Brussels has grown from a 10th-century fortress town founded by a descendant of Charlemagne to a sizeable city. I took that directly from Wikipedia, by the way (because I have faith in the platform – not because of time/effort pressures). On the same page, I discovered that the area of Brussels is 161.38 km2, a figure I took and plugged into WolframAlpha to find (assuming, physicist-like, that the city is a perfect circle) it has a diameter of 14.32 kilometers. That’s about 70 billion times the diameter of a cloud condensation nucleus, the motes of dust around which every cumulonimbus coalesces.
CloudScapeV could hardly be called a mote of dust in terms of size, but the conference is fairly compact (a shade over a hundred participants), which makes it ideal for meeting people and seeing all the demos. Participants came from all backgrounds: academia of course – but also industry and those working in government and policy, which has made for some very interesting discussions at the breaks.
Cloud Locker - ‘Secure and trusted cloud for all, and the EU Certification Framework’ brought to bear some of the policy issues surrounding cloud and security: dense, substantial stuff, and not the fluffiness of cloud that is sometimes overemphasised. Marnix Dekker, Security Expert and Information Security Officer for ENISA, started the session. Cloud, he stated, is about lgiving customer everage - but they can also get top-notch security if they are prepared to make a small investment. The downside of concentrating resources is that if something goes wrong – security fails, for instance, the impact can be bigger. But actually cloud has been demonstrably resilient in the face of natural disasters…due to delocalisation of data.
Janne Jarvinen from F-Secure reminded us that just moving the data you have as a business to the cloud is not enough – you need to transform your business to adapt to cloud. When balancing accessibility with security, It’s very rare that people choose security over accessibility something that is very evident with email, for instance.
Alain Pannetrat from the Cloud Security Alliance talked about the need for standards and certification…and the need for people to change their state of mind when moving to cloud. He also talked about multi-approach cloud certification with the CUMULUS project (Certification infrastrUcture for MUlti-Layer cloUd Services, http://cordis.europa.eu/search/index.cfm?fuseaction=proj.document&PJ_RCN=13156501).
Finally, Tim Cowen, a lawyer specialising in cloud, talked about the need for certainty – lack of confidence being bred by uncertainty. It’s important therefore to be transparent about risk. Cloud is also a new technology, and businesses working in cloud may not yet know the risks – plus, of course, they may downplay them.
Summing up, Dekker posed the question: if cloud is being sold as a utility, should it be regulated as such? If it is a utility, regulation should separate the infrastructure from the service. What precisely the service and the infrastructure are is a more difficult question…