Cloud Security Alliance Innovation Conference 2012
Download Presentation Materials
|Innovation in Cloud Security
Raimund Genes, CTO, Trend Micro
|Preventing Good People From Doing Bad Things Best Practices for Cloud Security
Brian Anderson, Chief Marketing Officer & Author of “Preventing Good People From Doing Bad Things”
|“Get Off of My Cloud”: Cloud Credential Compromise and Exposure
Jeff Jarmoc, Sr. Security Researcher at Dell SecureWorks Counter Threat Unit℠
|Replacing Password Boxes with an Account Chooser
Product Manager, Google
|“New Technology for Protecting Information”
Steve Sarakas, Director, Callplex, Inc.
|Defending High Value Targets in the Cloud Using IP Reputation
Tom Byrnes, CEO, ThreatStop
Innovation Conference Agenda
Opening Keynote: "Innovation in Cloud Security"
Speaker: Raimund Genes, CTO, Trend Micro
This presentation will illustrate how Cloud Computing can be utilized to store data in a more reliable and resilient manner, ultimately yielding increased security for mission critical data. We will examine how progress in Cloud Computing Security helps us to deliver Billions of Reputation Information to our customers per day. These possibilities are feasible only by breaking traditional assumptions on how security products work and protect customers. Cybercriminals are motivated, fast and agile. The best arsenal is to be proactive, agile and innovative, and out maneuver them. Mr. Raimund will also show how new approaches in Cloud Security and new ways to use computers and gadgets can help make the Internet a safer place to work and play.
Keynote: "Preventing Good People From Doing Bad Things With Your Cloud Security"
Speaker: Jim Zierick, EVP of Product Operations, BeyondTrust
Listen in on this frank discussion about Cloud Security as Mr. Zierick shares his observations on keeping your company and its assets secure amidst hidden and blatant dangers. He will show you how it is indeed possible to achieve a corporate environment free from the worry of intentional, accidental, or indirect misuse of privilege.
Presentation: “Get Off of My Cloud: Cloud Credential Compromise and Exposure”
Jeff Jarmoc Security Analysis Consultant, Dell SecureWorks
Results of research using AMI exposed against public AMIs will be presented, helping to quantify the scope and prevalence of AWS credentials and keys exposed within public AMIs. We'll also discuss the risks inherent in trusting public AMIs to be free of backdoors, trojans, and other malicious hitchhikers. Results of an experiment demonstrating these risks will be presented. Finally, the talk will propose best practices for utilizing AMIs. These will include specific steps for ensuring you organization's AWS credentials and key materials are not unintentionally persisted within public or shared AMIs, and recommendations regarding usage of 3rd party public AMIs.
Presentation: “Replacing Password Boxes with an Account Chooser"
Eric Sachs, Product Manager, Google
The session will describe how and why a website might deploy an Account Chooser which is an open standard and user interface guidelines for the next generation of web sign in. This idea came from industry discussions about building a “cloud based” identity selector. The idea has been to mix the user experience advantages of Information Cards, the popularity of consumer identity providers, and still support large numbers of identity providers as InCommon has done. The end result is a user experience that is being called an “Account Chooser.”
Panel: “Data Governance in the Cloud”
Moderator: Tim Mather, Advisory Director, KPMG
Dr. Anton Chuvakin, Research Director, IT1 Security and Risk Management Strategies, Gartner
Kevin Walker, Vice President & Assistant Chief Information Security Officer, Walmart
Francoise Gilbert, Managing Director, IT Law Group
Harshul Joshi, Advisory Director, PriceWaterhouse Cooper
Cloud Data Governance Panel will discuss 'legacy' regulatory frameworks (e.g., PCI) and newer, 'cloud aware' frameworks such as CSA's Cloud Controls Matrix and FedRAMP. The discussion will delve into how they compare to each other, what the current status of each is, and how effective each is likely to be, both in terms of adoption and in implementation.
Presentation: “New Technology for Protecting Information”
Steve Sarakas, Director, Callplex, Inc.
In a cloud environment the perimeter is defined by data – whether it's in transit or at rest. Because data is bound to physical locations, the data itself and information the data represents are considered equivalent. Wherever the data is, that's where the valuable information is that the data represents. For this reason information security is largely predicated on access control. A new technology will be presented that features Oblique Space, an abstract realm where information is stored without any physical location.
