Keeping this post as ‘short and crisp’ required for keeping up with stance of audience mindset on this blog, would just like to inform the conference with TRAI (Government of India) for ‘Regulatory Framework on cloud for Indian Industry’ was a grand success and TRAI’s vision towards achieving this giant leap in form of this baseline national regulation for cloud providers and subscribers is worth commending. I was one of the 21 consultants on for this national regulatory initiative representing whitehat’People’ – the open security consortium, on for Cloud Security and Governance.
Our focus was on the cloud security modules of the regulation and so we discussed seeing cloud as a security model and notified security issues / impact, with / utilizing cloud; with measures to contract them. Also a cloud security framework drafted and designed for having a through assessment and audit materialization was provided. When we speak of the framework, with respect to specified ‘2 layer control’ approach into the III phase framework, it constituted: Framework Governance and work flow, niche of Security Controls (controls I), and our mechanism consisting of sub phases on for integrating penetrable vectors to material audit considerations (controls II) and a protection approach.
More precisely, keeping the security facets of cloud in its way, we helped to form a plan that helps to decide:
- What needs to be running
- What can be temporarily disrupted
- What should be deliberately disconnected
- What additional security measures should be enabled
- How to communicate all of the above in varied structures of Cloud