SecureCloud 2014
SecureCloud 2014 Presentations
Document | Download |
---|---|
Cloud Computing Security A European Perspective
Udo Helmbrecht, Executive Director - European Union Network and Information Security Agency |
Download ZIP |
Critical Infrastructure in the Cloud
JD Sherry, Vice President, Technology & Solutions-Trend Micro Paolo Balboni, European ICT, Privacy & Data Protection lawyer |
Download ZIP |
Post-Snowden Cryptography
Jon Callas (Silent Circle) & Bart Preneel (Katholieke Universiteit Leuven) |
Download ZIP |
Trusted Cloud European Commission
Ken Ducatel, Head of Software and Service, Cloud Computing Unit, European Commission & Nicolas Dubois Policy Officer / Data protection unit, European Commission |
Download ZIP |
Implementing Security-as-a-Service at CERT Poste Italiane: Up Time & Performance Monitoring through the use of a cloud-based architecture
|
Download ZIP |
How to enhance the security of Clouds - Policy Challenges
Evangelos OUZOUNIS, Head of ENISA's Resilience and Critical Information Infrastructure Protection (CIIP) Unit. |
Download ZIP |
HANA Enterprise Cloud – Designed for Enterprises
An introduction of architecture and security design
Maximilian Adrian and Björn Brencher (SAP) |
Download ZIP |
Dutch Governmental Cloud
Arjan de Jong, Dutch Ministry of Interior |
Download ZIP |
Building Secure IT Systems in a Cloudy World – NIST Cloud Computing Security Reference Architecture
Michaela Iorga, Senior security technical lead for cloud computing with the National Institute of Standards and Technology (NIST), Computer Security division. |
Download ZIP |
Are your Cloud API’s vulnerable to Denial of Service?
Mark O'Neill, VP of Innovation at Axway |
Download ZIP |
Towards a CLOUD Strategy enabling eID and Security for the public sector
Prof. Reinhard Posch, CIO Austrian Federal Gov |
Download ZIP |
Managing Information Security in Clouds – The Holistic Approach of the German Federal Office for Information Security
Doubrava, Hartmann, Grete (BSI) |
Download ZIP |
Law enforcement perspective on cloud
J-D Nollet (European Cybercrime Centre) |
Download ZIP |
Okeanos: A public IaaS cloud service for the Greek Research and Academic community
Evangelos Floros, Project Manager in GRNET |
Download ZIP |
Supporting the European Commission's Cloud Strategy with AWS
Chad Woolf, Leads the global compliance program at Amazon Web Services |
Download ZIP |
Incident Response and Cloud Computing - What are the Challenges?
Brian Honan, Founder and head of IRISSCERT |
Download ZIP |
The Future of Cloud Computing
Raj Samani, VP, Chief Technical Officer for McAfee EMEA |
Download ZIP |
French Financial Services perspective on risk management and security in clouds
Gil Dellile (Forum de Competences) and Wojnicki (ATOS) |
Download ZIP |
Security Certification for Cloud Services: The CSA STAR Certification
Daniele Catteddu, Managing Director EMEA |
Download PPTX |
USA Cyber security Framework
Tim Grance, Senior computer scientist at the National Institute of Standards and Technology |
Download ZIP |
Security Building Blocks of the Cloud Computing Reference Architecture
Van Daele and Borrett (IBM) |
Download ZIP |
Sponsorship
SecureCloud 2014 is the perfect opportunity to present your company and products to an international audience and to get in contact with attendees and company representatives from all over the world.
Become our business partner. We will be glad to advise you in order to find the best sponsorship program for your needs or to compile a tailored offer.
Please contact Eileen Sciarra [email protected] to request a Sponsorship brochure.
Gold Sponsors
Bronze Sponsors
Additional Sponsors
Media Partners
About SecureCloud 2014
Cloud Security Alliance (CSA), ENISA and Fraunhofer-FOKUS have joined forces to organize the third edition of the SecureCloud conference.
SecureCloud 2014 is an opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. It is also a place to learn from cloud computing experts about cloud computing security and privacy as well as to discuss about practical case studies from industry and government.
SecureCloud 2014 focuses on
- legal issues
- cryptography
- incident reporting
- critical information infrastructures and
- certification and compliance.
