SlideShare a Scribd company logo

Guy Alfassi - CSA Conference Highlights

C
CSAIsrael
1 of 17
Download to read offline
Highlights of the CSA Conference Orlando, Nov. 2010   Guy  Alfassi   Alfa  Consul.ng  
Agenda •  14:00 Registration, networking and general chaos •  14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting •  14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC •  14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art •  15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA •  15:30 Short break •  15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel •  16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson •  16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
About CSA Formed in 2008 as a non-profit organization. Objectives: •  Promote a common level of understanding •  Promote research •  Awareness •  Create consensus lists and guidance.
CSA Members
CSA Research •  Cloud Control Matrix •  Top threats to Cloud Computing •  Guidance for Identity and Access Management •  Application Security Whitepaper
How to get there http://cloudsecurityalliance.org/ Managed through a LinkedIn group: Cloud Security Alliance http://www.linkedin.com/groups? mostPopular=&gid=1864210
CSA Israel •  An Israeli chapter of the CSA, formalized in June 2010. •  Our focus: –  Cloud Security technology innovations –  localization of Cloud Security best practices –  LinkedIn group: http://www.linkedin.com/groups? mostPopular=&gid=3050440 Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
About the conference First independent global event for CSA 2 days, 4 tracks , 32 presentations, 4 keynotes Hundreds of participants from all over the world  
About the conference Keynotes were very insightful and surprisingly not own-company-oriented.
About the conference •  General impression: Vendors, clients and regulators are highly interested in cloud security. •  Some might actually try it sometime.
FedRAMP •  Federal Risk and Authorization Management Program •  Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
FedRAMP – Applicability to Israel •  The standard itself does not apply here. •  The need for such a standard exists. •  A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
Quantum Datum Information Centric Security for Cloud Computing Rich Mogull, Securossis
Quantum Datum •  An analogy between quantum mechanics and cloud computing •  Quantum: The minimum unit of a physical entity. •  Datum: the singular form of Data. A single piece of information.
Quantum Mechanics •  Quantum mechanics looks at the particle, and tries to explain its behavior. •  Wave- Particle duality •  The uncertainty principle: Heisenberg principle
Why is this relevant? •  The perimeter shrinks to the size of a datum. •  Datum can be in multiple places at the same time, and have different security levels. •  A breach for one instance of the datum affects other instances. •  Leakage can occur even when the probability is low.
What can we do? •  Use data labeling. •  Use data encryption according to security needs. •  Implement DLP and DRM in our architecture.

Recommended

Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Confessions of a CIO
Confessions of a CIOConfessions of a CIO
Confessions of a CIODelphix
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceCipherCloud
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 

Recommended

Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Confessions of a CIO
Confessions of a CIOConfessions of a CIO
Confessions of a CIODelphix
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceCipherCloud
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development SummaryCloudSecurityAllianceAustralia
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
Intermedia Customer Presentation
Intermedia Customer PresentationIntermedia Customer Presentation
Intermedia Customer PresentationSplunk
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
A simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudA simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudRaoul Miller
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus visionMarc Vael
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365Netskope
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Marc Vael
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
IMS Windows XP Webinar Presentation
IMS Windows XP Webinar PresentationIMS Windows XP Webinar Presentation
IMS Windows XP Webinar PresentationOlivia Leonard
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 
OpenStack and Rackspace
OpenStack and RackspaceOpenStack and Rackspace
OpenStack and RackspaceEverett Toews
 
Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Yandex
 

More Related Content

What's hot

Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
Intermedia Customer Presentation
Intermedia Customer PresentationIntermedia Customer Presentation
Intermedia Customer PresentationSplunk
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
A simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudA simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudRaoul Miller
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus visionMarc Vael
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365Netskope
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Marc Vael
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
IMS Windows XP Webinar Presentation
IMS Windows XP Webinar PresentationIMS Windows XP Webinar Presentation
IMS Windows XP Webinar PresentationOlivia Leonard
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensBitglass
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudBitglass
 

What's hot (20)

Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security Menace
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
 
Intermedia Customer Presentation
Intermedia Customer PresentationIntermedia Customer Presentation
Intermedia Customer Presentation
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
A simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloudA simple guide for moving your content systems to the cloud
A simple guide for moving your content systems to the cloud
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus vision
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365
 
Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...Secure your cloud applications by building solid foundations with enterprise ...
Secure your cloud applications by building solid foundations with enterprise ...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
IMS Windows XP Webinar Presentation
IMS Windows XP Webinar PresentationIMS Windows XP Webinar Presentation
IMS Windows XP Webinar Presentation
 
The Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force AwakensThe Future of CASBs - A Cloud Security Force Awakens
The Future of CASBs - A Cloud Security Force Awakens
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
 

Viewers also liked

OpenStack and Rackspace
OpenStack and RackspaceOpenStack and Rackspace
OpenStack and RackspaceEverett Toews
 
Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Yandex
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityCSAIsrael
 
Guy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud securityGuy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud securityCSAIsrael
 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSKCSAIsrael
 
Mirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 OverviewMirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 OverviewMirantis
 

Viewers also liked (9)

OpenStack and Rackspace
OpenStack and RackspaceOpenStack and Rackspace
OpenStack and Rackspace
 
Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"Mitesh Patel "Searching for new physics with the LHCb experiment"
Mitesh Patel "Searching for new physics with the LHCb experiment"
 
