Nebucom LSEC SaaSification Security Bootcamp

Saas Security, Cloud & Virtualization

Tuesday December 1st, 2014 and January 13th, 2015 PM

(change of Date from November 25th to December 1st)  

Starting a SaaS development (or maturing a SaaS) environment is a challenge in various ways, not the least in terms of security and privacy considerations. 

Trusting the cloud (and as such your SaaS environment) is one of the first challenges to cross, not only for your customers. 

SaaS however opens a wide range of opportunities for software vendors and innovators, as it allows quite a number of interesting propositions, not the least the fast route to market and the instant global reach. 

The SaaS offering will need to run on a system, which could be either in your own datacenter, in a public cloud (using Microsoft Azur, Google or Amazon's platforms as example).  Either way, they infrastructure needs to be secured in order to protect your application, your data and information and in many cases, the data of your customers. 
On top of the hardware infrastructure there are a number of applications operating. In cloud environments, usually they are made up of a virtualization architecture, allowing for scaleability and improved manageability. On top of the virtualization environment, a number of web servers, database servers, messaging platforms and other programmed functionalities are the glue of the application and service. Some of these applications have been custom developed, by software engineers and system architects considering the developments, licensing, data encryption and ensuring the high availability. Finally the applications need to be sold, through a payment channel and should be not tampered with on the final appliance where it will operate on. 

During this bootcamp, we will guide you through some of the key challenges that will be facing you in terms of security. This is applied security, on challenges and risks that SaaS providers will face in the course of the development or their lifetime. The plan is to share some of the applied methdologies to do this, guide through some existing frameworks that can be applied during the further developments and architecture definitions. The bootcamp is also intended to share some challenges and experiences and find ways together with other participants on how they overcame some of the challenges. 

Preliminary Program SaaSification Security Bootcamp

1. infrastructure security, the basics, but did you check?
2. virtualization & security 
3. secure software development 
4. privacy by design 
5. securing the application engineering 
6. licensing security
7. web application security 
8. identity and access management
9. impact from regulatory challenges 
10. certification models and self assessments

These bootcamp sessions are intended for both business executives and SaaS architects & developers. The bootcamp will provide guidance for the actual cases participating in the bootcamp, with customised advice and hands-on materials. Participants will be challenged to consider preventing tempering with the operational platform, how reverse engineering in mobile applications could be avoided, what licensing technologies could be applied and how to integrate a secure payment module within the application to allow for additional sales in services, by integrating additional contents and services. Considerations will be provided on how data protection regulation will apply to your SaaS operations will be applicable, and more over what your actions should be in case of a breach. Finally, some suggestions on which certifications should be on the roadmap will be discussed.

Bootcamps will be supported with business and security engineers :

- Erwin Geirnaert, Founder - MD Zion Security, Application Security, Code Review & Testing.
- Wouter Janssen, Axl-Trax, Identity & Access Management 
- Ulrich Seldeslachts, MD LSEC - Leaders In Security, Cloud Security Alliance 

Join us for these two half day bootcamps, where we will examine what exactly those risks are, and evaluate recommended controls, approaches and solutions available. With speakers from academia, the NEBUCOM - Project, LSEC, and leading Security Industry Experts.  

'Navigate and operate the changing IT- landscape, without jeopardizing Enterprise risk posture'

Virtualization and Cloud Computing are ranked the top 2 business driven technology priorities, according to Gartner's survey amongst 2.000 CIO's across 50 countries and 38 industries. While delivering on agility requested by business, they recognize the risk that is associated with emerging technologies and regulatory requirements. Organizations are looking at their Security professionals to help them navigate and operate the changing IT- landscape without jeopardizing its risk posture.

Practical details & Registration:

Event Name: SaaSification Security Bootcamps
Events Date: Monday December 1st from 12.30h  till 5pm and Tuesday January 13th, 2015 from 12.30h  till 5pm
Event Location: Diamant Conference & Business Center, Brussels - Route description

Registration: click here

Price : LSEC, Agoria & Sirris Members and non members: 399 euro/company. Each company can send two participants.

For companies based in Flanders, a KMO portefeuile subsidy might be applicable.