Highlights of the CSA Conference
       Orlando, Nov. 2010
                    	
  
            Guy	
  Alfassi	
  
          Alfa	
  Consul.ng	
  
Agenda
•    14:00 Registration, networking and general chaos
•    14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager,
     Alfa Consulting
•    14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC
•    14:50 The Technology Showcase Wiki - Iftach Amit, VP Business
     Development, Security Art
•    15:00 Security management to, for, and from the cloud - Oded Tsur, Senior
     Solution Strategist, CA
•    15:30 Short break
•    15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO -
     Hacktics & Chairman - OWASP Israel
•    16:20 Practical Enterprise use cases of data protection in the cloud - Guy
     Bejerano, Chief Security Officer, LivePerson
•    16:50 Virtual Private SaaS - the solution to data privacy and data compliance
     issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
About CSA
Formed in 2008 as a non-profit organization.

Objectives:

•  Promote a common level of understanding

•  Promote research

•  Awareness

•  Create consensus lists and guidance.
CSA Members
CSA Research
•  Cloud Control Matrix

•  Top threats to Cloud Computing

•  Guidance for Identity and Access Management

•  Application Security Whitepaper
How to get there
http://cloudsecurityalliance.org/

Managed through a LinkedIn group:

Cloud Security Alliance
http://www.linkedin.com/groups?
mostPopular=&gid=1864210
CSA Israel
•  An Israeli chapter of the CSA, formalized in June 2010.

•  Our focus:
   –  Cloud Security technology innovations
   –  localization of Cloud Security best practices

   –  LinkedIn group:
      http://www.linkedin.com/groups?
      mostPopular=&gid=3050440

   Join CSA at
   http://cloudsecurityalliance.org/Membership.html ,
   And then request to join our chapter.
About the conference




First independent global event for CSA

2 days, 4 tracks , 32 presentations, 4 keynotes

Hundreds of participants from all over the world
	
  
About the conference

Keynotes were very insightful
and surprisingly not
own-company-oriented.
About the conference


•  General impression: Vendors, clients and
   regulators are highly interested in cloud
   security.

•  Some might actually try it sometime.
FedRAMP
•  Federal Risk and Authorization
   Management Program

•  Providing a standard approach to Assessing
   and Authorizing (A&A) cloud computing
   services and products.
FedRAMP – Applicability to Israel
•  The standard itself does not apply here.

•  The need for such a standard exists.

•  A call to action to government / the private
   sector :

  Let’s do our own version / adopt FedRamp !
Quantum Datum

Information Centric Security for Cloud
Computing

Rich Mogull, Securossis
Quantum Datum
•  An analogy between quantum mechanics
   and cloud computing

•  Quantum: The minimum unit of a physical
   entity.

•  Datum: the singular form of Data. A single
   piece of information.
Quantum Mechanics
•  Quantum mechanics looks at the particle,
   and tries to explain its behavior.

•  Wave- Particle duality

•  The uncertainty principle: Heisenberg
   principle
Why is this relevant?
•  The perimeter shrinks to the size of a datum.

•  Datum can be in multiple places at the same
   time, and have different security levels.

•  A breach for one instance of the datum affects
   other instances.
•  Leakage can occur even when the probability is
   low.
What can we do?
•  Use data labeling.



•  Use data encryption according to security
   needs.

•  Implement DLP and DRM in our
   architecture.

Guy Alfassi - CSA Conference Highlights

  • 1.
    Highlights of theCSA Conference Orlando, Nov. 2010   Guy  Alfassi   Alfa  Consul.ng  
  • 2.
    Agenda •  14:00 Registration, networking and general chaos •  14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager, Alfa Consulting •  14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC •  14:50 The Technology Showcase Wiki - Iftach Amit, VP Business Development, Security Art •  15:00 Security management to, for, and from the cloud - Oded Tsur, Senior Solution Strategist, CA •  15:30 Short break •  15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO - Hacktics & Chairman - OWASP Israel •  16:20 Practical Enterprise use cases of data protection in the cloud - Guy Bejerano, Chief Security Officer, LivePerson •  16:50 Virtual Private SaaS - the solution to data privacy and data compliance issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
  • 3.
    About CSA Formed in2008 as a non-profit organization. Objectives: •  Promote a common level of understanding •  Promote research •  Awareness •  Create consensus lists and guidance.
  • 4.
  • 5.
    CSA Research •  CloudControl Matrix •  Top threats to Cloud Computing •  Guidance for Identity and Access Management •  Application Security Whitepaper
  • 6.
    How to getthere http://cloudsecurityalliance.org/ Managed through a LinkedIn group: Cloud Security Alliance http://www.linkedin.com/groups? mostPopular=&gid=1864210
  • 7.
    CSA Israel •  AnIsraeli chapter of the CSA, formalized in June 2010. •  Our focus: –  Cloud Security technology innovations –  localization of Cloud Security best practices –  LinkedIn group: http://www.linkedin.com/groups? mostPopular=&gid=3050440 Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
  • 8.
    About the conference Firstindependent global event for CSA 2 days, 4 tracks , 32 presentations, 4 keynotes Hundreds of participants from all over the world  
  • 9.
    About the conference Keynoteswere very insightful and surprisingly not own-company-oriented.
  • 10.
    About the conference • General impression: Vendors, clients and regulators are highly interested in cloud security. •  Some might actually try it sometime.
  • 11.
    FedRAMP •  Federal Riskand Authorization Management Program •  Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
  • 12.
    FedRAMP – Applicabilityto Israel •  The standard itself does not apply here. •  The need for such a standard exists. •  A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
  • 13.
    Quantum Datum Information CentricSecurity for Cloud Computing Rich Mogull, Securossis
  • 14.
    Quantum Datum •  Ananalogy between quantum mechanics and cloud computing •  Quantum: The minimum unit of a physical entity. •  Datum: the singular form of Data. A single piece of information.
  • 15.
    Quantum Mechanics •  Quantummechanics looks at the particle, and tries to explain its behavior. •  Wave- Particle duality •  The uncertainty principle: Heisenberg principle
  • 16.
    Why is thisrelevant? •  The perimeter shrinks to the size of a datum. •  Datum can be in multiple places at the same time, and have different security levels. •  A breach for one instance of the datum affects other instances. •  Leakage can occur even when the probability is low.
  • 17.
    What can wedo? •  Use data labeling. •  Use data encryption according to security needs. •  Implement DLP and DRM in our architecture.