• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Guy Alfassi -  CSA Conference Highlights
 

Guy Alfassi - CSA Conference Highlights

on

  • 587 views

 

Statistics

Views

Total Views
587
Views on SlideShare
587
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Guy Alfassi -  CSA Conference Highlights Guy Alfassi - CSA Conference Highlights Presentation Transcript

    • Highlights of the CSA Conference Orlando, Nov. 2010   Guy  Alfassi   Alfa  Consul.ng  
    • Agenda•  14:00 Registration, networking and general chaos•  14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting•  14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC•  14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art•  15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA•  15:30 Short break•  15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel•  16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson•  16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
    • About CSAFormed in 2008 as a non-profit organization.Objectives:•  Promote a common level of understanding•  Promote research•  Awareness•  Create consensus lists and guidance.
    • CSA Members
    • CSA Research•  Cloud Control Matrix•  Top threats to Cloud Computing•  Guidance for Identity and Access Management•  Application Security Whitepaper
    • How to get therehttp://cloudsecurityalliance.org/Managed through a LinkedIn group:Cloud Security Alliancehttp://www.linkedin.com/groups?mostPopular=&gid=1864210
    • CSA Israel•  An Israeli chapter of the CSA, formalized in June 2010.•  Our focus: –  Cloud Security technology innovations –  localization of Cloud Security best practices –  LinkedIn group: http://www.linkedin.com/groups? mostPopular=&gid=3050440 Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
    • About the conferenceFirst independent global event for CSA2 days, 4 tracks , 32 presentations, 4 keynotesHundreds of participants from all over the world  
    • About the conferenceKeynotes were very insightfuland surprisingly notown-company-oriented.
    • About the conference•  General impression: Vendors, clients and regulators are highly interested in cloud security.•  Some might actually try it sometime.
    • FedRAMP•  Federal Risk and Authorization Management Program•  Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
    • FedRAMP – Applicability to Israel•  The standard itself does not apply here.•  The need for such a standard exists.•  A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
    • Quantum DatumInformation Centric Security for CloudComputingRich Mogull, Securossis
    • Quantum Datum•  An analogy between quantum mechanics and cloud computing•  Quantum: The minimum unit of a physical entity.•  Datum: the singular form of Data. A single piece of information.
    • Quantum Mechanics•  Quantum mechanics looks at the particle, and tries to explain its behavior.•  Wave- Particle duality•  The uncertainty principle: Heisenberg principle
    • Why is this relevant?•  The perimeter shrinks to the size of a datum.•  Datum can be in multiple places at the same time, and have different security levels.•  A breach for one instance of the datum affects other instances.•  Leakage can occur even when the probability is low.
    • What can we do?•  Use data labeling.•  Use data encryption according to security needs.•  Implement DLP and DRM in our architecture.