I’m attending the RSA Conference this week and just sat through a panel discussion on cross-jurisdictional issues in the cloud. It was part of the Cloud Security Alliance Summit 2012.
Here’s what I heard: there are tons of considerations around the management, access and even the e-discovery personal data in the cloud…lots of variables and just as many things still up in the air. I’m convinced that being an information privacy and security savvy attorney is a solid – and likely most lucrative – career paths that IT professionals could take right now.
One of the audience members (apparently a founder of the Unified Compliance Framework) asked the panel why we needed yet another group (the Cloud Security Alliance) establishing yet another set of information security standards when 99.99% of everything that’s being touted today is already part of some other regulation, standard or framework. I completely agree and didn’t hear any compelling explanations…Everyone wants their piece of the pie I suppose.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”