Hear from IT leaders, industry experts and developers at the defining event that brings together the entire cloud computing community.
Senior Technologist, RSA
Dennis Moreau is specialist in the application of leading edge technologies to the solution of complex problems in the Information Systems and Utility Computing management domains. His primary focus is in developing enterprise scale solutions to improve IT efficiency and effectiveness for service, systems, security, compliance and configuration management/optimization. He works actively with the National Institute of Standards and Technology (NIST), the U.S. Department of Defense (DoD) and the Mitre Corporation on the development of security configuration policy compliance standards and serves on the Advisory Board for the Open Vulnerability and Assessment Language (OVAL), a key component of the Security Content Automation Program (SCAP).Dr. Moreau has over than 35 years of experience in evaluating, designing, and implementing complex systems and their management and security infrastructures. Prior to joining RSA’s CTO Office, he was a founder and the Chief Technology Officer for Configuresoft. He was also the Associate Vice President for IT and Chief Technology Officer for Baylor College of Medicine (BCM). He holds a doctorate in Computer Science and has held faculty positions in Computational Medicine and Computer Science (tenured in 1993). Dr. Moreau speaks regularly at IT management and security conferences worldwide.
A significant issue for enterprises moving to private or public clouds is how to trust their provider and its infrastructure with their sensitive workloads. Customers need the ability to assess security standards, trust security implementations, and prove infrastructure compliance to auditors. For business decision managers, considering private clouds that leverage the cost efficiency of virtualization to increase the quality of service to the business is paramount. This session will describe technologies and capabilities that provide reporting on the configuration of the virtual infrastructure used by the customer VMs and tie this to a verifiable measurement of trust in the hardware and hypervisor. This allows customers to be sure the provider is following security best practices, can pass a regulatory audit, and be assured that the provider’s platforms are booting from a secure root of trust, protected from root-kits and other malware. We will describe the hardware and software methods by which these measurements, configuration of the virtual infrastructure, and events reported by the infrastructure are used to generate dynamic and detailed compliance reports that can be used by service providers, auditors, and customers.
The panel session will tackle the topic of Private vs. Public Clouds. The panelists will provide insights into the differing challenges of securely deploying and managing applications and workloads into these cloud architectures as well as the unique security obstacles associated with migrating to, from and across Private and Public Clouds. We will take questions from the audience and will provide opinions and guidance for addressing the risks and stumbling blocks.