Amsterdam RAI Convention Centre
Amsterdam RAI Convention Centre is one of Europe's most important international exhibition and conference venues, which plays host to almost 1,5 million visitors annually. Each year, 1000 national and international conferences and cultural functions are held in the Convention Centre, which is flanked by Amsterdam RAI's three exhibition complexes. The Amsterdam RAI Convention Centre is situated in one of Amsterdam's parkland areas, only three kilometres from the historic city centre and thirteen kilometres from Schiphol Amsterdam Airport. This modern conference centre, the largest of its kind in the country, is professionally equipped, serviced and staffed to meet all the needs of successful international meetings. Amsterdam RAI is best measured in terms of the expertise of its management and staff, and the advanced and sophisticated amenities that enhance event programmes and ensure the comfort of the delegates.
Amsterdam RAI was established in 1893, with the founding of the Dutch Bicycle Industry Association (Dutch acronym RI referring to the Dutch Bicycle Industry Association). In 1900, the association added the letter "A" to include Automobile.
Amsterdam
Amsterdam is a very accessible and compact city, with a historic city centre. It is vibrant, multicultural and hosts many exciting festivals, events and exhibitions. The city has an excellent public transport network and is located 15 minutes from the main airport, Schiphol Amsterdam Airport.
As Amsterdam is a surprisingly compact city with excellent public transport, travelling around is quick and easy. Amsterdam is the ideal place for planning an extra informal meeting with your colleagues! What about arranging to meet up in one of the 51 museums, many of them within walking distance of the city centre, or in one of the 25 beautiful old courtyards, 1215 pavement cafés or 55 theatres. After a busy day you may appreciate a relaxing stroll back to one of the 350 excellent hotels to take your mind of things.
Hotels
Save money, time and hassle with our event rates.
The hotels in Amsterdam are rolling out the red carpet for SecureCloud 2014.
Attendees and Exhibitors! Book through the official SecureCloud online reservation
system and benefit from our discounted rates.
= Special promotions and/or complimentary amenities may be available at this property.
This online reservation system is made to book one room at a time. If you wish to make a group reservation (10 rooms or more) please send an e-mail to RAI Hotel & Travel Service.
For an overview of the availability per hotel or to view the hotels on a map click here
For more information about what to do in Amsterdam and benefit from exclusive deals visit the Amsterdam Passport.
Agenda Day 1
08.00-09.00 | Registration & Coffee | |
DAY 1 - 1 APRIL 2014 | ||
PLENARY SESSION | ||
09:00-09:15 | Welcome Note from the Conference Co-Chairs: Daniele Catteddu (Cloud Security Alliance), Marnix Dekker (ENISA), Linda Strick (Fraunhofer FOKUS) | |
09:15-10:00 | Opening Keynote Neelie Kroes (VP European Commission) | |
10:00-10:30 |
Keynote: Prof. Udo Helmbrecht (Executive Director ENISA) |
|
10:30-11:15 |
Plenary Panel 1 : Telcos going Cloud. Description:Telecom providers are carrying cloud computing traffic and some are transforming into cloud providers. In this panel we discuss with providers about their security perspective on cloud computing. Moderator: Marnix Dekker (ENISA) Speakers:
|
|
11:15-11:30 | BREAK | |
11:30-12:10 |
Plenary Panel 2 : Data Protection and Security in the Cloud Description: Key representatives from the Task force on EU Data Protection Reform, ICO and the European Privacy Association and FOKUS will discuss possible scenarios related to the current proposals to modernise the EU Data Protection Directive, will dive into its implication and impact on cloud computing market. The panel will also discuss about the Code of Conduct for privacy currently under development in the EC Selected Industry Group. The expert in this panel will provide useful recommendations on how to address one of the most difficult and debated issues in the cloud: Privacy compliance Moderator: Daniele Catteddu (Cloud Security Alliance) Speakers:
