Last year at the RSA Conference you couldn’t go two feet without bumping into someone or something that had to do with “the cloud.” This year I didn’t fall into the same cloud trap, but I did fall into the risk management trap as that was the buzz at this year’s the show.
Put the two together and you have the hottest issue at RSA for 2011 and 2012: “Risk Management in the Cloud.”
On the show floor, I spoke with Adam Ely (@AdamEly), CISO for Heroku at Salesforce, about risk management in the cloud.
What I learned from Ely is there are two major differentiators between risk management on your network and risk management in the cloud. Those are:
- In the cloud you don’t own everything so a major factor of risk management is trust in your cloud provider.
- Cloud providers are doing back flips trying to build that trust. They’re constantly asking, “What can we do to get your trust?”
Risk management in the cloud is very doable, but it requires building a strong relationship with your cloud provider to help you understand both the risk and audit methodologies.
Stock photo of cloud image courtesy of Shutterstock.