Highlights of the CSA Conference Orlando, Nov. 2010 Guy Alfassi Alfa Consul.ng
Agenda• 14:00 Registration, networking and general chaos• 14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting• 14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC• 14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art• 15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA• 15:30 Short break• 15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel• 16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson• 16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
About CSAFormed in 2008 as a non-profit organization.Objectives:• Promote a common level of understanding• Promote research• Awareness• Create consensus lists and guidance.
CSA Research• Cloud Control Matrix• Top threats to Cloud Computing• Guidance for Identity and Access Management• Application Security Whitepaper
How to get therehttp://cloudsecurityalliance.org/Managed through a LinkedIn group:Cloud Security Alliancehttp://www.linkedin.com/groups?mostPopular=&gid=1864210
CSA Israel• An Israeli chapter of the CSA, formalized in June 2010.• Our focus: – Cloud Security technology innovations – localization of Cloud Security best practices – LinkedIn group: http://www.linkedin.com/groups? mostPopular=&gid=3050440 Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
About the conferenceFirst independent global event for CSA2 days, 4 tracks , 32 presentations, 4 keynotesHundreds of participants from all over the world
About the conferenceKeynotes were very insightfuland surprisingly notown-company-oriented.
About the conference• General impression: Vendors, clients and regulators are highly interested in cloud security.• Some might actually try it sometime.
FedRAMP• Federal Risk and Authorization Management Program• Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
FedRAMP – Applicability to Israel• The standard itself does not apply here.• The need for such a standard exists.• A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
Quantum DatumInformation Centric Security for CloudComputingRich Mogull, Securossis
Quantum Datum• An analogy between quantum mechanics and cloud computing• Quantum: The minimum unit of a physical entity.• Datum: the singular form of Data. A single piece of information.
Quantum Mechanics• Quantum mechanics looks at the particle, and tries to explain its behavior.• Wave- Particle duality• The uncertainty principle: Heisenberg principle
Why is this relevant?• The perimeter shrinks to the size of a datum.• Datum can be in multiple places at the same time, and have different security levels.• A breach for one instance of the datum affects other instances.• Leakage can occur even when the probability is low.
What can we do?• Use data labeling.• Use data encryption according to security needs.• Implement DLP and DRM in our architecture.