|
|
12:10-12:30 | Phil Dunkelberger (Nok Nok) | |
BREAK OUT SESSIONS | ||
TRACK 1: Legal Issues and Policy in the Cloud | TRACK 2: Cloud Security Technologies | |
12:30-13:00 |
Paolo Balboni (European Privacy Association) Title: Practical Guide to Data Protection Compliance in the Cloud |
Jon Callas (Silent Circle) & Bart Preneel (Katholieke Universiteit Leuven) |
13.00-14.00 | LUNCH BREAK | |
Afternoon BREAK OUT Sessions | ||
TRACK 1: Legal issues and policy in the Cloud | TRACK 2: Cloud Security Technologies | |
14.00-14.25 |
Ken Ducatel - Head of Software and Service, Cloud Computing Unit, European
Commission
Title: Trusted Cloud European Commission |
Implementing Security-as-a-Service at CERT Poste Italiane: Up Time & Performance Monitoring through the use of a cloud-based architecture - Mammoliti, Lapa, Lucchetti and Armando (Poste Italiane) - Accepted from CfP Title: Implementing Security-as-a-Service at CERT Poste Italiane: Up Time & Performance Monitoring through the use of a cloud-based architecture - Accepted from CfP |
14.25-14.50 |
Evangelos OUZOUNIS - Head of ENISA's Resilience and Critical Information Infrastructure Protection (CIIP) Unit. Title: How to enhance the security of Clouds - Policy Challenges |
Maximilian Adrian and Björn Brencher (SAP) Title: HANA Enterprise Cloud – Designed for Enterprises An introduction of architecture and security design |
14.50-15.15 |
Arjan de Jong (Dutch Ministry of Interior) Title: Dutch Governmental Cloud |
Michaela Iorga (NIST) Title: Building Secure IT Systems in a Cloudy World – NIST Cloud Computing Security Reference Architecture |
15.15-15.35 |
Peleus Uhley (Adobe) Title: Misperceptions in the Cloud |
Mark O'Neill (AXWAY) - Accepted from CfP Title: Are your Cloud API’s vulnerable to Denial of Service? |
15.35-15.50 | BREAK | |
PLENARY SESSION | ||
15.50-16.35 |
Plenary Panel: Government Surveillance and Monitoring. Description: The Operation Aurora was the first of many sophisticated cyber-attacks allegedly carried out by government organizations. Cloud providers are no longer hiding their frustration at having to fight these adversaries. Zuckerberg (CEO Facebook) wrote recently: "When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government". Also the data access requests of law-enforcement agencies are having an impact on cloud providers. Forrester estimated US cloud providers will lose a stunning 180 billion dollars in sales. This discussion panel focusses on the impact of government surveillance on cloud security. Moderator:
Speakers:
|
|
16.35-17.15 |
Closing Keynote Alan Boehme, Chief of Enterprise Architecture for The Coca-Cola Company Title: Seftware Defined Perimeter |
Agenda Day 2
08.30-09.00 | Registration & Coffee | |
DAY 2 - 2 APRIL 2014 | ||
PLENARY SESSION | ||
09:00-09:40 | Opening Keynote Richard Clarke (Chairman & CEO of Good Harbor, Member of President Obama’s Review Group on Intelligence and Communications Technology) | |
9:40-10:10 | Keynote: Jim Reavis (CEO Cloud Security Alliance) | |
10:10-10:40 | Keynote: Prof. Reinhard Posch (CIO Austrian Federal Gov) | |
10:40-11:00 | BREAK | |
11:00-11:45 |
Plenary Panel: Certification and Cloud Security. Description: Certification and Cloud Security: Leaders from the CSA, ENISA, LaCAIXA, BSI, and the EC will discuss the role of security certification in providing assurance, transparency and ultimately trust in the cloud market. The experts in this panel will provide the audience with an overview on the most relevant certification currently available, their level of maturity and their pros and cons. Moderator: Dimitra Liveri (ENISA) Speakers:
|
|
11:45-12:30 |
Plenary Panel 5: Cloud Provider Panel Description: Removing barriers to cloud adoption, representatives from Adobe, Google, Microsoft and SAP will answer pressing questions from the cloud users around openness, transparency, auditing, portability and about how customer requirements are captured in SLAs. Moderator: Linda Strick (Fokus/Fraunhofer) Speakers: Ralph Salomon (SAP)
|
|
BREAK OUT SESSIONS | ||