Presentation: “Defending High Value Targets in the Cloud Using IP Reputation”
Tom Byrnes, CEO, ThreatStop
Sorteo games has led the way in applying cloud services to the delivery of lottery games over the Internet to web and mobile clients. Since they are doing actual on-line gaming, with real prizes with real value, Sorteo’s systems need to be highly secure. Also, in order to meet regulatory requirements, they can only allow connections from jurisdictions where it is legal to play the games. This session will present a case study showing how Sorteo, using ThreatSTOP’s Botnet Defense Cloud Service, protects their infrastructure, and ensures that only players from the jurisdictions where the games are allowed can play.
Panel: “Cloud Security Startup Landscape, VC/Investor/Industry Perspectives”
Moderator: Naveen Bisht, CEO, SecurAct Inc. and Chair, Programs, TiE Silicon Valley
Ryan Floyd, General Partner, Storm Ventures
Michael Biggee, Principal, Trident Capital
Ankur Jain, Vice President at Blumberg Capital
Caleb Sima, EIR, Andreessen Horowitz & Former, CTO, Application Security Center, Hewlett Packard
Sanjay Sawhney, Senior Director, Symantec Research Labs
Cloud Security Startup Landscape, VC/Investor Perspectives Panel will discuss the cloud security landscape and their perspectives. What opportunities are still out there for entrepreneurs to start new companies focusing on Cloud infrastructure and security market? What are the criteria these VCs look for in funding the startup companies?
Cocktail and Networking Reception
About the Conference
The conference will be held on Thursday, January 26, 2012 at the Network Meeting Center located at 5201 Great America Parkway, Santa Clara, CA 95054
10:00am to 11:00am Registration and Coffee
11:00am to 4:00pm Program
4:00pm to 6:00pm Cocktail Reception
About Cloud Security Alliance, Silicon Valley Chapter:
The CSA Silicon Valley is an official chapter of Cloud Security Alliance since May 2011. The chapter's main focus is to foster education and transparency of emerging and innovative technologies supporting best in class solutions for cloud security.
In the spirit of the CSA Silicon Valley Chapter’s mission to foster education and transparency of emerging and innovative technologies supporting best in class solutions for Cloud Security, the inaugural Innovation Conference will gather IT architects, senior executives, start-ups, and industry leaders to discuss current challenges, best practices, breakthroughs and trends in cloud computing and security, and, most importantly, witnesses demonstrations of working prototypes (or more mature readiness levels) of new cloud-related security capabilities.
“Urgent need drives innovation, and cloud security is going to be a crucial area of both great demand and huge advancement over the next decade,” said Jim Reavis, co-founder and executive director of the CSA. “This will be the liveliest and most forward-thinking discussion on cloud security, and we look forward to bringing together innovators with end-users, investors, and thought leaders in the space at this unique event.”
The CSA Innovation Conference will have two tracks – one for applied research related to cloud computing security, and the second for demonstrating customer case studies of new, working cloud security-related software capabilities. The event will also include a ‘lightning round’ for which companies are encouraged to apply. All entries in this category will be judged on-the-spot by a panel of industry executives and venture capitalists, with a winner awarded immediately.
Organizers / CSA Silicon Valley Chapter Leadership
Naveen Bisht CEO, SecurAct Inc./Chair, Programs, TiE Silicon Valley
James Hunter President, Net Effects Inc.
Srinivas Jaini Executive Director, CSA Silicon Valley chapter
John Kinsella Founder & CEO, Stratosec
Ulrich Lang Founder & CEO, ObjectSecurity
Tim Mather Advisory Director, KPMG
Becky Swain Partner, EKKO Consulting; Founding Member, Cloud Security Alliance
Principal, Trident Capital
Michael Biggee joined Trident Capital in 2005 and is a Principal in the Palo Alto, CA office. Prior to Trident, Michael worked with Dolphin Equity Partners, a venture capital firm specializing in technology, media and communications investments. Before Dolphin, Michael worked in the global technology investment banking group at Merrill Lynch focusing on initial public offerings within the Internet, communications and semiconductor industries. Prior to Merrill Lynch, Michael worked as a Chemical Engineer for Procter & Gamble and General Mills, Inc. Michael’s focus at Trident is in the CleanTech and IT Security sectors. Michael currently serves on the board of Trident portfolio company AlienVault and is a board observer for Array Converter and BlueCat Networks.
