LSEC & CSA (Cloud Security Alliance) BeLux, with Nebucom partners Agoria, Sirris & iMinds
An initiative from LSEC, the Cloud Security Alliance BeLux & Nebucom consortium
09.30am Registration, welcome and networking
10.00am Cloud Security in 2014 and beyond, Ulrich Seldeslachts, CEO LSEC
10.20am Love all, trust a few, Mike Chung, Lead Principal, HP
The whole cloud computing concept has been built upon trust relationships. With your most valuable data residing on someone else's platform, depending on other's security software, managed by people from different countries, meaning you are putting your trust on everything but god.
Profile drs. Mike Chung RE: As an auditor, security architect and program director, Mike has made all the classical mistakes in securing other people's data. This presentation is about why you should love, but be careful when trust does matter.
11.20am: Information Centric Security models to enable cloud computing, Henk van der Heijden, Partner, TecHarbor
Security needs to be viewed from a different perspective! The way we have managed security for Business is no longer working. It is a lost battle against the complexity of business usage, IT- means and the threats introduced on a daily basis. Cloud based services that offer great value to business, are withheld due to security issues and concerns. Information Centric Security is the new name of the game. During this speech we will highlight the approach and solutions that can be taken.
About Henk van der Heijden: Henk is an information security professional with over 25 years' experience in IT (Security) sales and services. Henk is co-founder and partner at TecHarbor where he is responsible for Strategy development, Product Selection & Commercial activities of the company. Before starting TecHarbor he has been responsible for the Security Business at CA Technologies as a VP EMEA. He joined CA Technologies' IT Security team in September 2010, to help the organization extend its growth in the identity and access management sector across distributed, virtual, and cloud environments.
12.00 The evolving Data Center: Cloud Based Architecture & Network Security concerns. Renaud Larsen, Palo Alto Networks
While enterprises have fully embraced server virtualization, the true promise of an agile, flexible and extensible cloud remains elusive. One of the barriers to fully embracing cloud computing is network security. Existing network security devices within physical, virtualized, and cloud environments are blind to the applications running across the network—and rogue or unknown applications are often used as common mediums for threats and attacks.
Thanks to virtualization, virtual machines (VMs) can communicate with other VMs on the same hypervisor, creating an assortment of applications and services with different risk classifications and confidential data—all on the same host server. The problem with this flexibility is the challenge in segmenting and enforcing security for 'East-West' traffic communications between these applications. Furthermore, when VMs are created or moved from hypervisor to hypervisor, rack to rack, or datacenter to datacenter—it's difficult trying to apply static security policies to the individual virtual machines. As you evolve your datacenter towards a cloud-based architecture, you begin orchestrating the automated tasks for provisioning workloads (compute, storage, network). Unfortunately, securing these workloads with today's existing network security appliances is a manual, time-consuming process. Security teams simply cannot keep up with how quickly these workloads are being provisioned by the virtual infrastructure teams. These challenges, mitigating strategies and counter measures will be explained in depth in this session.
About Renaud Larsen: Renaud joined Juniper in 2011 as Chief Architect, DC/Cloud Computing. After being the European Marketing Director for VA Linux he created FastTango in 2001. He joined TopSpin in 2003 as the European Business Director. In 2005 he joined Cisco after the TopSpin acquisition. At Cisco he was the European Business Development Manager for SAVBU solutions portfolio. While at CISCO he created SQR Technology focused on True Random Number Generator and Keys Management. In 2010 he worked for Alcatel-Lucent Bell Labs as Director, Cloud Computing. He has three patents pending on virtualisation and an accepted patent on Data Security in a Cloud environment. In 2014 Renaud started as EMEA DC/Virtualization Consulting Engineer at Palo Alto Networks.
13.40pm: Cloudy with a chance of breaches, Jason Hart, SafeNet VP Cloud Services Architecture, Authentication Products
It's not a question of "if" it's a question of "when". At some point in time, the odds are that your organisation will get hacked. It's time for us to re-evaluate our security approach from breach avoidance to breach acceptance. This presentation will re-evaluate security approaches from breach avoidance to breach acceptance; and explain how to gain actionable information to proactively protect your most valuable assets when the breach does occur.