TRACK 1: Incident Reporting and CIIP | TRACK 2: Governance, Risk and Compliance | |
12:30-13:00 |
J-D Nollet (European Cybercrime Centre) Title: Law enforcement perspective on cloud |
Managing Information Security in Clouds – The Holistic Approach of the German Federal Office for Information Security (BSI) - Doubrava, Hartmann, Grete (BSI) - Accepted from CfP |
13:00-14:00 | LUNCH BREAK | |
Afternoon BREAK OUT SESSIONS | ||
TRACK 1: Incident reporting and CIIP | TRACK 2: Governance, Risk and Compliance | |
14:00-14:25 |
Evangelos Floros (GrNET) Title: Okeanos: A public IaaS cloud service for the Greek Research and Academic community |
Chad Woolf (Amazon Web Services) Title: Supporting the European Commission's Cloud Strategy with AWS |
14:25-14:50 |
Brian Honan (IRISSCERT) Title: Incident Response and Cloud Computing - What are the Challenges? |
Raj Samani (McAfee) Title: the Future of Cloud Computing |
14:50-15:15 |
Gil Dellile (Forum de Competences) and Wojnicki (ATOS) French Financial Services perspective on risk management and security in clouds |
Daniele Catteddu (Cloud Security Alliance) |
15.15-15.35 |
Tim Grance (NIST) - USA Cyber security Framework Title: USA Cyber security Framework |
Van Daele and Borrett (IBM) - Accepted from CfP Security Building Blocks of the Cloud Computing Reference Architecture |
15.35-15.50 | BREAK | |
PLENARY SESSION | ||
15.50-16.35 |
Plenary Panel: Innovative solution for cloud security. Moderator Jim Reavis (Cloud Security Alliance) Speakers:
|
|
16.35-17.15 | Closing Key Note Richard Mogull - CEO Securosis |
Pre&Post-Conference workshops and training
31 March 2014 | ||
9.30-17.30 | CCSK Training Register Now! | |
9.30-17.30 | Cloud for Europe Workshop | |
9.30-17.30 | ENISA Workshop |
03 April 2014 | ||
9.30-17.30 | STAR Certification Training | |
9.30-17.30 | Joint Workshop: A4Cloud-SPECS
For more information: http://specs-project.eu/events/workshops/securecloud/ or http://www.a4cloud.eu/a4cloud-specs_workshop |
|
9.30-17.30 | CSA Working Groups |
Keynote Speakers
Alan Boehme
Alan Boehme serves as Chief of Enterprise Architecture for The Coca-Cola Company. In this role he is responsible for leading the Global enterprise architecture and emerging technology function. Boehme was previously Sr. VP and Head of IT Architecture for the ING Global Insurance Business as well as serving as chairman of the global cross banking / insurance business (ING Group) enterprise architecture committee reporting into the global CTO office. Prior to his time with ING he served as VP & CIO at Juniper Networks, EVP & CIO Sage Software and the CIO for Emerging Technologies & Shared Services at GE Power Systems.
Richard A. Clarke
Richard A. Clarke is chairman & CEO of Good Harbor and an internationally recognized expert on cyber security, homeland security, national security, and counterterrorism. He is currently an on-air consultant for ABC News and teaches at Harvard's Kennedy School of Government. He is the author of Cyber War: The Next Threat to National Security and What to Do About It. Mr. Clarke served the last three Presidents as a senior White House Advisor, including as Special Advisor to the President for Cyber Security and National Coordinator for Security and Counterterrorism.
PROF DR UDO HELMBRECHT
Prof. Dr. Udo Helmbrecht has more than 30 years of professional management experience in the IT sector.
Udo Helmbrecht was born in 1955, in Castrop-Rauxel, North Rhine-Westphalia, Germany. He studied Physics, Mathematics and Computer Science at Ruhr-University, Bochum, and in 1984 he was awarded a PhD in Theoretical Physics. In 2010 Udo Helmbrecht was appointed honorary professor at the Universität der Bundeswehr Munich, Germany.
His experience in the field of security has been acquired through work in a variety of areas, including the energy industry, insurance, engineering, aviation, defence, and the space industry. He became the president of the German Federal Office for Information Security (BSI) in 2003. Udo Helmbrecht took office as executive director of the European Network and Information Security Agency (ENISA) in October 2009.
