This document summarizes John Rhoton's presentation on new approaches for cloud computing security. The presentation covers the changing security context for IT infrastructure, key challenges to cloud adoption like data privacy risks and lack of control, and approaches to addressing issues like implementing identity standards and expanding monitoring. It also discusses hot topics in government compliance and the potential risks and opportunities for US cloud providers following NSA surveillance revelations.
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Intralinks
Direct Edge and BATS Global Markets merge to create the second largest stock exchange in the
U.S., using Intralinks Dealspace™ for Corporate Development.
Healthcare businesses must balance the requirement to provide the necessary information practitioners need to deliver quality healthcare, with the pressing need to keep patient data private and secure. As more and more patient information moves online and mobile, healthcare organizations are rethinking the role of identity in ensuring that the right people get the right information when and how they need it.
Geoff Webb, Director of Solution Strategy with NetIQ presented 'Identity, Security and Healthcare' at the Heart of America HIMSS chapter event at Johnson County Community College on January 16th 2014. His presentation looked at the evolving trends of mobility, social identity, cloud, and security in the world of healthcare, and how you can start planning now to meet the needs of your organization today and in the future.
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Intralinks
Direct Edge and BATS Global Markets merge to create the second largest stock exchange in the
U.S., using Intralinks Dealspace™ for Corporate Development.
Healthcare businesses must balance the requirement to provide the necessary information practitioners need to deliver quality healthcare, with the pressing need to keep patient data private and secure. As more and more patient information moves online and mobile, healthcare organizations are rethinking the role of identity in ensuring that the right people get the right information when and how they need it.
Geoff Webb, Director of Solution Strategy with NetIQ presented 'Identity, Security and Healthcare' at the Heart of America HIMSS chapter event at Johnson County Community College on January 16th 2014. His presentation looked at the evolving trends of mobility, social identity, cloud, and security in the world of healthcare, and how you can start planning now to meet the needs of your organization today and in the future.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
CIS13: Security's New Normal: Is Cloud the Answer?CloudIDSummit
Sally Hudson, Research Director, Security Products and Services, IDC
This session will look at cloud benefits and challenges from a security standpoint and present customer trends and concerns from IDC's demand-side research programs. Special emphasis will be placed on identity issues as they relate to cloud, social and mobile concerns and how they map to the agendas, policies and budgets of the IT enterprise.
NetIQ's David Mount examines the rise of Social Media networks as identity brokers / providers. Using NYC.gov as the case study, David shows how it is easier to engage customers and give them personalized service or web experience. At the same time increasing customer satisfaction, participation, and decreasing desertion.
Customer Spotlight:Deploying a Data Protection Program in less than 120 DaysDigital Guardian
Despite a limited budget, Jabil's small security team was under pressure from Senior Management to mature their security program - FAST! Michael Ring, IT Security Architect at Jabil shares how they deployed their solution to over 40,000 users in less than 120 days.
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
Protecting Innovation Through Next Generation Enterprise File SharingIntralinks
File sharing has been one of the killer apps for "the cloud," gaining broad adoption in people’s day-to-day lives, but getting the same level of adoption in the enterprise will require more. View our Vice President of Enterprise Business Michael Lees' presentation from Gartner Symposium/ ITxpo 2013, in which you'll learn how to assess enterprise file-sharing solutions while reviewing best practices for enterprise-wide deployment.
Privacy and Security by Design Spotlight Presentation at HIMMS Privacy and Security Forum, December 5th 2016. Presented by Jeff R. Livingstone, PhD, Vice President and Global Lead, Life Sciences & Healthcare, Unisys Corporation.
This presentation identifies and discusses certain ethical rules and opinions that apply to an Arizona lawyer's use of cloud computing in his or her practice. The concepts are generally applicable to lawyers in many other states as well.
Bring Your Own Identity (BYOI) is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'.
This deck covers the items you need to consider in order to move forward, including:
1) - Benefits of BYOI and why
2) - Potential downsides of blending organizational and personal identities? I.e: What is the potential privacy impact of using BYOI
3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements?
4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
Frukostseminarium om molntjänster, 19 mars 2015, Rigoletto.
Talare: Erkan Kahraman, Projectplace och Geir Arild Engh-Hellesvik, Transcendent Group Norge.
