PRESS RELEASE

April 20, 2009: Researchers at the Information Security Forum (ISF) are drawing on the collective knowledge and practical experiences of its Members " over 300 of the world's leading corporations and public sector bodies " to identify and offer mitigation of potential risks posed by the new generation of Cloud Computing. "With the pace of interest and adoption of Cloud Computing services increasing, information risk and security professionals need to stay ahead of the curve to support their organizations," says Prof. Howard A. Schmidt, President & CEO of the ISF, "As a leading independent authority in information security, it is vital that we cut through the hype and vendor claims to help ISF Members put the right controls and technologies in place to take full advantage of Cloud Computing without putting their organizations at risk." The ISF research focuses on four major issues to be addressed in order to ensure the confidentiality, integrity and availability of computing in the cloud: Customer, Connectivity, Supplier and Statutory. "The research is designed to ensure that customers of Cloud Computing can make informed business decisions that include strong consideration of security processes to minimize exposing information and organizational systems to either increased or new risk," says Adrian Davis, Senior Research Consultant at the ISF and author of a report on Cloud Computing that will be published next month. "Customers and users often need to understand the various controls and detailed knowledge of the technology or resources that provide the services so they can proactively deploy rich, robust and secure solutions."

"While Cloud Computing discussions have been prominent, many of the technologies and services associated with it have been around for years and are now maturing and being implemented in new ways to provide dynamic, scalable and virtualized computing infrastructures, platforms and applications," says Howard Schmidt. Many organizations see the attractions of Cloud Computing, from pay-as-you go pricing; avoiding the costs of developing and maintaining infrastructure; meeting peak demand quickly and flexibly; and 'greener' computing. By drawing on their collective expertise, we can help them harness these benefits while protecting their organizations."

The Cloud Computing report will be the latest addition to over 200 leading authoritative reports on information risk and security available to ISF Members. The findings will also be distilled down and incorporated in the next version of the ISF Standard of Good Practice that is available to everyone at https://www.isfsecuritystandard.com/ The ISF is a not-for-profit, international association of approximately 300 leading companies and public sector organizations worldwide dedicated to reducing risk and resolving information security challenges over their 20 year history. In addition to its major body of research, the ISF has also developed advanced information risk methodologies and benchmarking tools. To find out more about the ISF, please visit: www.securityforum.org For press information, contact: Peter Rennison / Allie Andrews, PRPR, Tel: + 44 (0)1442 245030, email: [email protected] or [email protected]