This week is the RSA Conference in San Francisco and despite itself being a huge conference with great people in attendance, there is also numerous other satellite conferences happening (BSidesSF and Cloud Summit). All that brain power is bound to generate some discussion and research reports generally are released during this PR window. So, here is a few items that (new and old) jumped out to me getting much discussion and would be valuable to restate. As always, I will be punching up my notes to share as things that are meaningful are presented.
First stop the CIO of the U.S. Government: on DarkReading: “White House CIO Lays Out ‘Cloud First’ Strategy To Streamline Bloated Government IT”. This is generally a repeat of his prior strategy laid out before the security community [Direct D/L] and the Wall Street Journal. Nonetheless worth zipping through:
In the same stream of thought (both highlighted at Cloud Summit) is the initiation of the updating the “Security Guidance for Critical Areas of Focus in Cloud Computing” by the Cloud Security Alliance. Note this is a collaborative group and passionate and knowledgeable persons are highly sought – if you can give your time and help. The prior version is available here for download.
True Cost of Compliance put forward by Ponemon Institute and TripWire (released January 2011) – right off the top states that the average non-compliance costs are more than $5 million dollars than the cost to comply. Here is the link to the report – no registration required, very nice. Also interested what that cover graphic is hiding…
Plenty of great streams of information flowing from the conference on twitter – set search filters to: #RSAC #RSA and of course, if you like a specific area (NIST, ISO, Cloud) hit those tags up too… This week is going to produce enough reading for a few flights across the pond for us all!