Home > Events > CSA EMEA Congress 2012

CSA EMEA Congress 2012

CSA EMEA Congress 2012 Overview

Update for the latest information and to register please visit http://www.cloudsecuritycongress.com/.

Update CSA members can benefit from a 10% discount on the delegate price by quoting the registration code 'CSA10'. Your invoice will then be amended to show your 10% discount.

MIS Training Institute and the Cloud Security Alliance invite you to attend the inaugural Cloud Security Alliance EMEA Congress. Building on the success of the 2010, 2011 and upcoming 2012, CSA Congresses, MIS Training Institute and the Cloud Security Alliance have partnered to host the inaugural Cloud Security Alliance EMEA Congress in Amsterdam, September 25-26th, 2012. The Congress is the industry’s premier gathering for IT security professionals and executives who wish to educate themselves on the rapidly evolving subject of cloud security.

In addition to offering best practices and practical solutions for remaining secure in the cloud, the Congress will have a special focus on the legal and policy aspects of cloud computing security, with a specific stream dedicated to these issues.

You will leave with:

Up to the minute insight into emerging areas of growth and concern in EMEA cloud security, including EU data privacy challenges, cloud forensics, the impact of mobile and smart devices and incident management
Industry-specific end user case studies that will help you learn and leverage best practices used by your peers in moving to the cloud securely
Insight into models and architecture, controls and educational resources from leading companies to help your business move securely into the cloud

View the Congress brochure and full speaker line-up

Day 1: Tuesday 25th September

8.00 am Registration and refreshments

8.45 am Cloud Security Alliance welcome address

8.50 am Morning keynote:

Microsoft’s cloud compliance programme

Despite the fact that cloud computing has been discussed and used for a number of years, much of the regulation relating to it is still in flux.

A closer look at the evolving cloud computing standard landscape
Survey results on customer attitudes to cloud computing security
How standards can support policy makers in areas of security and data protection
Microsoft’s cloud infrastructure compliance programme as a case study to demonstrate an approach to a comprehensive and flexible compliance programme

Monika Josi
Chief Privacy Adviser, EMEA
&
Mark Estberg
Senior Director, Online Services and Compliance
Microsoft

9.30 am Cloud security, resilience and critical infrastructures

Identifying the key risks and opportunities around cloud
Security in SLAs and critical clouds: An update on recent ENISA work
Examining the broader EU context: Government clouds, incident reporting, security measures, etc

Thomas Haeberlen
Expert, Network and Information Security
European Network and Information Security Agency (ENISA)

10.00 am Avoid the rain. How to build a strategic cloud assessment programme

A cloud state of mind. Learn why traditional security does not work in the cloud and how to rule out cloud vendors who do not understand security
Discover how to build a strategic cloud assessment programme for your enterprise.
Learn who to bring to the table to effectively assess cloud security and manage enterprise risk.
Interviewing techniques to strive for higher transparency with providers that are very careful not to divulge information.

Nikita Reva
Global Security Assessment Specialist
MARS Information Services

10.30 am Morning refreshments

10.50 am How Orange integrate security right into the heart of its cloud computing programme

Explaining the tools, processes and methodologies that have been developed and implemented within Orange.
How to leverage and mix together the existing standards (ISO20K, ISO27K, CSA CCM, ENISA, ...) and frameworks which affect cloud computing
Integrating together network and cloud service providers for secure and seamless access to the cloud

Jean-Francois Audenard
Cloud Security Advisor – CCSK
Orange Business Services

11.20 am The evolving focus of securely using cloud services

A look at industry cloud security resources and their focus
Result: CSP transparency and maturity – customer’s ability to validate a cloud provider’s controls
- Experience: A major financial institution’s perspective of maintaining security and compliance in the cloud
Shift in focus: using cloud services in a disciplined and secure way
- Example: building a PCI compliant environment in the cloud under the shared security model
- Experience: the perspective of an EU member state national bank (TBC)
Focused guidance: Creating an approach to auditing that works for AWS customers

Chad Woolf
Global Risk and Compliance Leader
Amazon Web Services

11.40 am Why identity is key to the cloud and how we can make it work

Cloud identity: Explaining why it is essential and examining the use cases, drivers and trends
A bird's-eye view on emerging standards and technologies for identity and access management in the cloud.
Understanding what cloud identity means for your business and how it affects your IT strategy

Hans Zandbelt
Senior Security Architect, CTO Office
Ping Identity

12.10 pm A crisis of identity: technical truths and trials on the journey to data-centric security

Opening the Pandora's box of Digital Rights Management: what dynamics in the business and technology environment must be considered before strategic and architectural decisions are made on how to move towards a data-centric security model?
Fundamental problems and requirements that arise as data moves between an organisations' perimeter and a potential multitude of service suppliers
Similarities and differences between asset-based security, identity management and information assurance: what can work, what won't work, what might work and what the future could hold
Practical steps that an organisation can take today so that their business is able to take advantages of emerging opportunities for cost reduction

Marco Plas
Chief Jericho Evangelist

12.40 pm Turning your cloud identity strategy into reality

Learn how a cloud identity strategy can encompass existing on-premises assets, such as identity management platforms
How to securely expose your on-premise enterprise applications for cloud and mobile APIs
Pragmatic advice of what standards are being used
Considerations for mobile applications

