Cloud Security Alliance UK Chapter

Integration and portability – either working across multiple cloud providers or else shifting workloads from one provider to another – remain amongst the trickier areas of cloud strategy and security.  Different business strategies and priorities will drive different approaches.  For example, if you take the view that service resilience is your primary concern then the idea of placing all your eggs in one basket, even one as well made as AWS or Azure, may be anathema.  This can then drive architectures that must either split components across multiple cloud providers so as to reduce impact of compromise (including outages) or to use a secondary cloud provider to provide contingency in the event of a failure of your primary supplier.  If you’re going to support portability (the ability to shift workloads between cloud providers) then you need to avoid lock-in which can drive you towards containerisation such that you can take your encapsulated infrastructure from one ...

One of the projects we currently have underway in the UK chapter relates to the provision of guidance tailored towards small businesses. Cloud offers start-ups and small businesses the IT capabilities they need to compete with more established organisations but it is unlikely that such firms will have dedicated security teams tasked to secure such capabilities.  This project aims to provide pragmatic insight to help those asked to secure cloud services in small businesses to close some of that gap.  Here's an update from Andy Camp who is running with this project... Update Version 4.0 of the CSA Security Guidance for Critical areas of Focus in Cloud Computing is a 152 page document full of extremely useful information. This document is however difficult to interpret and onerous to implement for the majority of Small and Medium Enterprises (SME’s) who constitute over 99% of businesses in the UK and whose turnover (2014 Figures) represents 47% of the private sector turnover in t...