Your SlideShare is downloading. ×
Guy Alfassi -  CSA Conference Highlights
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Guy Alfassi - CSA Conference Highlights

469
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
469
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Highlights of the CSA Conference Orlando, Nov. 2010   Guy  Alfassi   Alfa  Consul.ng  
  • 2. Agenda•  14:00 Registration, networking and general chaos•  14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting•  14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC•  14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art•  15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA•  15:30 Short break•  15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel•  16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson•  16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
  • 3. About CSAFormed in 2008 as a non-profit organization.Objectives:•  Promote a common level of understanding•  Promote research•  Awareness•  Create consensus lists and guidance.
  • 4. CSA Members
  • 5. CSA Research•  Cloud Control Matrix•  Top threats to Cloud Computing•  Guidance for Identity and Access Management•  Application Security Whitepaper
  • 6. How to get therehttp://cloudsecurityalliance.org/Managed through a LinkedIn group:Cloud Security Alliancehttp://www.linkedin.com/groups?mostPopular=&gid=1864210
  • 7. CSA Israel•  An Israeli chapter of the CSA, formalized in June 2010.•  Our focus: –  Cloud Security technology innovations –  localization of Cloud Security best practices –  LinkedIn group: http://www.linkedin.com/groups? mostPopular=&gid=3050440 Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
  • 8. About the conferenceFirst independent global event for CSA2 days, 4 tracks , 32 presentations, 4 keynotesHundreds of participants from all over the world  
  • 9. About the conferenceKeynotes were very insightfuland surprisingly notown-company-oriented.
  • 10. About the conference•  General impression: Vendors, clients and regulators are highly interested in cloud security.•  Some might actually try it sometime.
  • 11. FedRAMP•  Federal Risk and Authorization Management Program•  Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
  • 12. FedRAMP – Applicability to Israel•  The standard itself does not apply here.•  The need for such a standard exists.•  A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
  • 13. Quantum DatumInformation Centric Security for CloudComputingRich Mogull, Securossis
  • 14. Quantum Datum•  An analogy between quantum mechanics and cloud computing•  Quantum: The minimum unit of a physical entity.•  Datum: the singular form of Data. A single piece of information.
  • 15. Quantum Mechanics•  Quantum mechanics looks at the particle, and tries to explain its behavior.•  Wave- Particle duality•  The uncertainty principle: Heisenberg principle
  • 16. Why is this relevant?•  The perimeter shrinks to the size of a datum.•  Datum can be in multiple places at the same time, and have different security levels.•  A breach for one instance of the datum affects other instances.•  Leakage can occur even when the probability is low.
  • 17. What can we do?•  Use data labeling.•  Use data encryption according to security needs.•  Implement DLP and DRM in our architecture.