6th annual Cloud Slam 2014 Cloud Computing Conference, San Francisco CA, June 4, 2014. Cloud Computing Events 2014 - security

Panel: Cloud Security and Compliance for the Enterprise

Wed, 21 May 2014 23:18:29 +0000

There is still much speculation around the security and privacy implications of applications in the cloud. With speculation comes fear, and with fear come misinformation and myths. This panel session will address many of these myths and uncertainties about apps in the cloud. It will provide guidance for how businesses can evaluate cloud vendors from a security and privacy perspective, and will offer a glimpse into best practices to protects the data and the privacy of your users.
Core topics to be addressed:
- Centralized cloud governance model;
- Achieving service availability with higher security at a lower cost level;
- How security is built-in in cloud services;
- Enabling data integrity, privacy and security for integrations;
- Adopting cloud standards
- Security and protection of IP and sensitive data in the cloud;
- Enforcing data constraints on residency and privacy;
- Making data available in reliable and secure way;
- Getting high performance, while preserving security
- Using big data to mitigate advanced persistent threats;
- Solutions for cross firewall collaboration.

Speakers:

Jacob West is chief technology officer for Enterprise Security Products (ESP) at HP. In this role, West helps to architect the security roadmap for the ESP portfolio and leads HP Security Research (HPSR), which drives innovation with research publications, threat briefings, and actionable security intelligence.
Prior to this role, West served as chief technology officer for Fortify products and leader of Software Security Research within HP ESP. West has spent more than a decade developing, delivering, and monetizing innovative security solutions, beginning with static analysis research at the University of California, Berkeley and as an early security researcher at Fortify prior to its acquisition by HP.
A world-recognized expert on software security, West co-authored the book, “Secure Programming with Static Analysis” with colleague and Fortify founder, Brian Chess, in 2007. Today, the book remains the only comprehensive guide to how developers can use static analysis to avoid the most prevalent and dangerous vulnerabilities in code.
West is co-author of the Building Security in Maturity Model and is a frequent speaker at industry events, including RSA Conference, Black Hat, Defcon and OWASP. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California.

Eran Feigenbaum, Director of Security, Google Apps
As Director of Security for Google Enterprise, Eran defines and implements security strategy for Google Apps. Prior to joining Google in 2007,

Eran was the U.S. Chief Information Security Officer for PricewaterhouseCoopers (PwC).

Earlier, Eran spent several years designing and implementing high-performance cryptosystems for electronic commerce solutions for Fortune 1000 clients and government agencies.

He holds a bachelor’s degree in electrical and computer engineering from the University of California at Irvine, and an MBA from Pepperdine University.

Eric Tan, PwC Director, Assurance Technology Center of Excellence, Silicon Valley Eric is an assurance director based out of PwC's Silicon Valley Technology Center of Excellence. He has significant experience successfully helping technology compliance organizations manage risk and compliance over their technology projects and information governance, risk and compliance solutions. Eric is a lead director within PwC's Cloud Assurance practice. His responsibilities includes assisting companies with compliance, security and privacy issues related to cloud services and performing attestation services to cloud service providers. He is a key contributor to the firm's strategy, point of view and thought leadership on cloud computing. Eric's experience includes developing IT strategic plans, leading large-scale system implementation assessments, performing risk and security diagnostics; and implementation of compliance and control solutions. His experience specific to cloud computing includes developing internal controls for a cloud ERP company, leading a Salesforce.com CRM assessment, conducting cloud vendor assessments and helping a financial services firm determine their Infrastructure as a Service (IaaS ) strategy. Google, eBay, LinkedIn, Tibco, Akamai, Novell, Genzyme, Biogen, Thermo Fisher Scientific are among the many clients he has served. He is a regular speaker at ISACA events and served as a keynote speaker and panelist on various conferences including the recent He is a regular keynote speaker and panelist at topical events and conferences, including the recent 2013 Global Institute of Internal Audit Conference, 2012 Edison Electric Institute Conference, Cloud Connect 2011 and UP 2011 Cloud Computing Conference in Silicon Valley.

David Linthicum, Research Analyst, Gigaom Research
David (Dave) S. Linthicum is an internationally recognized industry expert and thought leader, and the author and coauthor of 13 books on computing, including the best-selling “Enterprise Application Integration” (Addison Wesley). Dave keynotes at many leading technology conferences on cloud computing, SOA, Enterprise Application Integration, and enterprise architecture, and has appeared on a number of TV and radio shows as a computing expert. Dave’s latest book is “Cloud Computing and SOA Convergence in Your Enterprise, a Step-by-Step Approach.”Dave is an internationally recognized industry expert and thought leader, and the author and coauthor of 13 books on computing, including the best-selling “Enterprise Application Integration” (Addison Wesley). Dave keynotes at many leading technology conferences on cloud computing, SOA, Enterprise Application Integration, and enterprise architecture, and has appeared on a number of TV and radio shows as a computing expert. Dave’s latest book is “Cloud Computing and SOA Convergence in Your Enterprise, a Step-by-Step Approach.”

