Episode 7: Creating Trust in Cloud
Attendees Guest: Damir Savanović Guest title: Senior researcher Company: Cloud Security Alliance Abstract Creating trust is one of the major challenges for cloud providers and consumers, without trust customers will not be able to move workloads into cloud environments, but trust is a very elusive term that is hard to achieve. In this episode we talk with Damir Savanović from the Cloud Security Alliance on how cloud providers and consumers can use certifications for increasing trust and how is CSA preparing to the new requirements of continuous monitoring that are arriving with the new EU cyber laws. Timing 0:00 Intro and introducing our guest and overview of Damir activities in the area of cloud security 5:40 Introducing Cloud Security Alliance activities and major projects (STAR and CCSK) 9.17 The true meaning of trust in cloud computing. Using attestation and certification for establishing trust 14:50 The difference between certification and attestation and the effect of the new EU cybersecurity law on compliance 17.50 Understanding CSA STAR methodology from self assessment to certification or attestation and continuous monitoring 24.20 Behind the scenes of continuous monitoring - the CSA STAR methodology 32.00 Summary and conclusions