you either already working in the cloud or else exploring the potential for future cloud-based delivery of services.     Whilst aimed very much at the Public Sector, the Cloud Security Principles and associated cloud security guidance published on Gov.uk offers a considerable amount of pragmatic guidance to those looking to adopt cloud services.      The landing page for a variety of guidance documents can be found here:   https://www.gov.uk/government/collections/cloud-security-guidance   One, more hard to find, Government source of guidance relates to the security assertions that cloud providers looking to del...

The media circus that has been Craig Wright trying to prove he’s the inventor of digi-currency bitcoin has been occupying both the main-stream media and tech-media in the past week. Back some five years ago, the Jericho Forum was looking at the problems with Cloud and defined two problems that the industry should tackle, in the form of two questions that anyone should ask themselves when implementing cloud; How do you manage your data in an environment you do not control. How do you manage identities that you do not control Bitcoin uses blockchain, distributed ledger technology, where the data is distributed across many computing platforms, none of which “you” own, and where the data is public; and highlights the same problems with identities that you have in a cloud environment. So when you come to try and prove that you are Satoshi Nakamoto, the secretive creator of the currency, as there is no root of your identity, that proof becomes very difficult (as we have seen). While blockcha...