Neelie Kroes
Neelie Kroes is the Vice-President of the European Commission responsible for the Digital Agenda for Europe. This portfolio includes the information and communications technology (ICT) and telecommunications sectors. For example: ensuring trust and security for the Internet and new technologies; ensuring competitive communications, such as in the mobile roaming market; building world-class European research and innovation in this sector; and above all getting every European Digital, with access to fast broadband, so they can make the most out of the Internet to support the European economy and society.
Born in 1941 in Rotterdam, The Netherlands, Neelie Kroes attended school and helped to build her family's transport business. After studying economics at Erasmus University she accepted a position there for six years as an Assistant Professor.
Her political career started on the Rotterdam Municipal Council, and in 1971 she was elected as a Member of the Dutch Parliament for the liberal VVD party. From 1982-1989 she served as Minister for Transport, Public Works and Telecommunication in the Netherlands.
After politics she was appointed President of Nyenrode University from 1991-2000, and served on various company boards, including Lucent Technologies, Volvo, and P&O Nedlloyd.
Her charity work included advising the Nelson Mandela Children's Fund and World Cancer Research Fund, and she has an ongoing interest in mental health issues.
Since 2004, Neelie Kroes has worked for the European Commission, as one of the 27 Commissioners working to maintain a peaceful and prosperous Europe. From 2004 to 2009, she was Competition Commissioner, responsible for ensuring a level playing field for business in Europe, and fair prices and wide choice for consumers.
Rich Mogull, Analyst & CEO
Rich has twenty years experience in information security, physical security, and risk management. He specializes in cloud security, data security, application security, emerging security technologies, and security management. He is also the principle course designer of the Cloud Security Alliance training class and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.
Rich is the Security Editor of TidBITS and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).
Dr. Reinhard Posch
The role of the CIO for the federal government is primarily the strategic coordination of activities in the field of information and communications technology that concern more than one ministry. As such, the CIO is the chair of the Austrian eGovernment platform, “DIGITAL:AUSTRIA,” which includes all levels of government.
As head of the institute, he specialized in “Applied Information Processing and Communications Technology,” and as scientific director of the Austrian Secure Information Technology Centre, the main efforts are computer security, cryptography, secure hard- and software, and eGovernment. He is chairman of the board of trustees of the non-profit foundation, Stiftung Secure Information and Communication Technologies SIC, which has been donated by Graz University of Technology.
Reinhard Posch was also chair of the board of ENISA, the European Network and Security Agency.
Reinhard Posch takes part in groups installed by the European Commission to elaborate ICT and security strategies (e.g. Future Internet Visionaires, RISEPTIS). Being a member of the “Rat der IT Weisen,” he is providing advice to Commissioners Kroes and Sefkovis in the area of IT security to assist the implementation of the digital agenda.
Reinhard Posch was awarded the Grand Decoration of Honor in Silver for services to the Republic of Austria.
JIM REAVIS
work in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim's innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, executive director and driving force of the Cloud Security Alliance. Jim was recently named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud and Mobility and how to take advantage of them.
Speakers
Maximilian Adrian
Maximilian Adrian (Director / CRISC, Cloud and Infrastructure Delivery - Security, Processes & Compliance Office, SAP AG) is leading the Areas Internal Controls, Monitoring and Audits at SAP´s Global Security, Processes & Compliance Office.
Main tasks in the last 10 years working for SAP were IT security-, quality- and risk management. He was responsible for the conceptional design & optimization of SAP´s internal control systems with regard to legal requirements and compliance aspects. Furthermore he developed an overall security monitoring approach covering the internal and external company view. Special projects such as safeguarding SOX Compliance Guidelines, ISO 27001:2005 Guidelines, SOC1/SOC2 Type II Guidelines – both followed by successful certifications – as well as Identity and Access Management implementation projects as well as the development of an emergency management process for IT Security Incidents & Emergencies were pushed and implemented.
Prior to SAP, Maximilian worked at KPMG Deutsche Treuhand Gesellschaft AG in Germany for the Information Risk Management department as a Senior IT Advisor and Auditor developing profound knowledge and experiences in compliance &certification audits.
Amelia Andersdotter
Amelia Andersdotter is a Swedish politician and Member of the European Parliament (MEP), for the Swedish Pirate party, part of the Greens/EFA group. Within parliament, she is a member of the committee for industry and research, ITRE, and a substitute in the committees for international trade, INTA, and budget control, CONT. Amelia is currently the youngest Member of the European Parliament.