Oded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud SecurityOded Tsur - Ca Cloud Security
Oded Tsur - Ca Cloud Security
 
6.1
6.16.1
6.1
 
Big datainmemory pub
Big datainmemory pubBig datainmemory pub
Big datainmemory pub
 
Open stack
Open stackOpen stack
Open stack
 
Guy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud securityGuy Bejerano: A practical view of cloud security
Guy Bejerano: A practical view of cloud security
 
Ariel Litvin - CCSK
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
 
Mirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 OverviewMirantis OpenStack 5.0 Overview
Mirantis OpenStack 5.0 Overview
 

Similar to Guy Alfassi - CSA Conference Highlights

Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxlior mazor
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsMoshe Ferber
 
Shadow IT Risk and Reward
Shadow IT Risk and RewardShadow IT Risk and Reward
Shadow IT Risk and RewardChris Haddad
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Neo4j + Process Tempo present Plan Your Cloud Migration with Confidence
Neo4j + Process Tempo present Plan Your Cloud Migration with ConfidenceNeo4j + Process Tempo present Plan Your Cloud Migration with Confidence
Neo4j + Process Tempo present Plan Your Cloud Migration with ConfidenceNeo4j
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Adrian Cockcroft
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_programShannon Lietz
 
Securing The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpSecuring The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpDevOps.com
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
Introdction to Cloud Regulation for Enterprise by 2Bsecure
Introdction to Cloud Regulation for Enterprise by 2BsecureIntrodction to Cloud Regulation for Enterprise by 2Bsecure
Introdction to Cloud Regulation for Enterprise by 2BsecureIdan Tohami
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityDan Fitzgerald, CISSP, CIPM
 

Similar to Guy Alfassi - CSA Conference Highlights (20)

Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threats
 
Shadow IT Risk and Reward
Shadow IT Risk and RewardShadow IT Risk and Reward
Shadow IT Risk and Reward
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Neo4j + Process Tempo present Plan Your Cloud Migration with Confidence
Neo4j + Process Tempo present Plan Your Cloud Migration with ConfidenceNeo4j + Process Tempo present Plan Your Cloud Migration with Confidence
Neo4j + Process Tempo present Plan Your Cloud Migration with Confidence
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Securing The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom UpSecuring The Cloud: Top Down and Bottom Up
Securing The Cloud: Top Down and Bottom Up
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Securing your Cloud Deployment
Securing your Cloud DeploymentSecuring your Cloud Deployment
Securing your Cloud Deployment
 
Introdction to Cloud Regulation for Enterprise by 2Bsecure
Introdction to Cloud Regulation for Enterprise by 2BsecureIntrodction to Cloud Regulation for Enterprise by 2Bsecure
Introdction to Cloud Regulation for Enterprise by 2Bsecure
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
 

Guy Alfassi - CSA Conference Highlights

  • 1. Highlights of the CSA Conference Orlando, Nov. 2010   Guy  Alfassi   Alfa  Consul.ng  
  • 2. Agenda •  14:00 Registration, networking and general chaos •  14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting •  14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC •  14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art •  15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA •  15:30 Short break •  15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel •  16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson •  16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
  • 3. About CSA Formed in 2008 as a non-profit organization. Objectives: •  Promote a common level of understanding •  Promote research •  Awareness •  Create consensus lists and guidance.
  • 5. CSA Research •  Cloud Control Matrix •  Top threats to Cloud Computing •  Guidance for Identity and Access Management •  Application Security Whitepaper
  • 6. How to get there http://cloudsecurityalliance.org/ Managed through a LinkedIn group: Cloud Security Alliance http://www.linkedin.com/groups? mostPopular=&gid=1864210
  • 7. CSA Israel •  An Israeli chapter of the CSA, formalized in June 2010. •  Our focus: –  Cloud Security technology innovations –  localization of Cloud Security best practices –  LinkedIn group: http://www.linkedin.com/groups? mostPopular=&gid=3050440 Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
  • 8. About the conference First independent global event for CSA 2 days, 4 tracks , 32 presentations, 4 keynotes Hundreds of participants from all over the world  
  • 9. About the conference Keynotes were very insightful and surprisingly not own-company-oriented.
  • 10. About the conference •  General impression: Vendors, clients and regulators are highly interested in cloud security. •  Some might actually try it sometime.
  • 11. FedRAMP •  Federal Risk and Authorization Management Program •  Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
  • 12. FedRAMP – Applicability to Israel •  The standard itself does not apply here. •  The need for such a standard exists. •  A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
  • 13. Quantum Datum Information Centric Security for Cloud Computing Rich Mogull, Securossis
  • 14. Quantum Datum •  An analogy between quantum mechanics and cloud computing •  Quantum: The minimum unit of a physical entity. •  Datum: the singular form of Data. A single piece of information.
  • 15. Quantum Mechanics •  Quantum mechanics looks at the particle, and tries to explain its behavior. •  Wave- Particle duality •  The uncertainty principle: Heisenberg principle
  • 16. Why is this relevant? •  The perimeter shrinks to the size of a datum. •  Datum can be in multiple places at the same time, and have different security levels. •  A breach for one instance of the datum affects other instances. •  Leakage can occur even when the probability is low.
  • 17. What can we do? •  Use data labeling. •  Use data encryption according to security needs. •  Implement DLP and DRM in our architecture.