14.20pm Cloud as opportunity for enhanced Security, Martin Borrett, Director Cyber Security, IBM
About Martin Borrett: Martin Borrett is the Director of the IBM Institute of Advanced Security in Europe. He leads the Institute and advises at the most senior level in clients on policy, business, technical and architectural issues associated with security. Martin leads IBM's Security Blueprint work and is co-author of the IBM Redbooks "Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security" and "Understanding SOA Security" . He is Chairman of the European IBM Security User Group community and a member of the Royal Society's Cybersecurity Research Steering Group. He is a Fellow of the British Computer Society, and a Chartered Engineer (CEng) and member of the IET. Martin has a passion for sailing and has represented Great Britain; he is also a keen tennis player
15.00pm Coffee Break
15.20pm: "Business, rewritten by software", Bart Bosma, Principal Consultant, CA Technologies
Cloud, mobile, and social media have changed the face of security and enterprises must be open in order to leverage this. The ramifications are disturbing: the traditional network perimeter is disappearing and security is no longer about protecting the business only, but about enabling users to do what they need to do by providing secure and convenient access to their apps and data, anytime, anywhere, and from any device.
About Bart Bosma: Bart has been working in IT for more than 20 years and has focused on Information Security for the past 15 years. At CA technologies, he has been involved in projects around Cloud security and traditional security. Before CA Technologies he has worked for Qualys, Dimension Data and Ubizen/Cybertrust.
16.00pm: Untying the legal knots: new initiatives around standardized SLAs and data protection rules, Hans Graux, ICT Lawyer - time.lex
This presentation will focus on two well-known challenges in cloud computing, which create particular problems for EU based cloud providers. On the one hand, there are the restrictive privacy protection rules, which make it difficult for EU cloud providers and cloud customers to comply with the law. On the other hand, there are frequent discussions on appropriate service levels: what happens when a cloud service goes offline, and what kinds of service level agreements (SLAs) are appropriate? New initiatives within the EU and ISO aim to resolve some of these problems. Hans Graux will briefly present their scope and potential future impact.
16.30pm: Drinks and networking
17.00pm: End of seminar
About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders
"Software as s Service" is rapidly changing the way software companies bring their products and services to the market. Thanks to SaaS, companies can now reach a global audience instantly. In Belgium, many software builders are considering a transition towards a SaaS offering. Sirris, Agoria, IMinds and LSec joined forces to help Belgian software companies make this transition, by organizing workshops and information sessions that help you understand the challenges and solutions for going Cloud and SaaS.
Cloud Security Alliance BELUX Event - abstract -
Join the Cloud Security Alliance, with LSEC, Agoria, Sirris & iMinds for this half day seminar and evaluate how to seize the opportunities that cloud brings, while not jeopardizing the organizations' security posture. We will discuss the risks that are associated with the virtualization of enterprise components and moving parts of the business and operations into the cloud, evaluate counter measures available, and provide practical guidance and best practices from the industry. From the Nebucom project; special attention will also be provided on securing 'Saasification'.
Practical details & Registration
Event Name: Cloud Security Alliance BELUX Event
Event organizers: Cloud Security Alliance, LSEC, Agoria, Sirris & iMinds
Date: Monday 29 September 2014 from 10am till 5pm
Location: Diamant, Brussels - Belgium
Registration: Click here
About the organizers
CSA: The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders
Nebucom : SaaSification support for independent software vendors, migrating to the cloud. Bootcamps, knowledge sharing, advisory services, ...
LSEC (www.lsec.be) : not for profit organization & security cluster; uniting stakeholders from industry, academia, government and the end user community.
Agoria (www.agoria.be) : branche organization, uniting and defending the interests of organizations operating in the ICT industry.
Sirris: (www.sirris.be) : The collective centre of the Belgian technological industry. Sirris helps companies in the implementation of technological innovations, enabling them to strengthen their competitive position over the long-term.
iMinds: (www.iminds.be) : iMinds is an independent research institute founded by the Flemish government. The iMinds team offers companies and organizations active support in research and development