CSA Summit at RSA 2010

Thank you for supporting the Cloud Security Alliance Summit!

We are very sorry for those of you that could not get in to the event, please download the slidedecks here, and look for more detailed proceedings soon!

Congratulations to our Kindle winners, Richard Towle and Michael Helm!

About the Cloud Security Alliance Summit

Take the CSA-IEEE Cloud Standards Survey, Click Here

If you are attending the RSA Conference 2010 in San Francisco with either a delegate or expo pass, please consider attending the Cloud Security Alliance Summit. The next generation of computing is being delivered as a utility. Cloud Computing is a fundamental shift in information technology utilization, creating a host of security, trust and compliance issues. The Cloud Security Alliance is the world’s leading organization focused on the cloud, and has assembled top experts and industry stakeholders to provide authoritative information about the state of cloud security in the Cloud Security Alliance Summit. The summit is being produced in cooperation with IEEE. Platinum sponsorship is provided by McAfee.

This half day event will provide broad coverage of cloud security domains and available best practices for governance, legal, compliance and technical issues. From encryption and virtualization to vendor management and electronic discovery, the speakers will provide guidance on key business and operational issues. We will also present the latest findings from the CSA working groups for Cloud Threats, Metrics and Controls Mappings. Among the topics we will discuss:

  • Emerging Cloud business and technology models
  • Incident response in the Cloud
  • Creating enterprise class Service Level Agreements with cloud providers
  • New cloud-based malicious threats
  • Aligning Cloud Security Alliance guidance with ISO 27001, CobiT, PCI and NIST
  • Identity Management in the Cloud
  • Developing standards to assure compliance and vendor interoperability

This event provides the attendee with a unique opportunity to learn the latest best practices and network with the experts helping shape the future of cloud computing security.

CSA Activities and Promotions at RSA

CSA “Build the Cloud” Alliance Bingo-card Promotion

RSA attendees can enter to win one of two Kindles which will be raffled off during the RSA Conference. Find out more details at the CSA Summit or stop by the CSA Booth # 2641.

CSA Summit

The CSA Summit starts at 9am, but it will pack a full house, so arrive early to guarantee yourself a seat. Doors open at 8:30, the first 250 attendees receive a "Cloud Survival Kit", which includes a copy of O'Reilly's Cloud Security and Privacy as well as CSA's latest research. CSA experts will be available early to keep you "entertained."

9:00 – 9:05 Summit Welcome
Speakers: Marc Olesen, VP & General Manager, McAfee Software-as-a-Service; Jerry Archer, CSO Sallie Mae and CSA Board Member; Dave Cullinane, CISO eBay and CSA Chairman of the Board

9:05 – 9:25 @Beaker’s Future of Cloud
Cloud computing has been characterized by rapid and disruptive technology changes. One of the industry’s leading experts and leader of CSA’s architecture working group discusses what to expect for future innovations in cloud computing and provides the security context for these changes.
Speaker: Christofer Hoff, Cisco Systems

9:25 – 9:45 Cloud Threats Research
Session provides a world premier of CSA’s research into high priority cloud security threats of today and tomorrow, their impact and related mitigation strategies to protect against these threats.
Speakers: Dan Hubbard, Websense & Mike Geide, Zscaler
Introduction by Nils Puhlmann, CSO Zynga and CSA Board Member

9:45 – 10:10 Building Identity in the Cloud
Key identity and access management issues impeding the adoption of cloud computing are discussed and future innovations are outlined. Speakers will also provide an outline of CSA's Trusted Cloud Initiative.
Speakers: Liam Lynch, eBay & Nick Nikols, Novell

10:15 - 11:00 Mission Possible? Data Protection, Compliance and Incident Response in the Cloud
In this session, panelists discuss the enterprise readiness of different cloud deployment modes and how to mitigate risks when the business mandates cloud solutions. Panelists will also discuss best practices for fulfilling compliance mandates, protecting sensitive data and responding to incidents in the cloud.
Speakers: Scott Chasin, McAfee; Andy Dancer, Trend Micro; Ken Biery, Verizon Business; Eddie Schwartz, NetWitness; Steven Schoenfeld, PGP
Moderator: Pamela Fusco, ISSA

11:00 - 11:15 Break

11:15 - 12:00 Securely Getting to Planet SaaS
In this panel session, we discuss how to securely deploy software in different S-P-I cloud delivery models, which legacy security practices are still relevant, and which need to be re-examined. The panel will also discuss how to securely integrate public cloud applications with IT infrastructure inside the enterprise.
Speakers: Archie Reed, HP; Randy Barr, Qualys; Blake Dournaee, Intel; Eran Feigenbaum, Google; Chris Eng, Veracode
Moderator: Tim Mather, Author

12:00 - 1:00 IEEE: Better Cloud Living through Standards
The benefits of cloud computing are being put at risk by fragmented and incompatible cloud solutions. In this session, panelists discuss the mandate for standards, provide an overview of current standards activity and identify the critical standards gaps that must be addressed. The results of the IEEE-CSA standards survey will also be presented.
Speakers: John Viega, McAfee; Jason Witty, Bank of America; Steven Mills, Hewlett-Packard
Moderator: Jim Wendorf, IEEE

Master of Ceremonies: Jim Reavis, Executive Director, CSA

Cloud Security Alliance Summit Scheduled Speakers

Jerry Archer, CSO, Sallie Mae
Jerry Archer is responsible for all security at Sallie Mae. Previously, Jerry was CISO at Intuit. Prior to joining Intuit, Archer was managing director at Global Competitive Strategies, LLC, where he provided insight and validation in the areas of policy, technology, products and strategy to a broad array of firms and government. Previously, Mr. Archer was senior vice president for Global Interoperability at Visa International, where his team codified the policies, standards and best practices for Visa systems and networks globally.

