I’m attending the RSA Conference this week and just sat through a panel discussion on cross-jurisdictional issues in the cloud. It was part of the Cloud Security Alliance Summit 2012.
Here’s what I heard: there are tons of considerations around the management, access and even the e-discovery personal data in the cloud…lots of variables and just as many things still up in the air. I’m convinced that being an information privacy and security savvy attorney is a solid – and likely most lucrative – career paths that IT professionals could take right now.
One of the audience members (apparently a founder of the Unified Compliance Framework) asked the panel why we needed yet another group (the Cloud Security Alliance) establishing yet another set of information security standards when 99.99% of everything that’s being touted today is already part of some other regulation, standard or framework. I completely agree and didn’t hear any compelling explanations…Everyone wants their piece of the pie I suppose.