Keywords:

Speaker First Name:

(Moderator) Eric

Speaker Last Name:

Tan

Speaker Job Title:

Director

Speaker's Company Name/Affiliation:

PwC LLP

Speaker Bio:

Speaker's Postal Address:

Emerald Ballroom

Wednesday, June 4, 2014 - 13:50

What cloud is your data in?

admin — Tue, 09 Apr 2013 15:56:16 +0000

New global research conducted in January 2013 measured where end users are seeing challenges with IT, the usability of solutions, and security. Results show more than half of 674 respondents are compelled by slow or overly restrictive IT, or solutions or security that lack usability, to use workarounds either every day or sometimes. Such workarounds are out of compliance with policy and bring additional privacy and security risk. Many types of workarounds, such as apps on personal devices, texting, or social media, drive sensitive data into clouds other than those where the sensitive data is supposed to be. This in turn can drive confidentiality, integrity and trans-border data flow risks. Join this session to hear about this research, how end user behavior with personal, corporate or thin client mobile devices can drive sensitive data into other clouds and add risk. Explore practical strategies and best practices to effectively mitigate these risks and secure data in the collective cloud.

Keywords:

Speaker First Name:

David

Speaker Last Name:

Houlding

Speaker Job Title:

Healthcare Privacy & Security Lead

Speaker's Company Name/Affiliation:

Intel Healthcare IT

Speaker Bio:

David Houlding is the Healthcare Privacy & Security Lead at Intel, with more than 20 years of experience in healthcare, enterprise architecture and privacy & security. David is responsible for tracking healthcare trends, privacy & security risks they drive, and best practices for managing risks globally. As the former Lead Architect for the Intel Health Guide System, and prior to that the Chief Architect of Perot Systems Healthcare Payer Systems, David has extensive experience in healthcare (provider and payer) and privacy & security. With several patents granted by the USPTO, David has a proven track record for innovation. David is a CISSP (Certified Information Systems Security Professional), a CIPP (Certified Information Privacy Professional), and has a Master of Applied Science in Data Compression and Digital Signal Processing from Simon Fraser University, British Columbia, Canada. David has presented keynotes and sessions, and participated in panel discussions at numerous major industry conferences including HIMSS, mHealth Summit, Strata Rx, HealthTech NextGeneration, InfoSec, NIST HIPAA Security Conference, iHT2 Health IT Summit, NIST Security Automation Conference, Enterprise Architecture Practitioners Conferences, Innovation Insights, and several other conferences. He has published and contributed to numerous articles in major trade journals including Healthcare Technology Online and Dr. Dobb’s Journal. David has also made contributions to book publications including XML Unleashed, and has been interviewed for newspaper and other articles.

Speaker's Company Logo:

Speaker's Headshot Photo:

Speaker's Postal Address:

n/a

Oregon Room

Tuesday, June 18, 2013 - 10:10

Fast Tracking Your Cloud Risk Strategy

revan — Tue, 02 Apr 2013 21:38:40 +0000

Will your Cloud fail the next audit? Do you have a handle on your risk strategy for the Cloud? Is this level of maturity only suited for Enterprises with large budgets? Can smaller organizations effectively manage risk as they consume Cloud services? They can!
Asset Classification, Questionnaires, and Risk Assessment; these tools are essential to manage Cloud Computing related risk. This session will outline how to build a scalable Cloud risk strategy based on ISO 27001, CSA Guidance and 3rd party attestations. This talk will set the tone and enable delegates to come home and fast track a Cloud Risk Strategy in their environment.

Cloud Security is only valuable if you have a robust process to identify risk. Managing risk for consuming Cloud is often overlooked. Many organizations feel that only the largest Enterprises can afford to understand and assess the potential or future risks. Instead of security, they focus on the perceived outcome of utilizing the Cloud, the supposed silver lining and use cases.

In this session, we will describe how to fast track a Cloud Risk Strategy. We will discuss how MARS built an effective toolkit based on trusted industry tools: ISO 27001, Cloud Security Alliance Guidance, and 3rd party attestations.

