Business Assurance in the 21st Century

As you may recall from my “Outlook is Cloudy” post I am the Chief Operations Officer for the Common Assurance Maturity Model (CAMM).  I have been involved with CAMM for nearly two years and it has been a pleasure to work with some brilliant minds and excellent people on the project.  Earlier this week the “Business Assurance in the 21st Century” whitepaper (PDF File) was released.

This whitepaper was developed by a number of key organisations, such as The Shared Assessments Program; the Information Security Forum (ISF); the Cloud Security Alliance (CSA); the Payment Card Industry (PCI); the Common Assurance Maturity Model (CAMM); and ISACA.  The whitepaper outlines the plans of the above organisations to create a global repository of assessments for assurance of the IT supply chain (including cloud services).  In addition this “initiative and repository should be independent and ‘not for profit’ in order to ensure its focus, provide transparency and secure wider endorsement”.

The full whitepaper can be downloaded from the CAMM website.

Keep an eye out for more exciting announcments from CAMM over the coming weeks.

Outlook is Cloudy

Cloud computing has become an exciting evolution in how we deliver, access and use services over the Internet.  The Cloud offers organisations many benefits and opportunities.  However, these opportunities and benefits do not come without a number of security risks that need to be considered.
Ireland is uniquely positioned to handle these issues.  In an article with the CSO Online Magazine titled “Ireland hopes security measures attract big cloud providers” I outline a number of these benefits.  In my opinion these benefits include the high quality of information security professionals that are based here, our experience in managing and running large datacentres and the cloud security research that is going on in various universities.
I have also taken on some active roles to ensure that we as an industry can address the security challenges the cloud present.  To this end I am happy to say I have been appointed the Chief Operations Officer for the Common Assurance Maturity Model (CAMM).  The objectives of CAMM are to:
  • Provide a framework to in support of necessary transparency attesting the Information Assurance Maturity of a Third Party Providers & Suppliers (e.g. Cloud providers).
  • Publication of results in an open and transparent manner, without the mandatory need for third party audit functions, or due diligence engagements.
  • Allow for data processors to demonstratively publicise their attention to Information Assurance in comparison to other supplier’s levels of compliance, and security profiles.
  • Negating the operational requirement for time consuming, expensive, subjective, and resource intensive bespoke arrangements to attest security and compliance.
I have also taken a position on the board of the UK and Irish Chapter of the Cloud Security Alliance.  The Cloud Security Alliance (CSA) is a “not-for-profit organisation with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.” We have some exciting events planned, including a chapter meeting in Dublin to be held later this year, so watch this space.  If you are interested in cloud security you should join the UK and Irish Chapter of the Cloud Security Alliance as it will provide you with the resources to develop and hone the skills required for this evolving environment.
If you are wondering what are the security challenges that we face with moving to the cloud I recommend that you read the Cloud Security Guidance White Paper from the Cloud Security Alliance and also ENISA’s excellent white paper on Cloud Computing.
You can also review my presentation on the Cloud Security below;