President and CEO at SecurAct, Inc. and Programs Chair and Board of Directors, The Indus Entrepreneurs (TiE), Silicon Valley
Naveen Bisht has over 18 years of experience as an entrepreneur and advisor in technology companies. He is Chair, Programs and Board Member, The Indus Entrepreneur (TiE) Silicon Valley, a global non-profit organization focused on fostering entrepreneurship and CEO of SecurAct, Inc., a startup company focused in cloud security market. Previously, he was Founder, President and CEO, of Nayna Networks, Inc., a broadband access networking technology company, where he raised over $80 Million dollars from VC and PIPE firms and completed reverse merger into a public company.
Prior to this, he was Founder and CEO of Ukiah Software, Inc., a leader in policy-based bandwidth and security software acquired by Novell, Inc. Ukiah received a number of awards including Top 10 companies to watch in 1999 by Network World and Top 25 Hot Startups of 1998 by Data Communications Magazine. Previously, he was Founder and President of NeoGlobal, Inc, a Software Consulting Services company focused on internet, enterprise software and networking market. Mr. Bisht holds several patents in the area of Quality of Service and security management in IP Networks. He has published a number of papers on entrepreneurship and trends and issues in networking industry.
Over the past 23 years Tom has held technical leadership positions in both civilian and military capacities in all areas of Information Technology, including: the US Army, Manufacturers, VARs and Distributors of equipment; as CTO of an ISP and e-commerce hosting company; and Sr. VP of Technology of a Mutual and Venture fund. Tom Byrnes is the CEO and Founder of ThreatSTOP, the creator of the ThreatSTOP Botnet Defense Cloud. ThreatSTOP is leading the way in providing collaborative network defense against botnets and criminal malware. Tom is an active full member of the IEEE and ISSA and speaks regularly at conferences on the topic of network security.
Dr. Anton Chuvakin
Research Director, IT1 Security and Risk Management Strategies, Gartner
Dr. Anton Chuvakin is a Research Director at Gartner's IT1 Security and Risk Management Strategies team. He is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. His blog "Security Warrior" is one of the most popular in the industry and Anton also teaches classes and presents at many security conferences worldwide. He works on emerging security standards and serves on advisory boards of several security start-ups. Most recently, Anton was running his own security consulting practice, focusing on logging, SIEM and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations.
General Partner, Storm Ventures
Ryan is a founding member of Storm Ventures. At Storm Ventures, Ryan focuses on enterprise IT, Internet and web infrastructure opportunities. He has primarily invested in software as a service (Crowd Factory, Netforensics), mobile (Appcelerator) and cloud/internet related investments (3Crowd, Hubpages, Kidaro/acquired by Microsoft, and Spalshtop). He has also invested in semiconductors/components as well (SandForce and Ignis Optics/acquired by Bookham). Prior to founding Storm Ventures, Ryan directed the business development activities at E-TEK Dynamics where he focused on building strategic OEM and customer relationships, scaling E-TEK’s manufacturing operations as well as directing the equity investing and acquisition activities until E-TEK merged with JDS Uniphase in 2000. Prior to joining E-TEK, Ryan was with Summit Partners, a private equity firm, where he focused primarily on the communications industry, including Summit’s investment in E-TEK Dynamics in July 1997.
Raimund Genes brings more than 30 years of computer and network security experience to his position of Chief Technology Officer at Trend Micro. In this role, Mr. Genes is responsible for introducing new methods to detect and eradicate threats. He is responsible for a team of developers and researchers around the globe who research and develop new core technology components to protect against email, Web and file-based threats under the Smart Protection Network umbrella.
Raimund has held several executive management positions within Trend Micro including General Manager for Trend Micro’s Incubation Business, President of European Operations; European Vice President of Sales and Marketing; and Managing Director. Raimund worked in the German air force for 12 years in radar guidance and aircraft tracking and holds a master of science in radar guidance from the German Air Force Academy. He is also a Certified Network Engineer.
Founder and Managing Director, IT Law Group
Francoise Gilbert is the Founder and Managing Director of the IT Law Group, a niche law firm that focuses on information privacy and security, cloud computing, and data governance. She is also the author and editor of the two-volume treatise Global Privacy and Security Law, which analyses the data protection laws of 65 countries on all continents.
For several years, Ms. Gilbert has been recognized by the prestigious Chambers and Best Lawyers as one of the world’s leading lawyers in the field of information privacy and security. Ms. Gilbert regularly advises a wide range of global companies and selected start-ups on a variety of information privacy and security and cloud computing matters, including negotiation of high stakes cloud computing contracts, multinational compliance efforts, crossborder data transfers, the consolidation of human resources or customer data, monitoring policies and procedures, and website privacy statements. Ms. Gilbert serves as General Counsel for the Cloud Security Alliance, and is one of its founding members.