Advanced PII / PI data discovery and data protectionUlf Mattsson
We will discuss using Advanced PII/PI Discovery to Find & Inventory All Personal Data at an Enterprise Scale.
Learn about new machine learning & identity intelligence technology.
You will learn how to:
• Identify all PII across structured, unstructured, cloud & Big Data.
• Inventory PII by data subject & residency for GDPR.
• Measure data re-identifiability for pseudonymization.
• Uncover dark or uncatalogued data.
• Fix data quality, visualize PII data relationships
• Apply data protection to discovered sensitive data.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
CIS13: Security's New Normal: Is Cloud the Answer?CloudIDSummit
Sally Hudson, Research Director, Security Products and Services, IDC
This session will look at cloud benefits and challenges from a security standpoint and present customer trends and concerns from IDC's demand-side research programs. Special emphasis will be placed on identity issues as they relate to cloud, social and mobile concerns and how they map to the agendas, policies and budgets of the IT enterprise.
NetIQ's David Mount examines the rise of Social Media networks as identity brokers / providers. Using NYC.gov as the case study, David shows how it is easier to engage customers and give them personalized service or web experience. At the same time increasing customer satisfaction, participation, and decreasing desertion.
Customer Spotlight:Deploying a Data Protection Program in less than 120 DaysDigital Guardian
Despite a limited budget, Jabil's small security team was under pressure from Senior Management to mature their security program - FAST! Michael Ring, IT Security Architect at Jabil shares how they deployed their solution to over 40,000 users in less than 120 days.
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
Protecting Innovation Through Next Generation Enterprise File SharingIntralinks
File sharing has been one of the killer apps for "the cloud," gaining broad adoption in people’s day-to-day lives, but getting the same level of adoption in the enterprise will require more. View our Vice President of Enterprise Business Michael Lees' presentation from Gartner Symposium/ ITxpo 2013, in which you'll learn how to assess enterprise file-sharing solutions while reviewing best practices for enterprise-wide deployment.
Privacy and Security by Design Spotlight Presentation at HIMMS Privacy and Security Forum, December 5th 2016. Presented by Jeff R. Livingstone, PhD, Vice President and Global Lead, Life Sciences & Healthcare, Unisys Corporation.
This presentation identifies and discusses certain ethical rules and opinions that apply to an Arizona lawyer's use of cloud computing in his or her practice. The concepts are generally applicable to lawyers in many other states as well.
Bring Your Own Identity (BYOI) is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'.
This deck covers the items you need to consider in order to move forward, including:
1) - Benefits of BYOI and why
2) - Potential downsides of blending organizational and personal identities? I.e: What is the potential privacy impact of using BYOI
3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements?
4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
Frukostseminarium om molntjänster, 19 mars 2015, Rigoletto.
Talare: Erkan Kahraman, Projectplace och Geir Arild Engh-Hellesvik, Transcendent Group Norge.
Advanced PII / PI data discovery and data protectionUlf Mattsson
We will discuss using Advanced PII/PI Discovery to Find & Inventory All Personal Data at an Enterprise Scale.
Learn about new machine learning & identity intelligence technology.
You will learn how to:
• Identify all PII across structured, unstructured, cloud & Big Data.
• Inventory PII by data subject & residency for GDPR.
• Measure data re-identifiability for pseudonymization.
• Uncover dark or uncatalogued data.
• Fix data quality, visualize PII data relationships
• Apply data protection to discovered sensitive data.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
In the past few years, a new approach to cybersecurity has emerged, based on the analysis of data on successful attacks. In this approach, continuous diagnostics and mitigation replace the reactive network security methods used in the past. The approach combines continuous monitoring of network health with relatively straightforward mitigation strategies. The strategies used in this approach reduce the opportunities for attack and force attackers to develop more sophisticated (and expensive) techniques or to give up on the target. In combination, continuous monitoring and mitigation strategies provide the basis for better cybersecurity.
Securing data in the cloud: A challenge for UK Law FirmsCloudMask inc.
Authorities including the UK Information Commissioner, the Solicitors Regulation Authority
(SRA) and the Council of Bars and Law Societies of Europe (CCBE) are establishing
requirements which are conflicting with the main foundation of cloud computing and in
many cases making it impossible to implement
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
Global Digital Forensics Market is forecasted to hit US$ 13.93 Billion by 2028, according to Renub Research. The modern world has witnessed an increased dependence on the latest digital technology. With the widespread adoption of the internet, smartphones, social media platforms like Facebook, Internet of Things (IoT), GPS, fitness trackers, and even smart cars, it has become increasingly difficult for digital forensics investigators to retrieve digital data.
