At the first meeting of the SIG Cloud Computing Security (SIG CCS) under the new lead of Bernhard Tellenbach, member of the board ISSS, the nine participants of the meeting had a lively discussion about the goals of this SIG.
Among the goals discussed were ideas such as writing a white paper on a CCS problem where existing Best Practices, guides or textbooks offer little or no guidance and the publishing of an overview of existing and future cloud certifications.
But in the end, the SIG members decided to create a standardized presentation covering relevant aspects of cloud computing security. Since large enterprises typically have the required know-how already in-house and small enterprises usually outsource their IT infrastructure, the SIG decided to gear the presentation toward medium-sized enterprises.
When finished, each SIG member is expected to give the presentation at least three times at events organized by trade- and industry associations, SME-organizations, cloud computing interest groups etc. which have members from medium-sized enterprises in their target audience.
To avoid reinventing the wheel, the SIG first conducts a thorough review of existing literature and resources on the cloud computing security topic. In a next step, the SIG selects the content to be included in the presentation. Finally, the presentation is built based on both, existing material and new material, to fill the gaps identified during the review phase.
In parallel to this work, the SIG contacts groups and organizations which work in the same domain as this SIG. By exchanging information and know-how, the quality of the output is imporved and the SIG can make sure that it does not redo the work of others.
The next meeting of the SIG CCS is scheduled for the 22.04. at Zurich main station. If you want to get more information on this SIG or if you want to participate, please drop an email to bernhard.tellenbach@isss.ch