I have practiced information security on both sides of the Atlantic Ocean and I have always been fascinated by the differences between the European and the North American approaches to security.
Europeans tend to take a comprehensive, long term, risk-based approach whereas Americans often favor effective protections with rapid return on investment. The greater adoption of smart cards and digital certificates in Europe than in the U.S. is certainly one of the many symptoms of this difference in approaches.
Not surprisingly, early work on cloud security seems to be taking the same path.
Earlier this year, the Cloud Security Alliance, a global organization with strong North American influence released an excellent “Security Guidance for Critical Areas of Focus in Cloud Computing”. The document is focusing on practical steps that organizations considering cloud computing strategies can take.
On November 20th, ENISA, the European Network and Information Security Agency, published a report entitled “Cloud Computing: Benefits, risks and recommendations for information security”. The report reviews the privacy and security risks of moving into the cloud. Beyond the immediate risks it also expands on how cloud computing can become a security enabler, a topic dear to my heart.
RSA is directly involved in both initiatives and we are supportive of any initiative that helps customers understand (a) the risks of cloud computing, (b) the practical steps to take to securely move to the cloud and (c) how the cloud can help surpass current levels of security.
Enjoy the reading!