Vice President at Blumberg Capital
Ankur has over 12 years of experience as an investor, strategy consultant and operational executive. Prior to joining Blumberg Capital, Ankur did strategy consulting for Accenture specializing in IT strategy. Ankur has also worked at many small and large technology companies. Ankur worked at Softaware Networks when it was acquired by Digital Island in 2000 and at Andiamo Systems when it was acquired by Cisco in 2004.
Ankur earned a B.S. in Computer Science and Engineering from IIT Delhi, an M.S. in Computer Science from UCLA, and an MBA in Management from the Wharton School, where he graduated as a Palmer Scholar. Ankur is also a co-inventor for five technology patents.
Sr. Security Researcher, SecureWorks
Working in IT for over 10 years, Jeff researches the latest security threats and vulnerabilities and creates countermeasures to protect Dell SecureWorks’ customers. CISCO and MITRE (a nonprofit information technology and engineering organization) have credited him with discovering several vulnerabilities in popular software applications and hardware products, prompting their providers to make repairs. Jeff’s research in cloud services focuses on virtual machine image sharing and the mistakes that can lead to exposure for both publishers of virtual machine images and for organizations using them. This understanding helps users and providers to take simple preventative measures to greatly improve security.
Jeff frequently competes in security challenges, including the SANS sponsored forensicscontest.com, where many times he’s been a finalist. Jeff has presented at Black Hat USA and Defcon, and holds several industry certifications, including GIAC’s GPEN and GCFW.
Director, Security Practice, PwC
Harshul Joshi is a Director in the security practice for PwC. His primary areas of focus are IT security and compliance based risk assessments, Threat and Vulnerability modeling and security architecture. He has worked with various compliance standards including PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Prior to joining PwC, Harshul was a Director of Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and delivering risk assessment services. He also spearheaded IT security and compliance at Sony Corporate audit group performing compliance and audit assessments for Sony Electronics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with Verizon / GTE.
Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at ISACA North American Conference as well as Network Security Conference. Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).
Advisory Director, KPMG
Tim Mather is a long-time information security practitioner, currently an Advisory Director at KPMG focusing on information protection within cloud computing security and also sits on the firm’s Global Steering Committee for Cloud Computing. Prior to joining KPMG, Tim completed a Master’s Degree in Information Assurance from Brandeis University, and consulted part-time to KPMG UK on cloud computing security. He is also co-author of the book Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, published by O’Reilly.
Previously, Mr. Mather was Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec’s Office of the CTO, and was responsible for coordinating the company’s long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as CISO, responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities.
Tim’s experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies.
Product Manager, Google
Eric Sachs has worked in the areas of user identity and security for hosted Web applications since 1992. Since joining Google in 2003, he has worked as a Product Manager for many services, including the Google Account login system, Google Apps for Your Domain, orkut.com social network, Google Health, Google Security, and Internal Systems. Eric previously worked with Google's CIO on an effort to move Google's internal systems to cloud-based technologies by leveraging the same developer tools that Google makes available publicly. Eric is now involved with industry efforts to increase adoption of Internet Identity standards including OAuth and OpenID as well as to evolve them. Before Google, Eric was CTO and co-founder of Interliant, which provided hosted corporate email services. While at Interliant, Eric led co-development projects with both IBM and Microsoft to build platforms for hosting consumer and enterprise Web applications.
Director, Callplex, Inc.
Steve Sarakas spent several years designing instrumentation and controls for Raven Industries, Crane Co. and other manufacturers. His interest in the confluence of hardware and software design was strong, so attention turned to embedded development. Sarakas repeatedly took new designs from concept to production, accumulating numerous patents. Sarakas founded Callplex, Inc. to market new electronics but recurring challenges in connectivity and data led to intensified development in these areas. Callplex was tapped for funds as Oblique Drive technology emerged. Sarakas now finds himself racing toward the future, the future of an Internet of Things.
Senior Director of Research at Symantec Research Labs
Sanjay Sawhney is the Senior Director of Research at Symantec Research Labs in Mountain View, CA, where he leads the SRL Core Research Group. Prior to joining Symantec, Mr. Sawhney has worked for over 20 years in various engineering capacities, both in startups and well-established companies. He has been a technologist and entrepreneur in areas such as security, systems, storage, and networking. As an engineer, he has developed various data-path technologies such as web proxies, network firewalls, IPS/IDS engines, traffic-rate shaping, filesystems, and SAN appliances. As an engineering leader, Mr. Sawhney founded two companies and led their engineering–Neoscale Systems, a data encryption company, and Ukiah Software, a network security and bandwidth management company. He has also worked in various engineering positions at Novell and Unisys.
