Guy Alfassi -  CSA Conference Highlights
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Guy Alfassi - CSA Conference Highlights






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Guy Alfassi - CSA Conference Highlights Presentation Transcript

  • 1. Highlights of the CSA Conference Orlando, Nov. 2010   Guy  Alfassi   Alfa  
  • 2. Agenda•  14:00 Registration, networking and general chaos•  14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting•  14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC•  14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art•  15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA•  15:30 Short break•  15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel•  16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson•  16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
  • 3. About CSAFormed in 2008 as a non-profit organization.Objectives:•  Promote a common level of understanding•  Promote research•  Awareness•  Create consensus lists and guidance.
  • 4. CSA Members
  • 5. CSA Research•  Cloud Control Matrix•  Top threats to Cloud Computing•  Guidance for Identity and Access Management•  Application Security Whitepaper
  • 6. How to get there through a LinkedIn group:Cloud Security Alliance
  • 7. CSA Israel•  An Israeli chapter of the CSA, formalized in June 2010.•  Our focus: –  Cloud Security technology innovations –  localization of Cloud Security best practices –  LinkedIn group: mostPopular=&gid=3050440 Join CSA at , And then request to join our chapter.
  • 8. About the conferenceFirst independent global event for CSA2 days, 4 tracks , 32 presentations, 4 keynotesHundreds of participants from all over the world  
  • 9. About the conferenceKeynotes were very insightfuland surprisingly notown-company-oriented.
  • 10. About the conference•  General impression: Vendors, clients and regulators are highly interested in cloud security.•  Some might actually try it sometime.
  • 11. FedRAMP•  Federal Risk and Authorization Management Program•  Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
  • 12. FedRAMP – Applicability to Israel•  The standard itself does not apply here.•  The need for such a standard exists.•  A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
  • 13. Quantum DatumInformation Centric Security for CloudComputingRich Mogull, Securossis
  • 14. Quantum Datum•  An analogy between quantum mechanics and cloud computing•  Quantum: The minimum unit of a physical entity.•  Datum: the singular form of Data. A single piece of information.
  • 15. Quantum Mechanics•  Quantum mechanics looks at the particle, and tries to explain its behavior.•  Wave- Particle duality•  The uncertainty principle: Heisenberg principle
  • 16. Why is this relevant?•  The perimeter shrinks to the size of a datum.•  Datum can be in multiple places at the same time, and have different security levels.•  A breach for one instance of the datum affects other instances.•  Leakage can occur even when the probability is low.
  • 17. What can we do?•  Use data labeling.•  Use data encryption according to security needs.•  Implement DLP and DRM in our architecture.