Authored by Katherine Teitler, Director of Content at MIS Training Institute.
Spring is a time for renewal. It is a period of growth and optimism; temperatures warm, flowers bloom and we dust off the drab days of winter.
Spring is also the time for Cloud Security World 2016. The optimistic theme is fitting: Cloud is no longer a thing to be feared or avoided at all costs. Cloud enables productivity, speed and flexibility, and the security of cloud providers has improved steadily as adoption becomes widespread.
Some magic remains under the hood, but most of the reputable providers are not afraid to tout the security of their offerings if for no other reason than time and money have been invested to make security a competitive advantage. Security is no longer the rain on cloud’s parade; it’s being built in rather than bolted on as cloud access security brokers (CASBs) act as border patrol between consumers and providers, ensuring security policies are met and enforced.
This doesn’t mean the industry can wipe away all concerns with cloud usage, however. Misunderstandings and ambiguity are still common when it comes to cloud. The speakers at Cloud Security World are busily preparing to clear up some of that confusion to set security pros straight during the two-day event in June.
What to Expect at Cloud Security World
With 18 talks on the program, it’s hard to highlight just a few, but here are some top picks for the upcoming event.
If You Make It, We Can Break It
Known best for his research in automotive security and the infamous Jeep Cherokee hack in 2014, Chris Valasek will kick off the conference with a look at the inevitability of vulnerabilities in technology. For every thing created, someone will try to break that thing. With sufficient time and skill, vulnerabilities that can be exploited will be found. This fact, known by many security practitioners, leads some to feel a constant sense of defeat.
Valasek will explain why finding the vulnerabilities, and even why having them found in your company’s product/network/widget by the white hats, is good for security and not a downfall of the industry. He will share some lessons he’s learned in his years as a researcher and provide a few amusing anecdotes, along with ideas on how pros can band together to improve device security.
Apple iOS and iCloud Forensics Live Demo
Kyle Poppenwimer, a senior digital forensics examiner at T&M Protection Resources, will conduct a live demo in which he’ll show some tips and tricks he’s used during investigations to forensically extract, preserve and analyze data. The aim of his talk isn’t to show how cool it is to break things, but to help security practitioners understand that when an incident occurs at their own company, all is not lost. Even deleted data can be restored and used as evidence when necessary.
This is a can’t-miss talk for anyone who’s ever dealt with a security incident at his or her organization.
Applying Commercial and Federal Cloud Compliance Strategies
A top-rated speaker at least year’s Cloud Security World, James D. Biggs will be back to provide a much-needed update on the current state of compliance requirements as they pertain to doing business with the U.S. government. Anyone who has tried to do business with the government knows that the process for meeting federal requirements is tricky at best.
When it comes to cloud-based technologies, waters get murkier since your data is hosted off-premises in a third-party solution. It also may be commingled with other companies’ data and is perhaps even stored in a geographic location that maintains different (maybe stricter?) data privacy and handling requirements.
As a basis for the discussion, Biggs will focus on FedRAMP and FISMA as frameworks for meeting compliance and share how they can be used for threat reduction, cost control and resource selection. Attendees will receive detailed handouts with suggested road maps for strategy planning.
Cloud Containerization Success
Security pros know that container technologies are redefining the technology landscape when it comes to software and application development. But did you know that containers like Rocket and Docker can provide a level of security, portability and assurance within cloud environments, as well?
Containers are segmented virtual environments that allow applications to execute without interfering with one another. Contrary to their namesake, containers don’t contain — i.e., they’re not a mechanism for sandboxing. So what are they, exactly? How can they provide business value to your organization?
Diana Kelley, executive security adviser at IBM, and Ed Moyle, director of thought leadership and research at ISACA, will share some “gotchas” of implementing containers — shadow IT and sprawl, just like all other tech implementations, are a potential hazard. They’ll also offer up some leading practices that will help you on your way to determining when containerization is right for your organization.
Don’t Get Left Out in the Cold
These four talks are just our top picks, but if you want to learn about automation, modernizing your software development life cycle or even how encryption in the cloud works, check out our Cloud Security World 2016 agenda. You can also register to join us June 14–15, 2016, at the famous Omni Parker House Hotel in downtown Boston.