About Cloud Security
Cloud computing security or, more simply, cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.
Guest Speaker: JR Santos
J.R. Santos is the Executive Vice President of Research for the Cloud Security Alliance. He oversees the Cloud Security Alliance’s research portfolio that covers a diverse range of cloud security topics such as IoT, Mobile, Big Data, Forensics and Security as a Service. He is responsible for the execution of the research strategy worldwide. In addition, he advises over 30+ working groups that develop industry leading security practices, education and tools. J.R. has over seventeen years of experience working in information security in a variety of industry sectors including finance, healthcare, aerospace, retail and technology. J.R. is an active professional in the security industry and has served on various boards and committees throughout his career. J.R. holds various professional certifications and a bachelor’s degree from the University of Washington respectively.
JR Santos perspectives on Cloud Security
1) What do you think about the future of cloud computing in terms of security? Will the cloud security challenges be controlled in the next few years or is it possible that they may grow in importance and eventually undermine the common use of cloud technologies gearing to the adoption of other (perhaps new) storage/communication services?
JR. I find the future to be very promising in terms of cloud security. Based on a recent study we did, we found that people were migrating to the cloud because of security (vs. cost and agility). The major cloud providers have the investment and mechanisms in place to maintain a solid security program.
2) "According to recently published Hexatier report 2016 on cloud and data storage as a service, main concerns for adopting cloud technologies are security, compliance, regulation, and company policy. According to this same report, current tools and compliance requirements are not easily followed by service providers. Based on your experience, to which extent would enhancing compliance with current regulation promote a safer cloud? Are today's compliance mechanisms truly adequate for ensuring user's information in the cloud? Otherwise, what should be improved to meet this goal?
JR. The compliance landscape can be very complex and confusing to some. We need to harmonize these efforts with a common baseline framework. In addition, we need to continue to work closely with public and private sector to align customer and compliance requirements to solution provider capabilities. The industry as a whole will need to continue to promote security transparency to maintain a trusted cloud ecosystem.
3) How do cloud technologies would ideally look for you in ten years? Any significant changes you may foresee based on your research and experience?
JR. Cloud Adoption will increase significantly within the next 10 years. With data usage increasing significantly and the number of internet connected devices growing in the billions, we'll need the compute power to manage and orchestrate the cloud ecosystem.
Follow JR Santos on Twitter to keep informed about the latest trends in Cloud Security: @CSAResearchGuy