CSA Federal Cloud Security Symposium

CSA Federal Cloud Security Symposium
Hosted by MITRE Corporation
August 5, 2009, 8:00am – 6:00pm

MITRE-1 Building
7525 Colshire Drive
McLean, VA 22102-7539
Cost: FREE to qualified attendees

Registration Is Now Closed


0700-0800: Refreshments and Networking – in MITRE-1 Building Atrium

0800-0810: Administrative Overview

0810-0820: Opening Remarks – Donna Hansen, NRO

0820-0845: Introduction to Cloud Security Alliance – CSA Executive Director Jim Reavis provides an introduction to CSA and an update of its current research activities.

0845-0930: Cloud Computing Defined – NIST

0930-1030: Cloud Threat Model – This panel discussion will provide an overview of the latest research related to the security risks of cloud computing and the methods of attack likely to occur. We will also review how malicious actors are leveraging cloud computing today.

1030-1130: Encryption and Key Management – Encryption provides great promise to protect cloud data and indirectly solve several related governance issues, however it must integrate seamlessly with a wide variety of cloud solutions. PGP Corporation CTO and CSA founding member Jon Callas will lead a panel discussion of experts to explore the design considerations and implementation options for encryption and key management in the different SaaS, PaaS and IaaS delivery models.

1130-1230: Lunch

1230-1345: Navigating Laws on the Ground – Unseen Barriers in the Cloud – This panel session surveys the current state of those rules–privacy, security, copyright, cross-border data flows, e-discovery, electronic records–and discusses two important strategies: creating standards for trust and transparency that can improve the credentials of service providers and their customers, and authoring suitable service and license agreements. Moderated by Jeffrey Ritter, Waters Edge, LLC

1345-1500: Cloud Forensics and Incident Response – This panel will discuss best practices for performing forensics in shared multi-tenant clouds, containing data breaches, identifying incidents accurately and understanding application layer dependencies. Moderated by Pamela Fusco, ISSA

1500-1530: Afternoon Refreshments – in MITRE-1 Building Atrium

1530-1630: Virtualization Hardening – This presentation by Sun Chief Security Architect and CSA founding member Glenn Brunette will discuss cloud-based risks inherent in virtual machines and best practices to harden VM platforms and mitigate risks.

1630-1800: Private/Public Cloud interoperability and Application portability – This panel will help the audience understand how to achieve interoperability in multiple clouds and move applications between them. We will include a discussion of cross-cloud authentication, as well as the proper layers of abstraction and use of SOA (Service Oriented Architecture) and related principles for portable applications. Moderated by George Reese, Enstratus