Cloud Security Alliance Overview and Organizational Plans Jim Reavis, Co-founder & Executive Director August 5, 2009

Copyright © 2009 Cloud Security Alliance Agenda About the Cloud Security Alliance Organizational Structure Membership Projects

Copyright © 2009 Cloud Security Alliance About the Cloud Security Alliance Global, not-for-profit organization Inclusive membership, supporting broad spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on… We believe Cloud Computing has a robust future, we want to make it better “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”

Copyright © 2009 Cloud Security Alliance Organizational Structure Board of Directors Jerry Archer, CISO Intuit Alan Boehme, EVP ING Dave Cullinane, CISO eBay Paul Kurtz, Good Harbor Nils Puhlmann, Co-founder Jim Reavis, Co-founder Executive Committee Solution Provider Advisory Council Volunteer Working Groups

Copyright © 2009 Cloud Security Alliance Getting Involved Individual Membership (free) Subject matter experts for research Interested in learning about the topic Administrative & organizational help Corporate Members Help fund outreach, events Solution Provider Advisory Council Affiliated Organizations (free) Joint projects in the community interest

Copyright © 2009 Cloud Security Alliance Current corporate members

Copyright © 2009 Cloud Security Alliance Current affiliates Cloud-Standards.org

Copyright © 2009 Cloud Security Alliance Individual Members 3,512 as of August 3 rd Broad Geographical Distribution Active Working Groups Editorial Educational Outreach Architecture Governance, Risk Mgt, Compliance, Business Continuity Legal & E-Discovery Portability, Interoperability and Application Security Identity and Access Mgt, Encryption & Key Mgt Data Center Operations and Incident Response Information Lifecycle Management & Storage Virtualization and Technology Compartmentalization New Working Groups Healthcare Cloud Threat Analysis US Federal Government Financial Services

Copyright © 2009 Cloud Security Alliance Key Challenges We aren’t moving to the cloud.. We are reinventing in the cloud Accelerated pace of change Globalization Massive multi-tenancy Pressure on traditional organizational boundaries Challenges traditional thinking How do we build standards? How do we create architectures? What is the ecosystem required to managed, operate, assess and audit cloud systems?

Copyright © 2009 Cloud Security Alliance Project Roadmap April 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 1 July 2009: Version 1 translated into Japanese October 2009: Security Guidance for Critical Areas of Focus for Cloud Computing – Version 2 October 2009: Top Ten Cloud Threats (monthly) November 2009: Provider & Customer Checklists December 2009: eHealth Guidance Global CSA Executive Summits Q – Europe Q1 or Q US

Copyright © 2009 Cloud Security Alliance Summary Cloud Computing is real and transformational Challenges for People, Process, Technology, Organizations and Countries Broad governance approach needed Tactical fixes needed Combination of updating existing best practices and creating completely new best practices Common sense not optional

Copyright © 2009 Cloud Security Alliance Call to Action Join us, help make our work better Discussions & announcements on LinkedIn & GoogleGroups Hold regional CSA meetups Volunteer for existing research Brainstorm new research initiatives

Copyright © 2009 Cloud Security Alliance Contact #csaguide LinkedIn:

Thank You!