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
BrightTALK webinar January 14 2015
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing the Impact of a Breach
Encryption has been viewed as the ultimate way to protect sensitive data for compliance. But it has also been considered very complex to implement. Today, encryption is essential to meet compliance objectives, and has become much simpler to implement. The challenge is knowing when and where to use encryption, how it can simplify compliance, what controls need to be in place, and the options for good encryption key management. This session will cover the options for encryption and key management, what each provides, and their requirements. Encryption and key management topics include application-level encryption for data in use, network encryption of data in motion, and storage encryption for data at rest.
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
The revelations of the Heartbleed vulnerability in April and the recent implementation of Australia’s new privacy regime in March have put data breaches firmly back in the limelight. Clare Coulson finds out more...
Project 2020
Scenarios for the Future of Cybercrime -
White Paper for Decision Makers
2
Contents
1. About Project 2020 3
2. Implications for Cybersecurity Stakeholders 3
3. Cybercriminal Threats 6
4. The View from 2012 8
5. Scenario Narratives for 2020 10
a. Citizen - Kinuko 10
b. Business - Xinesys Enterprises and Lakoocha 14
c. Government - South Sylvania 19
6. Beyond 2020 24
Appendix – Scenario Method 25
3
1. About Project 2020
Project 2020 is an initiative of the International Cyber Security
Protection Alliance (ICSPA). Its aim is to anticipate the future of
cybercrime, enabling governments, businesses and citizens to
prepare themselves for the challenges and opportunities of the
coming decade. It comprises a range of activities, including
common threat reporting, scenario exercises, policy guidance and
capacity building.
The scenarios in this document are not predictions of a single
future. Rather, they are descriptions of a possible future, which
focuses on the impact of cybercrime from the perspectives of an
ordinary Internet user, a manufacturer, a communications service
provider and a government. The events and developments
described are designed to be plausible in some parts of the world,
as opposed to inevitable in all. They take their inspiration from
analysis of the current threat landscape, the expert opinion of
ICSPA members and extensive horizon scanning, particularly of
emerging technologies.
The European Cybercrime Centre (EC3) at Europol and the ICSPA
would like to express their heartfelt thanks to the Global Review
Panel of experts from governments, international organisations,
industry and academia who took the time to validate the scenarios.
This document is undoubtedly the better for it.
2. Implications for Cybersecurity Stakeholders
The scenarios presented in Section 5 raise a number of questions to
be answered by today’s stakeholders and decision makers. These
include:
• Who owns the data in networked systems, and for how
long?
• Who will distinguish between data misuse and legitimate
use, and will we achieve consistency? What data will the
authorities be able to access and use for the purposes of
preventing and disrupting criminal activity?
• Who covers (and recovers) the losses, both financial and in
terms of data recovery?
• Who secures the joins between services, applications and
networks? And how can objects that use different technologies
operate safely in the same environment?
4
• Do we want local or global governance and security
solutions?
• Will we be able to transit to new governance and business
models without causing global shocks, schisms and
significant financial damage?
If these questions remain unanswered, or the responses are
uncoordinated, we risk imposing significant barriers to the
technological advantages prom.
An Overview and Competitive Analysis of the One-Time Password (OTP) MarketEMC
This Frost & Sullivan report examines the proliferation of identity theft and data breaches caused by single-factor authentication or weak passwords, and describes how, to decrease the impact of threats, companies are integrating mobile OTP, OTP tokens, and USB tokens to protect network access and end users.
Global Security Certification for GovernmentsCloudMask inc.
Government endeavors to expand and make available the range of services to the largest possible numbers of users. At the same time, the public sector also works hard to improve its own internal operations and use the best possible talent it can get. Increasingly, there is also a need to improve the collaboration between different sectors of the government while ensuring that data privacy and security are not affected
Similar to Cloud Computing: New Approaches for Security (20)
Cloud Computing Explained: Guide to Enterprise ImplementationJohn Rhoton
Cloud Computing Explained provides an overview of Cloud Computing in an enterprise environment. There is a tremendous amount of enthusiasm around cloud-based solutions and services as well as the cost-savings and flexibility that they can provide. It is imperative that all senior technologists have a solid understanding of the ramifications of cloud computing since its impact is likely to permeate the entire IT landscape. However, it is not trivial to introduce a fundamentally different service-delivery paradigm into an existing enterprise architecture.
