One of the parts of my job I enjoy most is speaking at industry and customer events. Typically, Carpathia Hosting presents at about a dozen events a year - ranging from very large events including Citrix Synergy and Burton Catalyst - to much more targeted, federal events. This has been a particularly busy year for Carpathia.
Every September, players in the hosting industry gather at Tier1’s research conference, “Hosting Transformation Summit North America” in Las Vegas. This event includes a good mix of datacenter providers, service providers, analysts, investors and customers. Last year I was on a panel discussing cloud storage. This year, in keeping with the cloud theme (which is really dominating all industry events), I’ll be talking about privacy and security in the cloud, with Rodney Joffe (SVP, Neustar), David Snead (attorney), and Andy Ellis (Chief Security Architect - Akamai).
Security has always been one of the hot topic items in the cloud and often one of the first hurdles a customer needs to overcome to adopt a cloud computing solution. As a hosting provider, Carpathia has worked with customers for the past decade to overcome security issues, many of the problems highlighted as cloud issues formed with the outsourcing movement and the adoption of shared services - not cloud centric issues.
Privacy, on the other hand, is a much more interesting debate. I’m very pleased the Tier1 team invited an expert in this field - David Snead - to join the panel. Privacy comes up in many contexts in the cloud including data transmission across borders, providing custodianship of data in a shared platform, and most often, organizations providing SaaS solutions with a single application image shared by multiple customers. I’m really looking forward to this part of the panel and hearing about this from both viewpoints - industry and legal - and the challenges consuming IT in this manner creates.
One item not on the agenda however, is compliance – but I’ll be sure to bring it up! This is typically the third leg of the stool we discuss with our customers when we consider Information Assurance. The cloud is really testing the boundaries of many of our compliance standards, both in terms of government requirements such as FISMA and DIACAP, and also in the commercial sector with HIPAA, PCI and SOX. I must admit to being a big fan of how the industry came together around PCI – and while a long way from perfect, produced some meaningful work that has continued to be relevant as computing evolves.
We are now seeing federal IT standards take a much similar approach seeking input to evolve the standards. FISMA for example, is beginning the move from an audit every few years to “continuous situational awareness”. This is a massive step in the right direction.