Mark O’Neill
Chief Technology Officer
Vordel

1.00 pm Lunch break

2.00 pm Afternoon keynote

Case study: Assessing the benefits and challenges of BBVA’s recent move to the Google cloud

The business rationale and drivers for a move to the cloud
Challenges when moving 110,000 employees worldwide to a cloud environment
How the cloud offers a solution by improving efficiency and productivity throughout the company

Jorge Parada Gimeno
Security Innovation Manager, BBVA Innovation Centre
BBVA

2.40 pm Balancing national level compliance with legislation and the impact on global cloud solutions

Assessing the impact on cloud computing of EU citizen access to the US courts
When privacy is invaded under the FISAA or Patriot Acts, does an EU citizen have standing under US law to petition for relief?
Under EU law, similar country specific laws such as the UK's RIPA Act can be challenged under the EU justice system, but it is not clear that a similar path exists under US law. What does the EU need to negotiate with the US to enable similar relief?
How does this impact cloud computing, given that the major cloud providers (Microsoft, Google, and Amazon) are all US based, and subject to US law?

Stewart Room
Partner
Field Fisher Waterhouse

3.10 pm The Future of Authentication & the Cloud

The growth of cloud & mobile computing depends on our ability to authenticate customers for security and commercial transparency, enabling access to secure information and the completion of complicated transactions, but the current model is broken
Over-long, adaptive passwords have proved a security weakness, and the burden they place on the consumer has restricted the growth of online services
The current authentication landscape, as it relates to the cloud and mobile experience - considering why it has failed, and industry efforts to find a better way

Phil Dunkelberger
CEO
Nok Nok Labs

3.30 pm Afternoon refreshments

Stream 1: Architecture and strategy

Facilitated by Giles Hogben

3.50 pm Assessing when cloud computing will become sufficiently innovative to justify adoption across the wider business

Is cloud computing innovative enough in comparison to outsourcing to datacenters and providers?
Analysing whether cloud computing can provide the killer breakthrough; enabling the dream of many nbusiness managers that ICT will be ‘available like electricity?
What is the real backbone/enforcer/enabler of the new way of doing business?

Eric Ijpelaar
Manager Global Security Competence Centre
DSM

4.30 pm Cloud Forensics: Assessing Cloud Computing's Impact on Digital Investigation

Comparing on-premise and cloud forensics- control v cost benefits and flexibility
The influence of location, encryption and relevant local legislation on forensics

Keyun Ryan
Center for Cybersecurity and Cybercrime Investigation
University College Dublin
&
Chief Research Officer
XENSIX

5.00 pm Panel discussion:
Build Trust. Architecting security for your cloud service to enhance customer protection

Meeting and exceeding customer expectations for security
Leveraging industry best practices and reference models to build security
Building customer assurance and trust by establishing transparency through APIs and dashboards
Understanding the dynamics of data privacy, regulation and compliance in the cloud

Panellists:
Adam Swidler, Senior Manager, Google Apps security, privacy and compliance, Google Enterprise
David Cripps, Chief Information Security Officer, Investec
Nikita Reva, Global Security Assessment Specialist, MARS Information Services
Michael Sutton, VP, Security Research, Zscaler

Facilitated by the chair

5.40 pm Close of day 1

Stream 2: Design and implementation

Facilitated by TBC

3.50 pm Mobile and smart device security and the cloud

Identifying the key challenges of securing consumerised devices accessing cloud services
How secure are mobile apps from cloud providers or other sources and why do we trust them?
Legal and regulatory challenges around BYOD - identifying the data you allow people to access and determining security measures which should be in place to protect it

John van Huijgevoort
Advisor
National Cyber Security Centre (Netherlands)

4.30 pm Panel discussion:
Securely moving your business into the cloud

Security models for evaluating cloud providers- where do the security responsibilities lie?
Assessing effective GRC practices inside cloud providers
The changing risk profile- which risks can and should be accepted in the move to the cloud?

Panellists:
Taiye Lambo, President, eFortresses
Peter Wood, CEO, First Base Technologies
Richard Hollis, CEO, The Risk Factory
Paul Davies, Director, Solutions Engineering EMEA, Terremark

5.30 pm Close of day 1

Day 2: Wednesday 26th September

8.15 am Registration and refreshments

8.45 am Chair’s welcome back

David Cripps
Chief Information Security Officer
Investec

8.50 am Morning keynote:

Certification for the cloud: Optimizing security and increasing transparency using an ISO 27001 ISMS framework

How to provide a good grounding in international best practices for integrated information security governance as well as IT governance
Explaining the new international standards currently under development which will take aim at cloud services, privacy and vendor management
Integrating the ISO 27001 certification with a proven benchmark process analysis and rating system to provide a transparent and consistent continuous monitoring system

John DiMaria
Product & Certification Manager, Information Security
BSI (British Standards Institution) Group Americas

9.30 am Helix Nebula: Securing tomorrow’s innovation with today’s cloud
Exploring the driving factors that brought together a leading group of private companies and international institutions to create the Helix Nebula Consortium for producing a science cloud