EIR, Andreessen Horowitz & Former, CTO, Application Security Center, Hewlett Packard
Caleb Sima currently provides strategic insight as an EIR at one of the top Venture Capitalist firms in Silicon Valley, Andreessen Horowitz. Before signing on Caleb was most recently CEO of Armorize Technologies, an internationally acclaimed, SaaS-based Web Malware monitoring and code security analysis firm. Prior to that, Caleb served as CTO for HP’s Application Security Center and was responsible for directing the lifecycle of the company’s web application security solutions. He joined HP following the acquisition of SPI Dynamics, the company he co-founded and led as CTO, where he oversaw the development of WebInspect - a solution that set the bar in Web application security testing tools. Prior to co-founding SPI Dynamics, Caleb worked for Internet Security Systems’ elite X-Force R&D team and as a Security Engineer for S1 Corporation.
Caleb has been engaged in the Internet security arena since 1996 and has become widely recognized as a leading expert in web security, penetration testing and the identification of emerging security threats. His pioneering efforts and expertise in web security have helped define the direction of the web application security industry. Caleb is a member of ISSA and is one of the founding visionaries of within OASIS, as well as a founding member of the Web Application Security Consortium (WASC). He is also a Microsoft Most Valuable Professional (MVP) in Visual Developer Security, a frequent speaker, press resource, and is featured regularly in the Associated Press and global security media.
Kevin D. Walker
Vice President Assistant Chief Information Security Officer Walmart
Kevin Walker has spent over twenty-five years in various computer science and information technology disciplines, focusing primarily on enterprise applications, network design and information security. He brings this experience to the Assistant Chief Information Security Officer role at Walmart. Kevin has served as a senior security leader as well as CSO and Director of Information Security for several companies in many industry sectors including; Intuit, Cisco, Symantec and VERITAS Software. Kevin has also built one of the first managed security services providers supporting numerous Fortune 100 companies.
Kevin has worked as an engineer and researcher for Digital Equipment Corporation, EDS, SAIC, SRI International and the University of California at Berkeley. He has extensive experience in securing enterprise applications, intrusion detection and prevention, incident response, strong authentication and voice biometrics. Kevin also has longstanding professional interests in networking protocols, securing applications at the atomic level, cryptography and speech biometrics. In these areas he was a key member of the engineering teams that developed secure video telephony over conventional telephone lines, speaker independent telephony-based voice recognition and broadcast quality distributed video. Kevin is an accomplished international public speaker regularly addressing issues ranging from technology adoption, process optimization, and regulatory impact to IT and industry trends. He also hosts a Peer-to-Peer podcast What’s TRENDing addressing timely information security concerns.
EVP of Product Operations, BeyondTrust
Mr. Zierick brings more than 25 years of enterprise experience building technology companies in operations and sales to BeyondTrust, where he is responsible for directing the company’s global initiatives to drive product growth and technical thought leadership in the Privilege Identity Management market, as well as adjacent markets. He drives the development methodology, process and management for the entire BeyondTrust product suite.
Prior to joining BeyondTrust, Zierick served as CEO of Nirvanix, a provider of cloud storage solutions. Before joining Nirvanix, Zierick was CEO of Aspyra, a provider of information solutions for the healthcare industry. Prior to Aspyra, he was CEO of enterprise-oriented embedded control software developer LogicalApps, where he led a sale to Oracle Corporation. Prior to LogicalApps, Zierick was executive vice president of Peregrine Systems’ worldwide field operations, where he oversaw a staff of 350 including sales, alliance, customer support and professional services organization, and was responsible for generating $200 million of new license support and service revenue before the sale of the company to Hewlett Packard. Mr. Zierick’s previous experience also includes partnership at McKinsey & Co. where he advised and executed a number of strategic and operational improvement plans with major technology companies. He also co-led McKinsey’s Southern California technology and operational effectiveness practices, leveraging deep experience in the enterprise software, server, storage and semiconductor sectors.
More details around sponsorship opportunities will be posted soon. If you are interested in sponsoring the Cloud Security Alliance Innovation Conference, please contact: firstname.lastname@example.org