Friday, September 21st
Registration + Continental Breakfast Opens
Ann Johnson's Morning Keynote Address
We all authenticate to tens or even hundreds of services every day. Sometimes we even notice when that happens, and rarely we spend a few seconds thinking about what we just did. There are a lot of misconceptions about how identity and authentication needs to work. In this session, Jesper goes through 10 (more or less) mistakes that a number of organizations and service providers make when it comes to implementing an identity and authentication strategy.
The Cloud Generation brings with it numerous challenges for IT security, many stemming from the vanishing perimeter and BYOD to shadow IT and advanced malicious exploits. Learn about the state of the modern threat landscape and the strategies required to effectively combat it and keep corporate data safe. Learn: - Threat vectors against modern endpoints - Technical strategies required to keep data safe from attacks on modern endpoints - Priorities for implementing an effective endpoint solution.
Blockchain and IoT is changing the landscape of how we do business but the technologies have inherent risks and challenges. This panel will discuss appropriate uses of these technologies, benefits, and business risk and security challenges inherit in these technologies.
Rui Wang, CTO, Vericlouds
Radia Pearlman, Fellow, Dell EMC
Charlie Kaufman Architect Midrange Group, DellEMC
API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both the public and private APIs, need to be protected, monitored and managed. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. Following best practices in securing APIs will help to wade through the weeds to keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. This talk guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security.
GDPR, the CLOUD Act, and the emphasis on 3rd party security are converging. Mr. Hamilton will discuss navigating these and other issues in the context of using external service providers to supply networking, applications, and infrastructure.
Do organizations truly know who and what are grabbing secrets in their environments? In this talk we investigate the Secret Zero problem and answering the question of securing highly sensitive credentials used as part of automation services.
Data loss prevention (DLP) is a process for protecting sensitive data at rest, in-transit, and on endpoints to reduce the likelihood of data theft or unauthorized exposure. DLP solutions aim to prevent sensitive data and confidential information from being stored, used, or transferred insecurely.
Many organizations have invested in the top data loss prevention tools to protect their on-premise information from theft or loss, and comply with data privacy and compliance laws. However, most of these solutions are designed to protect data in file servers or email, and therefore don’t address today’s cloud governance and mobile security challenges as data moves to unsanctioned cloud services that are accessed by unmanaged devices.
Our Cloud DLP panel will share strategies from multiple vendors on what differentiates solutions, including Cloud Native options, CASB DLP products, and integration with existing top DLP tools on-premises.
Srini Gurrapu, Cloud Evangelist, MacAfee
Sala Nassar, Director Product Marketing – Information Protection, Symantec
Security needs to be redefined as an approach that programmatically secures resources in an enterprise or in the cloud in predictable, controlled and cost effective manner. Disruptive technologies like SDN, Cloud, Server virtualization are exploding and are already challenging Security. Security controls are required to be portable and should be programmed into networks, hosts, VMs and client machines, it needs to be everywhere and follow the source no matter where the client moves. With growing number of threat and huge number of events per day it is not humanly possible in future to create cases, analyze and take corrective actions. We need technology that can learn bad behavior and predict threats without being explicitly programmed. Logical policies are desired as compared to physical configurations.
The dramatic increase of crypto currency price reshaped cybersecurity landscape, dedicated devices are created to mine crypto currency, malware authors target both dedicated miners, and convert IoT devices into miners. This presentation describes the economy of crypto currency and how IoT security's role in this booming area.
Is your Source too Open? As we further adopt open source and move towards the future of serverless and containerized workloads, have we opened the doors too far? This is a panel discussion talking about some of the pitfalls and simple steps to avoid when working with open source and containers.
Carmichael Patton, Senior Program Manager, Microsoft
Sam Vaughan, Senior PM at Microsoft Customer Security & Trust Secure Open Source Initiative.
Alex Ortiz, CLE, Microsoft
Blockchain technologies have been developing rapidly but how to protect user data and credentials on the blockchain remains big challenge. This talk shows how hardware enforced crypto technology such as Intel SGX can be leveraged to design a hardware hot wallet which maximizes the protection on private keys of blockchain users while maintaining great usability. A live demo will be shown to illustrate how security and usability are both achieved with the design.
In the cloud, the difference between a well secured application and one vulnerable to attack can come down to a few simple choices made by a developer or operations engineer. Matt will describe the best practices he recommends for keeping cloud deployments secure, and how implementing these controls can ruin a pentester’s day. While the discussion will focus on Azure, most of these suggestions are applicable to all public cloud users.
Mr. Stocker will discuss early experience with the CSA Code of Conduct in the context of assessing a major Cloud Service Provider. We will cover challenges, wins, and lessons learned.
At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging. This presentation aims to provide individuals with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.