This presentation describes the benefits and challenges of Cloud Computing and then leads the reader through the process of assessing the suitability of a cloud-based approach for a given situation, calculating and justifying the investment that is required to transform the process or application, and then developing a solid design that considers the implementation as well as the ongoing operations and governance required to maintain the solution in a partially outsourced delivery model.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Cloud Computing: New Approaches for Security
1. 24/01/2013 1John Rhoton – 2013
Cloud Computing
New Approaches for Security
John Rhoton
Cloud and Big Data Conference 2013
CnS Events, Vienna, Austria
8 October 2013
rhoton@gmail.com
3. 24/01/2013 3John Rhoton – 2013
75%
67%
63%
53%
53%
52%
Major social unrest impacting Business
activities
Economical recession
Cyber attacks
Natural disasters impacting a major
Business Hub
Collapse of the Euro zone
Military or business tensions impacting
access to natural resources
Major threatening scenarios according to CEOs
Source : 16th Annual Global CEO Survey, 2013, PwC
63% of CEO identify Cyber
attacks as TOP 3 Threats
for their company
14%
Percentage of spending in IT Security in 2010. This
ratio was only 8.2% in 2007.
11,36 billion $
Investments in 2011 in US for classified data
security.
Information Security is now considered as high-stake topic by most CEOs.
As a result: IT Security investments are significantly growing.
Source: Forrester, The Evolution Of IT Security, 2010 To 2011 Source: Report on Cost Estimates for Security Classification Activities for FiscalYear 2011
5,5 billion of
attacks stopped in
2011
Volume of attacks was
3 billion in 2010
Sourrce: SYMANTEC
IT Security is now a Top CEO concern
Source: Beamap
4. 24/01/2013 4John Rhoton – 2013
Risk to data security continue to intensify and show no signs of abating. Given today’s elevated threat
environment, Companies must prepare to address the new Security context and review their mitigation strategies.
Increasing volume and source of
data to protect
80% of data did not
exist 2 years ago
1,8 Zetabytes
Volume of data created
in 2011
7,9 Zetabytes
Estimated Volume of
data for 2015
IT Systems more connected, mobile and
open
Mobile Social media
Bring your own
device
Development of Cyber-activism practices
and cyber-attacks
Anonymous Wikileaks Stuxnet*
IT infrastructure more and more complex
and heterogeneous
Cloud
Computing
Big Data
Technology
Innovation
*Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the United States and Israelto attack Iran's nuclear facilities
New Security context for IT infrastructure
Source: Beamap
5. 24/01/2013 5John Rhoton – 2013
Top 10 Challenges to Enterprise Cloud Adoption
33% Implementation/transition/ integration costs too high
31% Integration with existing architecture
30% Data loss and privacy risks
30% Loss of control
26% Lack of visibility into future demand, associated costs
26% A lack of interoperability between cloud providers
26% General security risks
21% Risk of intellectual property theft
18% Legal and regulatory compliance
18% Transparency of operational controls and data
Source: KPMG International’s Global cloud survey: the implementation challenge
6. 24/01/2013 6John Rhoton – 2013
Cloud Security Challenges and Benefits
• Most companies overestimate their internal security and
underestimate Cloud provider security
• Providers invest heavily in security
processes, mechanisms, tools and skill that enterprises
cannot easily match
• But, not all cloud providers are equal! They have
different resources and expertise, so it is important to vet
each service individually!
• Initial Cloud security analysis may reveal gaps but these
can be addressed with:
• Best practice architectures
• Appropriate tools (e.g. API management, Identity
management)
Key Observations
• Customer data is a key asset for every Company
• However, todays #1 solution for CRM is a Cloud solution :
Salesforce.com
• Salesforce.com has become a de-facto standard CRM solution
selected after due diligence by industry leaders:
Would you store your Customer
Data in the Cloud ?
Would you store key regulatory
data in the Cloud ?
