Security, Privacy, and Legal Compliance in the Public Cloud – James Snow, Google
Looking at your other speakers, I would like to offer something fresh and exciting. I would like to talk about our architecture at Google specifically and then talk about Security, High Availability, Privacy, and Legal Compliance with a
focus on meeting European data privacy requirements.
Currently Product Strategist for Google Apps for Enterprise focusing on Product Development, Improvement, Integration, and Compliance.
Previously, as Sales Engineering Manager for Google Enterprise, based in Amsterdam,specializing in Google Apps for Enterprise, Google Message Security, and Chrome OS, in addition to serving as Security and Compliance Lead for EMEA.
I have extensive experience as a Program Manager / Integration Project Manager — with twelve years of experience in supporting product development, designing and implementing integration solutions on national and international engagements. As a Program Manager at Microsoft, I have worked directly with Customers to validate product features and requirements and successfully related these findings to software development teams. As an Integration Project Manager at Accenture, I have played several instrumental roles including Account Management, Business Analyst (Business Process Definition, Functional Requirements Gathering), Solution Architect, Solution Engineer and Team Lead for cross-platform business integration solutions. I have led integration teams across multiple geographies with a strong track record of delivering solutions on time and on budget.
I am a well rounded technologist with a focus on middleware technologies (BizTalk, webMethods, and Vitria) with implementation experience spanning all phases of the software development lifecycle. I have deep industry experience in cellular telecommunications, pharmaceutical, and the financial services industries. I possess strong analytical skills, am detail oriented, and quickly learn new technologies.
Despite the apparent advantages of the cloud, many customers still perceive a lack of transparency and trust with respect to its usage. But, which are the enablers of a trusted cloud strategy? Do we need cloud certification schemes to gain trust and ensure data security? During this talk we will overview the main pillars that are being advocated by the cloud security community in order to deploy trustworthy cloud ecosystems, namely transparency, accountability and security assurance mechanisms.
Jesus has a PhD degree (Cum-Laude) in Computer Architecture from the “Technical University of Catalonia”, and has published more than 30 scientific papers in prestigious venues, also including a European patent in the field of cyber security. His main research interests are security quantification, applied cryptography, secure storage and security monitoring.
Cloud Security and Privacy – A Microsoft perspective – Michael Newberry
Michael has been working with “big data” and “big compute” throughout his career as the technology has progressed from mainframe, to client/server, and now to device/ cloud. He gets excited seeing the latest “massively scalable” technology deliver measurable results to people’s lives. He also enjoys sharing these stories. An Australian national, Michael is a global citizen, having lived and worked across Asia and Europe. He holds a PhD in Computer Science from the University of New South Wales, ADFA, in 1991 where his research focused on Bayesian analytics (early “machine learning” and “big data”) as applied to computer security and cryptography.
QualysGuard – running Security SaaS in secure way – Marek Skalicky, Qualys GmbH
QualysGuard is well know and well established Security Software as a Service Suite providing Cloud-based security software in highly-trusted architecture and in a transparent and very secure way. What are the business reasons and security concerns customers are considering when adapting QualysGuard? What made more then 6800+ customers in more then 100+ countries to successfully implement QualysGuard with very high satisfaction level? These questions will be addressed during Qualys speech together with brief update to QualysGuard Suite new services.
Hybrid Clouds: “Silver Bullet” of the Cloud Computing? – Fabrizio Volpe, Banca ICCREA S.p.A
In this talk, we will see concepts and recently architectural modification and news regarding the hybrid Cloud. An hybrid Cloud combines public cloud and private data center principles, granting access to the advantages of both kind of deployment. This is fast growing market, because many companies desire configurations and features from both the sides of the Cloud (regardless of their size and the number of users). We will talk about how customers are able to plan hybrid scenarios starting from on-premises deployment or from the Cloud, and then manage, control and secure both the environments with the same tools and interfaces. We will examine how workloads and users can be moved to the public Cloud and back to the private Cloud in a seamless manner and draw some considerations on this specific computing scenario.
Fabrizio has also received the MVP award for Directory Services in three consecutive years (2011,2012 and 2013).
He has co-authored one of the few existing texts dedicated to the FortiGate security appliances.
Fabrizio often creates free contents to to share his passion for technology. His YouTube channel https://www.youtube.com/user/Lync2013 has a total of more than 80,000 views.
His free e-book (Microsoft Lync Server 2013 : Basic Administration – Release 2.1) is over 5000 downloads.
He is a blogger ( personal site is www.absoluteuc.org ) and is active on social networks (with more than 2,000 followers on Twitter).
Occasionally he participates in conferences ( such as INTEROP 2013 in Mumbai or the WPC in Milan) or contributes to websites (such as IT Central Station, where it is one of the best reviewers).
Fabrizio supports Save the Children, and wish to be able to contribute more.
In this talk, we present recent results of SAP Product Security Research on enforcing usage control policies in multiparty cloud scenarios. We introduce the concept of “sticky policy”, that is metadata expressing the condition of usage of data. Sticky policies are transferred with the data, and describe the constraints to be applied on data usage.
The Psychology of Security – Kai Roer, The Roer Group, The Security Culture Company
In this talk, Kai Roer shares some of the important aspects psychology plays on security. Why are people susceptible to phishing and scams? Why is it that security professionals seems to fail to explain and teach security awareness? What games is our mind playing on us, that makes security such a challenge?
Currently, I am heading the development of the Security Culture Framework, a practical approach to building and maintaining security culture in organizations.
I am part of the Expert Panel at Information Security Buzz, a monthly columnist at Help Net Security, and an avid blogger.
Experience from: Public sector, Oil&Gas, Telco/ISP, SME, eduction & transportation.I volunteer a lot of my time to NGO’s and NPO’s in the trust that together, we can all make a difference.
Some of my latest speaking engagements include RSA Europe, Hackon #8, NorSIS/NSM Sikkerhetskultur, Risiko og Sårbarhet i IKT (Tekna), Programutvikling, HaKo, Microsoft
Author/editor of the success books:
* Protecting our Future (Chapter: Cybersecurity in International Perspective), Hudson Whitman 2013
* The Cloud Security Rules (Editor, author) ISBN: 978-1463691783
* The Leaders Workbook ISBN: 978-1453783054
In this presentation we will describe our research on the architecture and security of the Hyper-V hypervisor and its role in the Microsoft Azure cloud. Besides a deeply technical discussion of the hypervisor implementation and its attack surface, we will show how we discovered MS13-092 a vulnerability that allows permanent DoS of the hypervisor and the potential compromise of other VMs on the same host.
We will describe the challenges involved in reversing, debugging and understanding an hypervisor and plan to release several tools, IDA scripts and POCs we developed as part of our research.
Our presentation shows that even seemingly bullet proof software still contains critical bugs and we hope to motivate more researchers to start active research inso hypervisor security in general and especially Hyper-V.
Cloud Forensics – Olivier Caleff, CSA France
In this talk, we present the context of Cloud Forensics: expectations, issues, challenges and opportunities. The legal, organizational and technical aspects are presented in an international context. Works of the CSA, and NIST workgroups are mentioned and confronted with standards such as ISO 27037.
He co-founded the French Chapter of the Cloud Security Alliance, and has been active in various CSA working groups such as the CloudCERT.
He is now working at CERT-FR, the French government CSIRT.
More at: http://www.linkedin.com/in/caleff