Cloud Connect
Santa Clara , 2011
Santa Clara Convention Center
Santa Clara Convention Center
Every time there's a major disruption in how we compute, there are new risks. Email, the web, and mobile computing each heralded in a new wave of hacks and attacks, and clouds are no exception. In this track, we'll look at new weaknesses of both public and private clouds, and how to protect yourself through encryption, auditing, new technologies, and proven best practices.
| Tuesday, March 8 | |
|---|---|
|
It is one thing to be concerned about cloud computing security due to loss of control and quite another to really assess the impact on risk compared to traditional IT environments. Organizations must consider how threats change in the cloud. This session will assess the architectural differences of the cloud and discuss how the changes impact threats. Speaker - Pete Lindstrom, Security Professional, Spire Security  Pete Lindstrom has 20+ years of experience in finance and information technology with the US Marine Corps, Coopers & Lybrand (now PwC), GMAC Mortgage, Wyeth Pharmaceuticals, Burton Group, Hurwitz Group, and Spire Security, his current firm. As a security professional, he has been an IT Auditor (external and internal), Security Operations Director, and Industry Analyst. His research focuses on applying old concepts of security and risk to new technologies and architectures. Pete is a frequent speaker and writer and is the Chief Operating Officer for the Information Systems Security Association (ISSA). | |
|
A significant issue for enterprises moving to private or public clouds is how to trust their provider and its infrastructure with their sensitive workloads. Customers need the ability to assess security standards, trust security implementations, and prove infrastructure compliance to auditors. For business decision managers, considering private clouds that leverage the cost efficiency of virtualization to increase the quality of service to the business is paramount. This session will describe technologies and capabilities that provide reporting on the configuration of the virtual infrastructure used by the customer VMs and tie this to a verifiable measurement of trust in the hardware and hypervisor. This allows customers to be sure the provider is following security best practices, can pass a regulatory audit, and be assured that the provider’s platforms are booting from a secure root of trust, protected from root-kits and other malware. We will describe the hardware and software methods by which these measurements, configuration of the virtual infrastructure, and events reported by the infrastructure are used to generate dynamic and detailed compliance reports that can be used by service providers, auditors, and customers. Speaker - Dennis Moreau, Senior Technologist, RSA  Dennis Moreau is specialist in the application of leading edge technologies to the solution of complex problems in the Information Systems and Utility Computing management domains. His primary focus is in developing enterprise scale solutions to improve IT efficiency and effectiveness for service, systems, security, compliance and configuration management/optimization. He works actively with the National Institute of Standards and Technology (NIST), the U.S. Department of Defense (DoD) and the Mitre Corporation on the development of security configuration policy compliance standards and serves on the Advisory Board for the Open Vulnerability and Assessment Language (OVAL), a key component of the Security Content Automation Program (SCAP).Dr. Moreau has over than 35 years of experience in evaluating, designing, and implementing complex systems and their management and security infrastructures. Prior to joining RSA’s CTO Office, he was a founder and the Chief Technology Officer for Configuresoft. He was also the Associate Vice President for IT and Chief Technology Officer for Baylor College of Medicine (BCM). He holds a doctorate in Computer Science and has held faculty positions in Computational Medicine and Computer Science (tenured in 1993). Dr. Moreau speaks regularly at IT management and security conferences worldwide. Speaker - Steve Orrin, Director of Security Solutions, Intel Corporation  Steve Orrin is the Director of Security Solutions at the Intel Corporation and a regular speaker at nationally recognized conferences on Security, Privacy, and Web Services topics. Previously Orrin served as Chief Security Officer of Sarvega, Inc., (acquired by Intel, inc.) a computer and network security startup which deployed the world's first XML appliance in production in 2001. Prior to his work at Sarvega, Orrin was vice president of security and technology at Watchfire, Inc. responsible for the product development of Watchfire's web application security and privacy software product lines. He has also acted as CTO of Sanctum, a pioneer in Web application security testing and firewall software. Steve was also CTO and co-founder of LockStar Inc., a provider of end-to-end security and web services solutions designed to help organizations deploy web-enabled legacy applications for ebusiness. Steve co-founded LockStar after he left SynData Technologies, Inc. where he was CTO and chief architect of its desktop email and file security product. A recognized expert and frequent speaker on enterprise security, he has developed several patent-pending technologies covering user authentication, secure data access and steganography and has one issued patent in steganography. Steve is a member of several leading industry organizations and is published in several scientific and medical journals. Steve holds an honors degree in research biology from Kean University. | |
|
While Cloud computing and virtualization technologies offer many benefits there are potential information security and assurance pitfalls. In addition to all of the standard information security practices that must still be adhered to, virtualization environments introduce some new factors that must be considered in a complete assurance program. This presentation will discuss an operators view of Cloud security issues and one set of solution approaches. Speaker - Mario D Santana, Secure Information Services, Terremark Worldwide Mario joined the Secure Information Services group at Terremark Worldwide, Inc. in January 2006. He manages the Analytics team within the group, which develops leading-edge security analysis techniques, in support of threat intelligence, incident response, and managed security services. He also manages various security-related projects across the company, and consults with Terremark clients on topics of security, technology, and risk management. Formerly, Mr. Santana founded an identity management technology company, and worked in IT for over 20 years. | |
|