Randy Barr, Chief Security Officer, Qualys
As Chief Security Officer (CSO) of Qualys, Randy is responsible for security, risk management and business continuity planning of the QualysGuard platform used by thousands of organizations worldwide. Randy has over 13 years of information technology and leadership experience. Prior to joining Qualys, he was the Information Security Officer at Yodlee responsible for insuring a high-level security posture of Yodlee's Internet based financial services.

Ken Biery, Professional Services Manager, Verizon Consulting Services, Verizon Business
Ken has 29 years experience in the security industry. He is responsible for providing governance, risk, and compliance (GRC) solutions. These areas include PCI, ISO 27001/2, NERC-CIP, and HITRUST. Ken is also part of Verizon’s virtual environment security team and represents Verizon in the Cloud Security Alliance.

Scott Chasin, CTO, McAfee SaaS Business Unit
Scott Chasin is widely recognized as a leading visionary and expert in the security and messaging industries, having pioneered several cloud-based messaging, collaboration and security technologies and solutions. Recently Scott served as founder and CTO of MX Logic, acquired by McAfee in September 2009, where he introduced and developed a leading cloud email security solution that supported over 4 million end users.

Dave Cullinane, CISO, eBay
Dave Cullinane is the CISO for eBay. Prior to joining eBay, Dave was the CISO for Washington Mutual. Prior to Washington Mutual, Dave was a Senior Consultant for nCipher, Inc.; the Director of Information Security for Sun Life of Canada's U.S. operations and helped create Digital Equipment Corporation's Security Consulting Practice.

Andy Dancer, CTO Encryption, Trend Micro
Andy Dancer has founded and exited a series of SaaS business in eCommerence and Content Management in the UK. He joined Trend Micro with their purchase of British cryptography experts Identum, a Bristol University Spinout, in 2008 taking on the role of CTO Encryption. Recently his focus has been on developing the next generation of security products to protect data and transactions in the public cloud.

Blake Dournaee, Head of Product Management, Intel SOA Products Group
Blake is currently the product manager responsible for Intel SOA products. As a product manager at Sarvega, he was deeply involved in the development of their flagship XML security, routing and acceleration appliance products. Blake was a specialist in applied cryptography applications at RSA Security and was a frequent speaker at many RSA conferences throughout the US and Europe. Blake is an established author who wrote the first book on XML Security and co-authored SOA Demystified from Intel press.

Chris Eng, Senior Director of Security Research, Veracode
Chris Eng, Senior Director of Research at Veracode, is responsible for integrating security expertise into Veracode’s technology and helping to define and prioritize the security feature set of Veracode’s service offerings. His professional experience includes stints at Symantec, @stake, and the US Department of Defense, where he specialized in security assessments and offensive research. Chris has presented at security conferences such as the Black Hat Briefings and OWASP AppSec and has been quoted as a subject matter expert in various industry publications.

Eran Feigenbaum, Director of Security, Google Apps
As the Director of Security for Google Apps, Eran defines and implements security strategy for Google's suite of solutions of Enterprise Products. Prior to joining Google in 2007, Eran was the US Chief Information Security Officer for PricewaterhouseCoopers(PwC). At PwC, he led a team responsible for all aspects of network, server, application, and desktop computer security, as well as security policies, architectures, standards and enforcement. Earlier, Eran spent several years designing and implementing high-performance cryptosystems for electronic commerce solutions for Fortune 1000 clients and government agencies.

Pamela Fusco, CFO, ISSA International Board of Directors
Pamela Fusco has held such prestigious positions as the Chief Security Officer, for Merck & Co., Inc., Digex Inc, MCI Security Solutions and Executive Vice President, Global Information Security, at Citigroup. Currently Pamela is a Director, serving on the ISSA International Board of Directors, contributing author and founding member of the Cloud Security Alliance (CSA)

Mike Geide, Senior Security Researcher, Zscaler
Mike Geide is a Senior Security Researcher at Zscaler where he is responsible for researching, analyzing, and developing mitigation strategies for security threats, particularly threats to Zscaler's cloud and web-based threats targeting customers. His research has been cited in the media, including the USA Today, The Register, and Dark Reading. Prior to joining Zscaler, Geide worked at the Internal Revenue Service (IRS) where he worked on the Online Fraud Detection and Prevention (OFDP) team detecting, analyzing, and investigating cyber crime that uses the IRS, Treasury, or electronic tax filing (eFile) name or likeness.