We will bring to true-to-life examples and case studies how this was done at a $34B enterprise and can scale to your environment. We will explain how CSA and ISO 27001 set the tone for our Cloud risk assessment strategy. We will rationalize how these were complemented by external attestations such as SOC1/2/3, penetration, vulnerability tests. We will expand on area of concerns for organizations of all sizes: SMB to Enterprise.

We will discuss how one gets started by providing a checklist driven roadmap to fast-track a Cloud risk strategy. We will start with identifying assets and their overall value to your organization. We will jump into the deep-end on asset classification and explore the particular importance of understanding implementation models and mapping out your data-flow. We will identify how this feeds into a holistic questionnaire that will poke holes through vendor Cloud Security practices. We will educate our delegates on how to ask vendors difficult questions and elicit responses from vendors who don't want to divulge information.

We will illustrate how to paint risk to the c-suite in an effective and compelling format. We will highlight practical recommendations for contractual negotiations, privacy, liability, exit-clauses and overall governance strategies to keep the sun shining through our Clouds.

In summary, building a Cloud risk strategy isn’t just suited for the largest Enterprises. By leveraging a pragmatic and scalable framework built on industry standards, we have defined best practices and lessons learned that organizations can leverage to effectively manage risk in their Cloud journey.

Keywords:

Speaker First Name:

Nikita

Speaker Last Name:

Reva

Speaker Job Title:

Senior Engineer, Global Information Security Engineering

Speaker's Company Name/Affiliation:

MARS Inc.

Speaker Bio:

Nikita Reva brings over 8 years of experience in Network and Information Security. Currently he works for MARS Inc., a Consumer Packed Goods leader with a portfolio of Global Billion dollar brands like Snickers, M&Ms, Pedigree Pet Food and Wrigley Gum. In his current role as Senior Engineer, Global Information Security Engineering, Nikita manages Global Information Security projects involving engineering technical security solutions to manage risk. Prior to MARS, Nikita focused on Auditing Information Security for Credit Unions and Banks. Nikita holds a Masters in Information Security from DePaul University and leading security certifications. Nikita is also an active board member of Cloud Security Alliance Chicago, ISACA Chicago and co-founded a monthly forum for Chicago’s Security professionals. Nikita has spoken at security conferences around the world.

Speaker's Company Logo:

Speaker's Headshot Photo:

Speaker's Postal Address:

5445 North Sheridan Chicago, IL 60640

Nevada Room

Tuesday, June 18, 2013 - 15:05

Sonian and Big Data

admin — Fri, 27 Apr 2012 21:04:50 +0000

How would you define "big data"? To Sonian, "big data" is a cloud-powered data repository designed to manage. But it took a long time to get to this point - "big data" has taken a significant journey over the past few years. We've seen it morph into various themes; a big career opportunity for data scientists; the system of record; how the cloud can be used to effectively solve the data problem; and many others. Regardless of the form "big data" takes, it seems as though there are endless possibilities to success.

Speaker First Name:

Greg

Speaker Last Name:

Arnette

Speaker Job Title:

CTO & Founder

Speaker's Company Name/Affiliation:

Sonian

Speaker Bio:

Greg Arnette has more than 15 years of experience in messaging, collaboration, Internet and networking, having created messaging products and services starting with AlertWare and most recently IntelliReach, which was acquired by Infocrossing in 2006. Since 2006, Greg has been developing Web-based information management solutions leveraging open source technology with virtualization infrastructure. As Sonian’s CTO, Greg is responsible for the company’s product vision, technical innovation and engineering leadership. Greg has most recently spoken at MassTechnology Leadership Council’s “Find the Right Way to the Cloud,” discussing the keys to building a cloud-powered platform that is successful. He has also presented at the Cloud Control Conference and Exhibit, Canaccord Growth Conference, and Lotusphere.

Speaker's Headshot Photo:

Speaker's Twitter profile:

@sonian

Speaker's Postal Address:

n/a

Chip Design and Cloud Computing: a Perfect Storm

Fri, 30 Mar 2012 13:43:27 +0000

Chip design is at the core of consumer electronics: smart phones, tablets, computers, HDTV, networking, etc. It is a $300B market that has been following Moore’s Law for 40 years: double the transistors density every two years.

This exponential complexity growth is reaching the limit of conventional computing frameworks. A single logical simulation of a chip exceeds 20 CPU years. Physical verification, which checks that a chip meets strict manufacturability rules, is reaching 100 CPU years. Many of these simulations are needed throughout a chip design cycle.

Chip design depends on the EDA industry (Electronic Design Automation), which provides the software to design, test, manufacture, and verify VLSI circuits. EDA sells TBLs (Time Based Licenses), usually for durations of 1 to 3 years, at prices ranging from $5,000 to more than $300,000. Because of TBLs, it can be very expensive to exploit the parallelism of some tasks (e.g., simulation), since every node must acquire a license.

