Thursday, March 31, 2011

Lively discussions at the formal launch of CSA's largest Chapter

The Mumbai Cloud Security Alliance (CSA) chapter with 280 members and the largest in the world was launched last tuesday. Microsoft and KPMG were proud host to the event which saw over 80 members gather for the inaugural meet. A short video recorded keynote made by Jim Reavis, the founder director of CSA delighted the audience.  I will not dwell much into the events as they are well described by my fellow founder Mumbai CSA Director L.S. Subramanium in his blog post " Inauguration of the CSA Mumbai Chapter ".

The audience consisted of  a mix of senior vendor representatives, cloud professionals and endusers trying to gauge the Indian cloud and cloud security market. The discussions were very informative and I gained from the contributions of a well informed set of members. The following paragraphs summarises the discussions.

Cloud is till in early stages in India. There are no early Industry adopters yet. Most companies and professionals are trying to become cloud aware and prepare cloud plans. Senior executives in business and local government are keen to understand how a cloud strategy could shape or affect their business

Most of the existing cloud service providers infrastructure are outside India. There were concerns on the legal issues in using these clouds and the extent of forensic evidence that could be collected from third party cloud providers. My personal opinion has been that we should use clouds where the jurisdiction of Indian laws applies and where no foreign government can seize/spy on financial and other critical data.

It was clear that the difference between a true cloud and an Internet hosted solution was grey. Many examples of cloud solutions were in reality hosted solutions. To that extent there was cloudification of what was already available to create a buzz. Neverthless, cloud is here to stay. The farsight of the CSA in building a security architecture when the "very concept of a cloud is hazy" shows.

One of the most interesting parts of the discussion was on a point made that mass cloud adoption should be consumer driven and the real test of the cloud is how consumers use it. There was an interesting discussion on syncronising contact information between Nokia and Blackberry using Gmail. The puritan may argue against this being a cloud example, but it proves an important point.

There was interest from the banking sector on the use of cloud. There were mixed discussion of the conservativeness of the Indian banking regulator and their acceptability to cloud based banking solutions. I am of the opinion that a conservative approach to public clouds hosting financial data is best and strict restriction should be imposed on using clouds outside India.

There were some excellent questions on How to Select a Cloud Provider?  and The Key Security Concerns of CIO's? These questions are well answered in an article I wrote titled " Eight Questions CIO's should ask on Cloud Security " in SC magazine last November.

As Microsoft was the host, there were the usual questions on the security of Microsoft's Cloud based services.

All in all the food was great. I have a tasty helping of penne with my choice of toppings. Met a few colleagues from the past, some way back to my early days when India's built its first wide area X.25 networks and ofcourse made new friends.

Related Blogposts

A Strategic Approach to Security Risk while CloudSourcing which highlights the inportance of contractual and audit clauses in cloud contracts

No comments:

Post a Comment