Managing the networking challenges, ensuring a secure cloud environment and allowing seamless usage/authentication across multiple locations and providers
Real-world security lessons from CERN, ESA and EMBL’s public cloud deployments
Assessing the security frameworks best suited for such sensitive and potentially life-altering scientific research

Robert Jenkins
Chief Technology Officer
CloudSigma

10.00 am Accountability for the Cloud – An overview of multidisciplinary research aimed at making cloud services accountable

Create solutions to support users in deciding and tracking how their data is used by cloud service providers
Extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud
Preventing breaches of trust by using audited policy enforcement techniques, assessing the potential impact of policy violations, detecting violations, managing incidents and obtaining redress
Develop techniques for improved trustworthiness of cloud ecosystems as prerequisite for accountability
Address major perceived barriers to trustworthy cloud‐based services

Dr Siani Pearson
Scientific Coordinator, A4Cloud project
Senior Researcher, Cloud and Security Lab
HP Labs

10.30 am Morning refreshments

11.00 am Terremark- keynote

Simon Mason
Manager, Centre of Security Excellence
Terremark

11.30 am Panel discussion:

Assessing the impact of data access for law enforcement (i.e. the Patriot Act) on the EMEA cloud market

Challenges around privileges & immunities, jurisdiction, confidentiality & data sensitivity
Understanding what U.S. law enforcement agencies can, and cannot, request using warrant exceptions
How Mutual Legal Assistance Treaties relate to the exchange of information
Whether transmitting, storing or accessing data in the cloud affects access by law enforcement

Panellists include:
Hester de Vries, Attorney-at-Law, Kennedy Van der Laan
Jean-Francois Audenard, Cloud Security Advisor, Orange Business Services
David Snead, Attorney-at-law

12.00 noon Case study: How can you perform due diligence on potential cloud vendors that will keep your auditors happy?

Convincing internal stakeholders that effective due diligence has been done
Can cloud providers help “sell their solutions”?
Updating existing assurance models to better reflect the cloud environment
How to overcome issues about data ownership and access in the cloud

David Cripps
Chief Information Security Officer
Investec

12.30 pm Developing ‘an SLA for privacy’: Case study on Privacy Level Agreements (PLAs)

Clear and effective ways for potential customers to communicate to Cloud Service Providers (CSPs) the level of data protection needed
Explaining the objectives of PLAs: Providing cloud customers with a tool to assess a CSP’s commitment to addressing personal data protection
Providing CSPs with a tool for structured disclosure of its data protection practices

Paolo Balboni, Director, European Privacy Association &
Founding Partner, ICT Legal Consulting
&
Francoise Gilbert, Managing Director, IT Law Group

1.00 pm Lunch break

2.00 pm Afternoon keynote:

The National Government perspective: Cloud Computing: Evolution, Reliability, Compliance and Security

Ron Roozendaal
Chief Information Officer
Netherlands Ministry of Health, Welfare and Sport

2.30 pm Certifying transparency & assurance of cloud service providers to strengthen existing information security control environments

Explaining how CSA’s Cloud Computing Matrix provides a baseline set of criteria for certifying the assurance and transparency of European cloud services
The fundamental security principles to guide cloud vendors and assist prospective cloud customers in assessing the overall security risk of a cloud provider
What’s new in the upcoming CCM Rev 2

Becky Swain
Project Leader, CCM Rev2
Cloud Security Alliance

Legal and compliance issues

3.00 pm

3.40 pm Afternoon refreshments

4.00 pm An overview of EU data sovereignty and privacy in the cloud

The rights of data subjects, roles of controller and processor: is a Safe Harbor certification really safe?
US Foreign Intelligence Surveillance Amendment Act 2008: conflicts over political surveillance of EU data?
Decryption powers under UK RIPA 2000 Pt.3: the kraken wakes?

Caspar Bowden, independent privacy advocate

4.30 pm Cloud computing and EU data privacy challenges

Getting your timing, regulation & processes right
Data storage location risks – can the governance and data protection compliance issues be addressed?
Privacy level agreements: Model clauses and compliance with the EU Data Protection Directive

Jan Dhont, Partner, Lorenz

5.00 pm Panel discussion:

The new EU Data Protection Regulation: business as usual or the biggest change in two decades?

Assessing the impact of the proposed European Data Protection Regulation on cloud
How will strengthened national data protection authorities affect data centres located in the EU?
Extra-territorial scope and possible enforcement issues

Panellists:
Taiye Lambo, President, eFortresses
Marit Hansen, Deputy Privacy & Information Commissioner, Land Schleswig-Holstein, Germany, and Deputy
Chief of the Independent Centre for Privacy Protection (ULD)
Dr Gwendal Le Grand, Head of IT Experts Group, Commission Nationale de l’Informatique et des Libertés (CNIL)

5.50 pm Chair’s summary and close of conference

Keynotes Include:

Ron Roozendaal, Chief Information Officer, Netherlands Ministry of Health, Welfare and Sport
"The National Government perspective: Cloud Computing: Evolution, Reliability, Compliance and Security"