Recapping the first annual Cloud Security Alliance Congress

On this week's episode of Cloud Cover TV, Carl Brooks recaps his time at the first annual Cloud Security Alliance Congress in Florida.

And check out the Cloud Cover TV home page for the rest of the episodes.

Read the full transcript from this video below:  

Recapping the first annual Cloud Security Alliance Congress

Jo Maitland:    Hello, and welcome to Cloud Cover, our new weekly show brought to you by, on all the news this week from the Cloud market. My name is Jo Maitland, I am Executive Editor of, and I am here with Carl Brooks.

Carl Brooks:    Hello everybody.

Jo Maitland:    Carl is the Senior News Writer on Welcome to the show, everyone. We are just going to kick off. This is our pilot show, and we are definitely learning as we go here so bear with us. I am just going to kick off, Carl, a couple of questions for you. I know you were at the first Cloud Security Alliance Congress in Florida last week. How was that?

Carl Brooks:    That is right, I was. It was wonderful. The weather was great. I had to walk right by a pool to get to the show, so that was not much fun, but the show itself was pretty interesting. It was, of all the things, I ran into more lawyers at that event than I have run into at any tech show that I have been to now or probably since. It was really interesting because there were so many people there who understood exactly was going on, but they were not all technical people. They were people who were involved in other sides of the business. I thought it was interesting commentary on where we stand now, that I think a lot of people have satisfied themselves over what Cloud computing is, where they are going to stand with it, and now they are really working on the details, which was an interesting development.

Other than that, the show was pretty good. It was a lot of, a fair number of case studies, a lot of service providers there, but in some ways they are consumers of Cloud, as much as they are selling Cloud, it is all wrapped up, so it was an interesting statement on what is happening right now.

Jo Maitland:    Interesting. You met the Boeing guys there, or you met somebody from Boeing? What are they up to?

Carl Brooks:    I did. I met, he was a team lead on Boeing's IT security, he is actually in software security, and his team runs application, IT security for all of Boeing, and he was actually instrumental in helping them get started with Cloud computing because it is a really big enterprise, and I mean big. Boeing has an uncounted number of employees, are a global company, and basically, they make airplanes and they make missiles. The first concern that they have is security of all types: IT security, plain old security. Cloud computing came along two or three years ago, and they looked at it and said, ‘This is great. Our first concern is security.’ They handed it over to the IT security team in order to figure out how to implement it. It was not really a question of being first movers or being agile in how they went about it; it was really mostly about finding a way to make it work within a necessary paradigm they have. There simply is no option for them other than having proper security. What this guy did was . . .

Jo Maitland:    How far have they got? Are they up and running on any Clouds yet?  Are they building it internally?  What is the plan?

Carl Brooks:    Yes, they are. They actually, from this guy's perspective, his name was EJ Jones, and his perspective on Cloud for his team is that it was, they consider hosting things on the internet to a be public Cloud.  There are a lot of definitions, but they are definitely talking about AWS, Rack Space, other iterations of Cloud platforms, and they have come along. He said it took them two or three years, but they developed a methodology to basically certify or at least examine a Cloud provider for security in terms of applications. A couple interesting things he said: one, out of the 12,000, that is right, 12,000 applications that Boeing runs in their business, a very, very small percentage were suitable in any way, shape or form for Cloud computing, mostly because most of the applications they run are either line-of-business or they are already established; they do not need to grow them, be elastic, scale, or do any of this web stuff -- it is pretty traditional stuff. The ones that were suitable, for instance, test and dev, and an application that he himself helped write was for testing source code for development. They wanted to put that on Amazon. There is a very small minority of cases, but even those small minority had to go through pretty rigorous security checks.

Jo Maitland:    Is their goal just to save on buying more infrastructure internally, or why are they doing this at all?

Carl Brooks:    Mostly it is the agility, is the sense I got. He could not talk very specifically about a lot of Boeing because it is a public company; they do not want to talk about strategy too much, but the sense I got of it overall was that it is the agility, the ease of use and the ability to hand off infrastructure and management tasks to individual developers and individual business units.

Jo Maitland:    Got it. We will look forward to the full story on the site. On my end, I have been following this whole private Cloud marketplace, and I think there have been lots of efforts recently, particularly by Microsoft, to actually debunk the whole notion of private Cloud. They put out a white paper recently saying that the economics of private Cloud don't make sense, and I have heard a couple people say that to build a private Cloud and get the benefits of a public Cloud environment, you really need 10,000 servers.

Carl Brooks:    That is true.

Jo Maitland:    There is a big question mark over whether the economics of a private Cloud is even possible, so I am working on that right now, which is an interesting space.

Carl Brooks:    That is a pretty great development, considering they just released a Hyper vCloud for people who want to build their own on Dell servers or HP servers, so I think they are trying to play both sides of the hand there.

Jo Maitland:    Yes, it is definitely a mixed message.

Carl Brooks:    I thought that white paper was far looking, too. Wasn't it 5 or 10 years was the message, that this is going to be inevitable?

Jo Maitland:    Yes, so for data centers, for future build outs, they are recommending using public Cloud and not building your own brand new data centers. Obviously, people are looking to refresh on a big scale; I think the white paper was aimed at those guys.

Carl Brooks:    Interesting. That stuff was going to happen pretty slowly. It is going to happen at its own pace?

Jo Maitland:    Yes. I think that there might be the GEs and the Coca-Colas of this world, might end up building private Clouds and being service providers themselves, but for everybody else, the public Cloud model is the one that makes sense.

Carl Brooks:    Definitely.

Jo Maitland:    Great, Carl. We will talk to you again next week.

Carl Brooks:    Yes, nice. It was fun.

Jo Maitland:    Cheers. Bye.

View All Videos

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.