EDA also provides ready-to-use hardware functional blocks, called silicon IPs (Intellectual Properties), that are optimized for speed, area, or power consumption. As reflected by their name, silicon IPs must be protected from intruders looking for replicating their features. In general, chip makers are extremely sensitive to security, as innovative designs and features can make or break a company.

Last but not least, it is estimated that 30 to 40% of all EDA software use happens via pirated licenses.

Need for burst computing, rigid TBLs, extreme security needs for both vendors and customers, and a pervasive software piracy: we show how cloud computing is revolutionizing the chip design and EDA industries. We explain the move from computing farms and time-based software licenses, to elastic computing and per-pay-use business models. Although elastic computing is a benefit that nobody denies, the transition from TBL to pay-as-you-go poses complex problems in terms of software usage control and business models. Also the amount of data that needs to migrate in and out of the cloud can become a bottleneck. We show that a common cloud platform to deploy and use software for the lifetime of a project (usually several months) enables new benefits for the EDA vendors and their customers –monitoring, cost optimization, version control, flexible account, etc. We discuss the security aspects of the platform for both vendors and customers --software, IP, and design. We finally discuss the impact of this evolution on EDA software piracy. All these themes will be illustrated by real-life examples.

Keywords:

Speaker First Name:

Olivier

Speaker Last Name:

Coudert

Speaker Job Title:

CTO

Speaker's Company Name/Affiliation:

SiCAD

Speaker Bio:

I have been working 20+ years in software architecture and product development, including 8 years in start-ups. I built several products from scratch for the EDA industry. I have published 50+ technical papers, and I have been in numerous panel and tutorials. I am a prominent advocate for a radical move of the chip and EDA industry to public clouds, for scalability, business, and security reasons.

Speaker's Company Logo:

Speaker's Headshot Photo:

Speaker's LinkedIn Profile:

http://www.linkedin.com/in/oliviercoudert

Speaker's Twitter profile:

@ocoudert

Speaker's Postal Address:

SiCAD Inc. 19925 Stevens Creek Blvd., Suite 100 Cupertino, CA 95014

Choosing the right cloud provider

Mon, 26 Mar 2012 01:33:33 +0000

Choosing a cloud provider is critical. Making a bad choice can ruin a company and your career. Learn how to make sure you make the right choice.

In this session we will cover
1. What to ask about the company that you will be partnering with
2. What to make sure is in the contract
3. All the technical questions around authentication, authorization and access
4. How to make sure you can administer the system after
5. How to make sure it integrates with what you have today and will have tomorrow
6. What to think about from a staffing perspective
7. What you need to know about API’s and integration

In the end you will be able to confidently choose the right cloud provider for your company, whether it’s a software as a service play, infrastructure or platform as a service.

Enterasys has nearly 80% of our core applications in the cloud. Attend this session and learn from a company that has been using the cloud since 2003. We’ve been there. We’ve done that.

Keywords:

Speaker First Name:

Rich

Speaker Last Name:

Casselberry

Speaker Job Title:

Director of IT infrastructure

Speaker's Company Name/Affiliation:

Enterasys Networks

Speaker Bio:

Rich Casselberry is director of IT Operations for Enterasys Networks in Andover, Mass. He is responsible for the company's IT infrastructure and ensuring that employees around the world have reliable, secure access to the IT resources they need to do their jobs. His organization also manages the company's telecom equipment and services, systems support, help desk services, and internal and external Web sites. Casselberry has held a number of key IT management positions for enterprises, consulting organizations and in the public sector in his career. He joined Enterasys in 2001 when the company emerged from the former Cabletron Systems of New Hampshire. He rose to his current position in 2004. He was with Cabletron from 1990 to 1995 and 1999 to 2001 in a variety of increasingly senior IT positions. From 1995 to 1997 Casselberry was IT manager for Current Technology, a consulting company based in New Hampshire. He served as the IT director for the town of Sanford, Maine, from 1997 to 1999. Casselberry was also a contributing author of the following books, published by Que: "Running a Perfect Website with Apache," "Webmaster's Expert Solutions," and "Special Edition Using Intranet HTML." He was the lead author of "Running a Perfect Intranet." In addition he has been published in various periodicals such as CIO.com and Infoworld.

Speaker's Headshot Photo:

Speaker's LinkedIn Profile:

http://www.linkedin.com/in/richcasselberry

Speaker's Twitter profile:

richcasselberry

Speaker's Postal Address:

50 Minuteman Rd Andover MA 01810