Capital Area Cloud Computing User Group

Overall, the 2011 Cloud Security Alliance Congress was very organized and informative congress. As an introduction the Cloud Security Alliance is a non-profit organization promote the use of best practices for providing security assurance within Cloud Computing and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The conference sessions were built around five learning tracks and is really geared towards education and knowledge sharing and not the typical vendor showcase of other technical conferences. The five learning tracks were: 1) Strategy & Architecture, 2) Design & Implementation, 3) Management & Operations, 4) Legal & Compliance, and 5) Federal/International Government.

Each day began and ended with a key note address which I thought was a good way to bring everyone back together for some valuable networking opportunities. One of the benefits of attending conference such as this is the opportunity to meet others in your respective industries to share successes, failures, and lessons learned. For instance, during the first key note address I met Peter Mell, Computer Scientist at NIST, who co-authored the NIST Definition of Cloud Computing (SP 800-145).

Overall the feeling I got from others and my personal experience was that the content and presenters of each of the conference sessions was diverse and good, however feedback from each session was not consistent. Some sessions were really good and others just completely failed to hit the audiences expectations. The one consistent feedback I did hear was that most of the panel discussions were really good. The best session I attended was delivered by John Kinsella of Stratosec. John described the steps he took to build and secure a public cloud which I thought was very informative and really made me think about the corners that many engineers take when moving to the cloud. John walked the audience through the basic pieces of a secure IaaS, the high level process, and the most entertaining portion of the session email correspondence he had with cloud software vendors of vulnerabilities he identified during his testing.

Other good sessions were both the morning key note addresses. The first day's keynote was delivered by Art Coviello, Jr., Executive Vice President of EMC and the second day's was delivered by Jay Chaundry, Founder and CEO of Zscaler. Some key points from Mr. Coviello's keynote was that he quickly jumped into explain the spear fishing attacks on RSA; he also stated that when you think about GRC data must have big data components when it comes to things like analytics, visualization, context, correlation, automated responses, and real-time feeds. Both Mr. Coviello and Mr. Chaundry stated that anti-virus as a security measure is increasingly becoming ineffective. To date there is approximately over 10 million anti-virus signatures and they account for only 3% of all cyber attacks. While botnets and malicious urls account for approximately 70% and 18% of attacks respectively. Mr. Chaundry also went on to explain the down falls of VPN backhauling.

So again my conference experience was a good one and it was very educational. I'm looking forward to seeing what CSA will come up with next year. I also forgot to mention I had an opportunity to sit down with Gregory Dupier a Director in PwC's Washington Federal Practice. I'll have a write-up of our discussion shortly. Here is a link to the 2011 CSA Congress brochure: http://www.misti.com/PDF/174/20920/CSA11%20Bro_S.pdf