Example of Cloud Provider
investment in Security matter:
AWS opened a Security Blog
in April 2013
Nasdaq OMX is offering Wall Street brokers a chance to store key
regulatory data on Amazon’s “cloud” computers, marking the
ecommerce conglomerate’s boldest incursion into the financial
services sector.
(Financial Times)
How to Build Trust in Cloud ?
The CSA Security, Trust & Assurance Registry (STAR) is a publicly
accessible registry that documents the security controls provided
by various cloud computing offerings.
https://cloudsecurityalliance.org/star/
Source: Beamap
7. 24/01/2013 7John Rhoton – 2013
The biggest cultural hurdle to cloud adoption is acceptance of shift from direct to
indirect trust.
• Whatstays the same?
• Humans (subject to negligenceand malice) administer IT systems (subject to infectionand failure)
• But explicitservice contracts replace implicitemploymentcontracts
• Processesthat are audited,certified and exposed to public scrutinymay be much stronger than secret
internalequivalents
Trust Shift
• Personal observation
• Personal experience
• Insight
Employees Contractors
Partners
Suppliers
Experts
Legal Counsel
Auditors
Public Scrutiny• Public verification
• Contracts
• Compensation
Directtrust
model
Indirect
trustmodel
8. 24/01/2013 8John Rhoton – 2013
Business
Continuity
Eliminate
High
Probability
Low
Probability
High ImpactLow Impact
Resilience
Risk Treatment
9. 24/01/2013 9John Rhoton – 2013
Barriers
• Compliance
• Data leakage
• Data loss
• Service loss
• Vendor lock-in
10. 24/01/2013 10John Rhoton – 2013
Compliance
Enforce Logical Barriers
Global Internet versus National Laws
11. 24/01/2013 11John Rhoton – 2013
All governments have equivalent to Patriot Act
Western Governments collaborate to satisfy requests regardless of location of provider and/or data
Requests are executed regardless of whether data is hosted on cloud or on-premise.
Cf comparison of governmental authorities’ access to data in the cloud (next slide)
Hot Topic #1 Is Patriot Act an American phenomenon ?1
Governmental Compliance (Hot topics)
12. 24/01/2013 12John Rhoton – 2013
May government
require a Cloud
provider to disclose
customer data?
May a Cloud provider
voluntarily disclose
customer data to the
government in
response to an
informal request?
If a Cloud provider
must disclose
customer data to
the government,
must the customer
be notified?
May government
monitor
Electronic
communications
sent through the
systems of a Cloud
provider?
Are government
orders to disclose
Customer data
subject to review by
a judge?
Can the
government
require the Cloud
provider to disclose
data in foreign
country?
Yes No – must request
data through legal
process
Yes, for content
data,
except with a
search warrant
Yes Yes Yes
Yes
Yes, except for
personal data
without a legal
Purpose
No Yes Yes Yes
Yes
Yes, except for
personal data
without a legal
Purpose
No Yes Yes Yes
Yes
Yes, except for
personal data
without a legal
purpose
Yes, except may
withhold until
disclosure no longer
would compromise
the investigation
Yes Yes No, not without
cooperation from
the other country’s
government
US laws are no
more threatening
than others
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
Source: Hogan Lovells White Paper “A Global Reality: Governmental Access to Data in the Cloud” bit.ly/PMDuWL
Comparison of Governmental Access
13. 24/01/2013 13John Rhoton – 2013
All governments have equivalent to Patriot Act
Western Governments collaborate to satisfy requests regardless of location of provider and/or data
Requests are executed regardless of whether data is hosted on cloud or on-premise.
Cf comparison of governmental authorities’ access to data in the cloud (next slide)
Sophisticated intelligence agencies (USA, Russia, China, Israel, France...) have means to obtain any information they require
Corporate data is not usually an interesting target but may be in some instances.
Interception of corporate data by an intelligence agency doesn't automatically result in harm to corporation. It depends on how they use it (e.g. corporate
espionage).
It is impossible to secure against this threat. Some agencies resort to unlawful means (e.g. bribery, extortion) to obtain this data.
Protecting corporate data (e.g. through encryption) doesn't prevent access but makes it more costly to obtain and therefore less likely governments will
obtain it unless they have a clear purpose.
Hot Topic #1 Is Patriot Act an American phenomenon ?
Hot Topic #2 Is PRISM a danger for Corporate Data ?
