Friday, September 21st
Registration + Continental Breakfast Opens
At a time when cybercrime is breaking records, the architectures enterprises use to secure themselves are failing. The new economy is cloud first and securing the cloud means leveraging security capabilities native to the cloud. In this session, attendees will get an insight to the latest cybercrime trends as well as how modern, cloud first businesses are designing security that is resilient, and business agile. Speaking on current and emerging trends, Ann examines why the cloud is the security platform of choice.
We all authenticate to tens or even hundreds of services every day. Sometimes we even notice when that happens, and rarely we spend a few seconds thinking about what we just did. There are a lot of misconceptions about how identity and authentication needs to work. In this session, Jesper goes through 10 (more or less) mistakes that a number of organizations and service providers make when it comes to implementing an identity and authentication strategy.
The Cloud Generation brings with it numerous challenges for IT security, many stemming from the vanishing perimeter and BYOD to shadow IT and advanced malicious exploits. Learn about the state of the modern threat landscape and the strategies required to effectively combat it and keep corporate data safe. Learn: - Threat vectors against modern endpoints - Technical strategies required to keep data safe from attacks on modern endpoints - Priorities for implementing an effective endpoint solution.
Very frequently, organizations evaluating a transition to cloud services want to have assurance that the cloud service provider will not be able to access their data. This requirement leads to discussions about encryption, key management, and acronyms like BYOK and HYOK. What is very often overlooked by the security and compliance stakeholders is that this issue is not dependent solely on technical dynamics – there are legal dynamics as well. National laws, GDPR, and contractual commitments all play a large role. However, customer expectations are often founded on assumptions that do not hold up under examination. In this session Paul will examine the myths of data access in cloud services and bring clarity regarding what to expect, what to demand, and what is possible.
Blockchain and IoT is changing the landscape of how we do business but the technologies have inherent risks and challenges. This panel will discuss appropriate uses of these technologies, benefits, and business risk and security challenges inherit in these technologies.
Rui Wang, CTO, Vericlouds
Radia Perlman, Fellow, Dell EMC
Charlie Kaufman Architect Midrange Group, Dell EMC
Alex Ortiz, Chief Blockchain Evangelist, lifeID
Robert Koester, Senior Program Manager , Microsoft
API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both the public and private APIs, need to be protected, monitored and managed. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. Following best practices in securing APIs will help to wade through the weeds to keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. This talk guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security.
GDPR, the CLOUD Act, and the emphasis on 3rd party security are converging. Mr. Hamilton will discuss navigating these and other issues in the context of using external service providers to supply networking, applications, and infrastructure.
Do organizations truly know who and what are grabbing secrets in their environments? In this talk we investigate the Secret Zero problem and answering the question of securing highly sensitive credentials used as part of automation services.
Data loss prevention (DLP) is a process for protecting sensitive data at rest, in-transit, and on endpoints to reduce the likelihood of data theft or unauthorized exposure. DLP solutions aim to prevent sensitive data and confidential information from being stored, used, or transferred insecurely.
Many organizations have invested in the top data loss prevention tools to protect their on-premise information from theft or loss, and comply with data privacy and compliance laws. However, most of these solutions are designed to protect data in file servers or email, and therefore don’t address today’s cloud governance and mobile security challenges as data moves to unsanctioned cloud services that are accessed by unmanaged devices.
Our Cloud DLP panel will share strategies from multiple vendors on what differentiates solutions, including Cloud Native options, CASB DLP products, and integration with existing top DLP tools on-premises.
Srini Gurrapu, Cloud Evangelist, MacAfee
Carmine Clementelli , Senior Manager Product Marketing – Information Protection, Symantec
Sean Cordero, Vice President Cloud Security, Netskope
Security needs to be redefined as an approach that programmatically secures resources in an enterprise or in the cloud in predictable, controlled and cost effective manner. Disruptive technologies like SDN, Cloud, Server virtualization are exploding and are already challenging Security. Security controls are required to be portable and should be programmed into networks, hosts, VMs and client machines, it needs to be everywhere and follow the source no matter where the client moves. With growing number of threat and huge number of events per day it is not humanly possible in future to create cases, analyze and take corrective actions. We need technology that can learn bad behavior and predict threats without being explicitly programmed. Logical policies are desired as compared to physical configurations.
The dramatic increase of crypto currency price reshaped cybersecurity landscape, dedicated devices are created to mine crypto currency, malware authors target both dedicated miners, and convert IoT devices into miners. This presentation describes the economy of crypto currency and how IoT security's role in this booming area.
Is your Source too Open? As we further adopt open source and move towards the future of serverless and containerized workloads, have we opened the doors too far? This is a panel discussion talking about some of the pitfalls and simple steps to avoid when working with open source and containers.
Carmichael Patton, Senior Program Manager, Microsoft
Sam Vaughan, Senior PM at Microsoft Customer Security & Trust Secure Open Source Initiative.
Blockchain technologies have been developing rapidly but how to protect user data and credentials on the blockchain remains big challenge. This talk shows how hardware enforced crypto technology such as Intel SGX can be leveraged to design a hardware hot wallet which maximizes the protection on private keys of blockchain users while maintaining great usability. A live demo will be shown to illustrate how security and usability are both achieved with the design.
At Microsoft, we defend millions of machines storing and processing customer mission critical data with teams of analysts across the globe. The classic security solution is to use a SIEM, but that collapses under volume and scale. We spent years designing and implementing a hyperscale, highly distributed security monitoring system and YOU CAN DO IT TOO. In this talk we walk you through how to achieve true real-time notifications (seconds between event and alert) and a highly agile, interactive query experience for your analysts. The core of the design pattern we describe is Apache Storm (a mature open source technology), and a store-and-query system. We used Kusto, a new proprietary technology, but other open source systems such as BigTable, Elastic Search, Splunk or others will work equally well.
In the cloud, the difference between a well secured application and one vulnerable to attack can come down to a few simple choices made by a developer or operations engineer. Matt will describe the best practices he recommends for keeping cloud deployments secure, and how implementing these controls can ruin a pentester’s day. While the discussion will focus on Azure, most of these suggestions are applicable to all public cloud users.
There are two actors on a network, Humans and Machines. “Humans” are identified by passwords; “machines” are identified by digital certificates and SSH Keys. IAM programs typically focus on managing usernames and passwords. They are challenged in the areas of managing certificates and keys for Machine Identity Protection, which are used for authentication, integrity and encryption. In a Cloud-first, transformational and fast IT organization, the security and management challenges are exacerbated and are at a high risk for breach, non-compliance and/or business outage. The focus of this presentation will be to introduce Machine Identity Protection and enabling InfoSec, DevOps, and IT Operations to easily obtain, deploy and manage SSL/TLS certificates to cloud infrastructure, containers and applications.
Mr. Stocker will discuss early experience with the CSA Code of Conduct in the context of assessing a major Cloud Service Provider. We will cover challenges, wins, and lessons learned.
At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging. This presentation aims to provide individuals with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.