Cloud Security Summit

Thursday, March 22, 2018 8 CPEs
9:00 AM – 5:00 PM 

Cloud security is an ever-growing concern, as businesses large and small hand off more and more computing to third-party providers. Within the foreseeable future, it’s likely that businesses will own less technology infrastructure than they outsource, which will allow for higher concentration on core competencies—be it selling home goods, manufacturing lawnmowers or providing hospitality services. 

Relying on cloud providers, though, doesn’t mean outsourcing responsibility for data security; data owners and their security teams must change their approach to data security, examining more closely trust relationships, third-party risk, remediation strategies and change management, to name just a few areas of concern. The Cloud Security Summit will take a close look at these topic and more, providing opportunities for thought- sharing and hands-on learning with peers and experts in the space.

9:00 AM – 10:00 AM 
Cloud Provider Partners: A New Market for Security and Success in the Cloud
Tim Sandage, Senior Security Partner Strategist, Amazon Web Services

As the relationships continue to evolve between cloud service providers and partners’ program members, those that understand the needs of channel partner program members in cloud-based workloads are in a great position to secure workloads in the cloud. One of the ways this can be done is by integrating cloud security partners such as CloudCheckr, which provides more than 400+ best practices check for both AWS and Microsoft Azure. This, in turn, can be integrated with other security solutions such as Allgress risk management solution, and cloud customers can easily prove compliance capabilities of their cloud-based workloads with greater visibility, transparency, and alignment of their cloud deployments to the specific security controls such as NIST 800-53, PCI, HIPAA, etc. to their cloud-based services.

In this introductory session, we’ll level set on the cloud landscape—from the most well-known players to lesser-known integrators and partners—and take a look at how companies can better secure workloads in the cloud.

10:15 AM - 12:15 PM 
Tabletop Exercise: Infosec Lifecycle for the Cloud
Steve Orrin, Chief Technologist, Intel

This interactive exercise will highlight the challenges and options when looking to adopt cloud architectures for various enterprise applications, workloads, and data of differing sensitivity and compliance requirements. Attendees will game through several scenarios, participating as different stakeholders in the cloud solution lifecycle including CSP, ISV, security and audit, business and data owner, and security vendors. The scenarios will walk through common decisions and choices that need to be made, pitfalls and challenges faced, and focus on varying viewpoints and goals of the different parties involved.

Attendees will gain valuable notions of how best to confront the challenges and key decisions in securing and deploying to multiple cloud solution architectures.

12:15 PM – 1:15 PM Networking Lunch

1:15 PM – 2:00 PM 
Cloud Security: Shifting Time, Techniques and Tools
Mark Butler, CISO, Qualys

Security leaders have had to juggle the timeless trade-offs between risk management (lowering risk, securing the enterprise, limiting access) and value creation (new business projects, new app deployments, enabling new services and users). Shifting when (time) and how (techniques) with cloud-ready security tools will enable digital transformation initiatives, reduce risk, and create value. 

During this session, we’ll explore how you can affect digital transformation in your organization by taking a fresh look at cloud initiatives through positive programmatic choices.

2:00 PM – 2:45 PM 
Making Lemonade with (Data) Lemons
Steve Orrin, Chief Technologist, Intel

A significant issue for enterprises moving to private or public clouds is how to trust the infrastructure and providers with their sensitive workloads. Customers need the ability to assess security standards, trust security implementations, and prove infrastructure compliance to auditors.

This session will highlight the issues with cloud architectures and discuss ways to achieve visibility, compliance, and security. We will examine solution stacks that enable trusted computing and illustrate several usages that demonstrate policy enforcement, compliance, and end-to-end trust in the cloud. We will describe the hardware and software methods by which these measurements, configuration of the virtual infrastructure, and events reported by the infrastructure are used to generate dynamic and detailed compliance reports and enforce security policies and controls on virtual and cloud workloads.

The session will also examine how organizations can monitor and enforce geolocation restrictions, ensuring that their workloads in the cloud are deployed on trusted hardware in known locations to meet security policy compliance. Trusted geolocation allows organizations to establish security and physical boundaries that limit which systems process and store sensitive information and applications in the cloud.

3:00 PM – 4:30 PM 
Tabletop Exercise: Automating Security in the Cloud – Modernizing Technology Governance
Tim Sandage, Senior Security Partner Strategist, Amazon Web Services

Up-front design of your cloud environment can be done in a way that helps create a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to help provide reliable operational security control capability across the organization, such as: 

  • Organizational governance
  • Asset inventory and control
  • Logical access controls
  • Operating system configuration
  • Database security 
  • Applications soecurity cnfigurations 

This session will focus on:

1. Understanding your organization’s security and compliance capabilities and your shared responsibility for security as you migrate resources to the cloud; 

2. Introduction to "Secure by Design" principles which support security at scale as you increase your use of cloud resources; and, 

3. Demonstrating how an AWS environment can be configured to help provide reliable operational security control capability across your organization, such as organizational governance, asset inventory and control, logical access controls, operating system configuration, database security, and applications security configurations 

Why this session 

Cloud Computing is becoming the new normal, the question isn’t “if” anymore, it’s just “how fast can we move?” and “what are we going to move first?” Because of this trend, organizations need to understand their security and compliance capabilities and shared responsibilities for security as they migrate resources to the cloud. Organizations need to start with a “Secure by Design” approach, which supports security at scale as they increase their use of cloud resources.

4:30 PM – 5:30 PM 
Panel: Handling Dynamic Business Challenges in the Cloud
All

This engaging and interactive discussion will not only bring out the challenges of managing a cloud infrastructure, application stack, and sensitive data for the business in a cloud solution, but also ensure attendees can meet dynamic changes in business requirements while properly securing applications and sensitive data. Not only will you have to determine what architectures and technologies to leverage throughout, significantly shifting business priorities, but you will also have to prove to your auditing peers that you know what workloads you have, where they are located, how they are configured, what the current security posture is and demonstrate ongoing confidence that you can monitor the E2E cloud platform and solution effectively. 

The scenarios presented will help highlight the challenges at hand, plus the options available to help solve, while bringing valuable lessons learned to the forefront.