1
2
Shortly after Snowden's leaked documents, the big Internet companies and their allies issued dire warnings, predicting that American businesses would lose
tens of billions of dollars in revenue abroad as distrustful customers seek out local alternatives.
At Amazon, which was not named in Snowden's documents but is seen as a likely victim because it is a top provider of cloud computing services, a spokeswoman
said global demand "has never been greater."
There are multiple theories for why the business impact of the Snowden leaks has been so minimal.
One is that cloud customers have few good alternatives, since U.S. companies have most of the market and switching costs money.
Perhaps more convincing, Amazon, Microsoft and some others offer data centers in Europe with encryption that prevents significant hurdles to snooping by
anyone including the service providers themselves and the U.S. agencies. Encryption, however, comes with drawbacks, making using the cloud more cumbersome.
Hot Topic #3 PRISM: Risk or Opportunity for US Cloud Computing Industry ?3
Governmental Compliance (Hot topics)
Source: Beamap
18. 24/01/2013 18John Rhoton – 2013
Business Continuity
• Cold Site
• Warm Site
• Hot Site
• Double-Active
Multi-dimensional redundancy is critical
19. 24/01/2013 19John Rhoton – 2013
Lock-in vs. Cloud Stacks
Proprietary
Hardware
Proprietary
Software
Open
Source
Consortium
Driven
Balance ease with flexibility
20. 24/01/2013 20John Rhoton – 2013
Denial of Service
Account/ Service Hijacking
Insecure Interfaces and API
Data Loss
Shared Technologies
Data Breaches
REMEDIATION PRINCIPLES
CLOUD RISKS
Cloud Risks and Remediation
Source: Beamap
21. 24/01/2013 21John Rhoton – 2013
On-premise
Datacenter
Public Cloud
Public Cloud
This scenario is based on the following
concepts:
• Mobility of VM from on-premise
Datacenter to Cloud with the same
“Security” requirements
• Propagation of the Network
security rules to the Cloud
(firewalling, IP addresses…)
• Propagation of QoS rules
(Resiliency, back-up & restores…)
Scenario illustration Description
Network Security
Resiliency
Identity and access
management
Attack
protection
Encryption
Application
Security
Sample Cloud Architecture
Source: Beamap
22. 24/01/2013 22John Rhoton – 2013
Cloud-based Protection Services
• Malware
• Denial of Service
• Identity Management
• Backup and Restore
• Intrusion Prevention
23. 24/01/2013 23John Rhoton – 2013
The Key components of the Cloud reference architecture:
1. Virtual Private Cloud with VPN connection to the corporate Datacenter
2. Dual connectivity (Direct connection to back-up VPN connection)
3. At least two Availability zones used to provide application resiliency
4. Elastic Load Balancers to distribute workloads across servers and
availability zones
5. Data replication across availability zones
6. Application tiering
7. Database tiering
8. Database snapshots
9. DoS filter
10.Identity Router
11.API Security Management module
12.Cloud Management module
Cloud Management Layer
Cloudreferencearchitecture
Key Management System
(External system)
(External system)
1
2
3
4
5
6
7
8
9
10
11
12
Cloud Reference Architecture
Source: Beamap
24. 24/01/2013 24John Rhoton – 2013
Summary
• Security is perceived as biggest challenge to cloud
computing
• Risks are often over-hyped for dubious reasons
– Market protection
– Job security
• Cloud security is under-rated
• Internal security is over-rated
• Security challenges real but addressable
– Encryption / Strong Authentication
– Network security / Isolation
– Multi-sourcing strategy
– Redundancy
26. 24/01/2013 26John Rhoton – 2013
Contact Details
Feel free to reach out to me at:
linkedin/in/rhoton
or look me up at:
amazon.com/author/rhoton
slideshare.net/rhoton
Editor's Notes
Risk Mitigation Data leakage Encryption Data loss Multi-source, backup Vendor Standards, multi-source, backup, exit strategy lock-in Service loss SLA, audit, certifications Compliance SLA, audit, certifications Old trust basis:Personal observationPersonal experienceHuman InsightNew trust basis:Public verificationContractsCompensationDesign challenges:IntegrationUser managementReliabilityGovernance / SLAsSecurity
Backdoor in Dual-EC DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) http://rump2007.cr.yp.to/15-shumow.pdf
Backdoor in Dual-EC DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) http://rump2007.cr.yp.to/15-shumow.pdf