The panel session will tackle the topic of Private vs. Public Clouds. The panelists will provide insights into the differing challenges of securely deploying and managing applications and workloads into these cloud architectures as well as the unique security obstacles associated with migrating to, from and across Private and Public Clouds. We will take questions from the audience and will provide opinions and guidance for addressing the risks and stumbling blocks. Moderator - Steve Orrin, Director of Security Solutions, Intel Corporation Steve Orrin is the Director of Security Solutions at the Intel Corporation and a regular speaker at nationally recognized conferences on Security, Privacy, and Web Services topics. Previously Orrin served as Chief Security Officer of Sarvega, Inc., (acquired by Intel, inc.) a computer and network security startup which deployed the world's first XML appliance in production in 2001. Prior to his work at Sarvega, Orrin was vice president of security and technology at Watchfire, Inc. responsible for the product development of Watchfire's web application security and privacy software product lines. He has also acted as CTO of Sanctum, a pioneer in Web application security testing and firewall software. Steve was also CTO and co-founder of LockStar Inc., a provider of end-to-end security and web services solutions designed to help organizations deploy web-enabled legacy applications for ebusiness. Steve co-founded LockStar after he left SynData Technologies, Inc. where he was CTO and chief architect of its desktop email and file security product. A recognized expert and frequent speaker on enterprise security, he has developed several patent-pending technologies covering user authentication, secure data access and steganography and has one issued patent in steganography. Steve is a member of several leading industry organizations and is published in several scientific and medical journals. Steve holds an honors degree in research biology from Kean University. Panelist - Dennis Moreau, Senior Technologist, RSA Dennis Moreau is specialist in the application of leading edge technologies to the solution of complex problems in the Information Systems and Utility Computing management domains. His primary focus is in developing enterprise scale solutions to improve IT efficiency and effectiveness for service, systems, security, compliance and configuration management/optimization. He works actively with the National Institute of Standards and Technology (NIST), the U.S. Department of Defense (DoD) and the Mitre Corporation on the development of security configuration policy compliance standards and serves on the Advisory Board for the Open Vulnerability and Assessment Language (OVAL), a key component of the Security Content Automation Program (SCAP).Dr. Moreau has over than 35 years of experience in evaluating, designing, and implementing complex systems and their management and security infrastructures. Prior to joining RSA’s CTO Office, he was a founder and the Chief Technology Officer for Configuresoft. He was also the Associate Vice President for IT and Chief Technology Officer for Baylor College of Medicine (BCM). He holds a doctorate in Computer Science and has held faculty positions in Computational Medicine and Computer Science (tenured in 1993). Dr. Moreau speaks regularly at IT management and security conferences worldwide. Panelist - Pete Lindstrom, Security Professional, Spire Security Pete Lindstrom has 20+ years of experience in finance and information technology with the US Marine Corps, Coopers & Lybrand (now PwC), GMAC Mortgage, Wyeth Pharmaceuticals, Burton Group, Hurwitz Group, and Spire Security, his current firm. As a security professional, he has been an IT Auditor (external and internal), Security Operations Director, and Industry Analyst. His research focuses on applying old concepts of security and risk to new technologies and architectures. Pete is a frequent speaker and writer and is the Chief Operating Officer for the Information Systems Security Association (ISSA). Panelist - Mario D Santana, Secure Information Services, Terremark Worldwide Mario joined the Secure Information Services group at Terremark Worldwide, Inc. in January 2006. He manages the Analytics team within the group, which develops leading-edge security analysis techniques, in support of threat intelligence, incident response, and managed security services. He also manages various security-related projects across the company, and consults with Terremark clients on topics of security, technology, and risk management. Formerly, Mr. Santana founded an identity management technology company, and worked in IT for over 20 years. Panelist - Joe Fantuzzi, President & CEO, Agiliance  Joe drives the company's overall busines direction, strategy and execution, reporting to the Board of Directors. He is an expert at creating high-growth, venture-backed businesses in emerging technology markets and helped build over $3b in market valuation as an executive for industry leaders. | |
Take a deep dive into related cloud security topics in pre-conference workshops.
| Monday, March 7 | |
|---|---|
|
Cloud Computing promises many things. Depending upon who you listen to, moving your applications and information to "The Cloud" will provide levels of security, when compared to "legacy enterprise IT," that will either be vastly superior or apocalyptic.There is such a conflation of deployment and delivery models that it's incredibly difficult to ascertain where the lines of responsibility and accountability for the security (and compliance) are drawn between the customer, provider and consumer. We're going to fix that in this workshop. You Will Learn: You will learn how to decipher Cloud Computing offerings and apply relevant assessment methodologies that will help you make balanced decisions about what, where and how you may -- or may not -- use Cloud Computing to your advantage. We will frame this in a manner that is aligned with your specific tolerance for risk, security, compliance and privacy requirements. You will understand what you need to change and what your provider should offer you in order to meet these requirements. Who Should Attend: • Technical CISOs, CIOs • Network and security architects, engineers and operators • Auditors/Assessors Instructor - Christofer Hoff, Director of Cloud and Virtualization Solutions, Security Technology Business Unit, Cisco  Chris Hoff has 20 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud. Instructor - Gunnar Peterson, Managing Principal, Arctec Group  Gunnar Peterson is a Managing Principal at Arctec Group, an Architecture and Security consulting firm. He is focused on distributed systems security for large mission critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start ups Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, an Associate Editor for Information Security Bulletin, a contributor to the SEI and DHS Build Security In portal on software security, a Visiting Scientist at Carnegie Mellon Software Engineering Institute, and an in-demand speaker at security conferences. | |