Christofer Hoff, Director of Cloud and Virtualization Solutions, Data Center Solutions, Cisco Systems
Chris Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud. Chris authors a highly popular blog at www.rationalsurvivability.com/blog

Dan Hubbard, CTO, Websense
Dan Hubbard is chief technology officer for Websense, Inc. He is responsible for all corporate security at Websense, including managing the Websense Security Labs that researches, analyzes, and reverse engineers malicious code, analyzes security trends, and provides research on malicious websites and network protocols.

Tim Mather, Co-Author, Cloud Security & Privacy
Tim Mather is currently pursing a graduate degree in information assurance full-time. Most recently, he was the Chief Security Strategist for RSA, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was V.P. of Technology Strategy in Symantec’s Office of the Chief Technology Officer, responsible for coordinating the company’s long-term technical and intellectual property strategy. Previously at Symantec, he served for seven years as Chief Information Security Officer.

Steven Mills, Senior Architect, HP
Steven Mills has worked at Hewlett-Packard for 28 years in research and development of products for the computer and telecommunications industries. He is currently Senior Architect in the Industry Standards Program Office. He is also the IEEE Standards Association President-elect for 2010, and currently serves as Chair of the IEEE-SA Corporate Advisory Group, Past-Chair of the IEEE-SA Standards Board, Chair of the IEEE Standards Education Committee, Chair of the IEEE-SA Standards Board Patent Committee and member the IEEE-SA Board of Governors.

Nick Nikols, Vice President of Product Management for Identity and Security, Novell
Nick Nikols, Novell’s Vice President of Product Management for Identity and Security, has more than 18 years of experience in the software industry, architecting solutions and developing innovative products for directory services, identity management, provisioning, and directory/application integration. Before his current position at Novell, Nick spent three years as a senior analyst with the Identity and Privacy Strategies Service at Burton Group, where he authored many reports ranging from topics such as fine-grained authorization and identity services to identity management governance. Prior to his work at Burton Group, Nick was a software architect and engineering manager at Novell.

Nils Puhlmann, CSO, Zynga
Nils Puhlmann is the co-founder of CSA and CSO of Zynga, the number one social gaming company on the web. Prior to Zynga, Nils held CSO positions at Qualys and Electronic Arts. Nils was also previously the CISO at Robert Half International, and Director Global IT & Security and Chief Privacy Officer at Mindjet Corp.

Jim Reavis, Executive Director, CSA
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim's innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is the President of Reavis Consulting Group, co-founded the Cloud Security Alliance and serves as its executive director.

Archie Reed, Chief Technologist for Cloud Security, HP
Archie Reed is a HP Distinguished Technologist and Chief Technologist for Cloud Security. Archie is focused on the business and future direction of solutions related to cloud, wireless, security & identity. Archie is a regular conference speaker, and, in addition to articles, he is a noted author including "The Definitive Guide to Identity Management" (Realtimepublishers.com). Archie has worked in many industries from telecoms and financial services to solution integrators and service providers.

Steven Schoenfeld, Vice President, Strategy, PGP
Most recently, Mr. Schoenfeld was Director of Product Management at Check Point Software Technologies, where he helped grow revenue from $86 million to more than $500 million. While there, he was a member of the company’s Product Council, which oversaw product strategy, execution, and measurement. Prior to Check Point, he was a key member of the management staff for Pretty Good Privacy (PGP)/Network Associates, where he led the strategy, definition, and product management of client and server products into corporate markets. In addition, he has held executive positions in several global financial services organizations, with responsibility for guiding technology, e-commerce, and information systems initiatives. He has a B.A. in Political Science from State University of New York at Stony Brook.

Eddie Schwartz, Chief Security Officer, NetWitness
Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems (acquired by INS).

John Viega, VP Technology, McAfee
John is a prolific and widely respected security expert. John has founded several successful security startups and developed several technologies which have become widely used standards. John is the co-author of six books on security. John is a founding member of CSA.

James Wendorf, Industry Connections Program Manager, IEEE
James Wendorf is the Industry Connections Program Manager at the IEEE Standards Association, where he facilitates the building of industry consensus and the incubation of new standards activities, including in the area of Computer Security. Previously he was Vice President of Standardization at Philips Electronics, where he directed corporate strategy and participation in standards activities focused on electronic content distribution, digital home networking, digital rights management (DRM), and content protection.

Jason Witty, SVP and Information Protection Consulting Executive, Bank of America
Jason Witty is a certified Information Systems Security Management Professional (ISSMP), who has played major leadership roles in Information Security throughout his career. He has 17 years of Information Technology experience, 15 focusing on information-security risk management.

Platinum Sponsor


Education Sponsor


Summit Sponsors

Akamai Google HP Intel NetWitness Novell PGP RSA Security Symantec Trend Micro Veracode Verizon Business Zscaler

Cloud Security Alliance Summit Sponsorship

If you are interested in being a sponsor of the Cloud Security Alliance Summit, please contact [email protected].