Ameila studied mathematics, commercial law and Spanish at Lund University. In politics Amelia focuses on Internet freedom, a future-minded IT-policy, more free access to knowledge and culture, increased investments in science and research and a more intelligent industrial policy. Amelia is a highly sought after international speaker and expert on topics pertaining to the internet, intellectual property and IT-policy. She has been named one of the world's ten most important internet activists for the year 2012.
Paolo Balboni (Ph.D.)
Paolo Balboni is a top tier European ICT, Privacy & Data Protection lawyer and serves as Data Protection Officer (DPO) for multinational companies.
As a frequently invited speaker, Balboni has spoken on ICT, Privacy & Data Protection legal matters at more than 30 international conferences around the world in the last 2 years. He is a regularly invited expert on the revision of the EU Commission proposal for a General Data Protection Regulation to the European Parliament. Balboni is the author of the book Trustmarks in E-Commerce: The Value of Web Seals and the Liability of their Providers (T.M.C Asser Press) and of numerous papers on European ICT, Privacy & Data Protection Law.
Balboni is the Scientific Director of European Privacy Association, Cloud Computing Sector Director and responsible for Foreign Affairs of Italian Institute for Privacy. He is admitted to the Bar in Milan and the Founding Partner at ICT Legal Consulting.
Bjoern Brencher
Bjoern Brencher is Chief IT Security Architect in the Cloud and Infrastructure Security Department of SAP AG, Germany. He focuses on the IT security architecture for SAP Cloud solutions mainly HANA Enterprise Cloud.
In the past 7 years working for SAP, Bjoern was responsible for the design, definition, rollout and realignment of the IT security standards for the SAP internal infrastructure. He has extensive and broad knowledge in IT security reaching from network security up to the SAP application layer like SAP NetWeaver Application Server. Further, Bjoern is the main driver of the IT Security Governance project that ensure a consistent level of IT security for the SAP network. On SAP conferences, he regularly shares real-life experiences about SAP internal security projects at SAP conferences.
Prior to SAP, Bjoern worked for KPMG Deutsche Treuhand Gesellschaft AG and Nestle GLOBE Center Europe as an IT security advisor and auditor. In that time, he got deep knowledge in compliance and certification audits, like ISO 27001.
Jon Callas
Jon Callas is an inventor, cryptographer, software engineer, and entrepreneur. He is a co-founder of PGP Corporation, Silent Circle, and Blackphone. He is a designer of security products that have won major innovation awards from The Wall Street Journal and others. He is a co-author of the Skein finalist for SHA3. He has worked on everything from operating systems to user experience on everything from PDP-11s to iPhones.
Manuel Carpio
Manuel is Director Information Security and Fraud Prevention at Telefonica. Telefonica is a Spanish broadband and telecommunications provider with operations in Europe, Asia, North America and South America,. Operating globally, it is the fifth-largest mobile network provider in the world.
In the past Manuel was member of the ESRAB (European Security Research Advisory Board) created by the EC and founder of the GTS (Security steering working group of 15 major Spanish private companies) and the CECONTEL (the Spanish consortium for Telco Business Continuity). The Spanish Information & Communications Security Journal SIC granted him the professional award of the year in 2004. He is also member of the Board of ETIS (www.etis.org), the most active private organization in Europe for the telecom industry and he is secretary of Telefonica’s Corporate Security Committee.
Daniele Catteddu
Daniele is the Managing Director, EMEA, in Cloud Security Alliance, where he is responsible for the definition and execution of the company strategy in EU, Middle East and Africa. He also leads CSA participation in FP7 projects, coordinates European CSA Chapters research projects and manage the relations with European public institutions. In past worked at ENISA (European Network and Information Security Agency), as Expert, where he was responsible of projects in the areas of Resilience and Critical Information Infrastructure Protection (CIIP). Daniele is the author of the study: “Security and Resilience in Governmental Clouds” as well as co-author of the reports: “Cloud Computing: Benefits, risks and recommendations for information security” and “Cloud Computing: Information Assurance Framework”. He is chair or member of various national and international security expert groups on cloud computing security and privacy.
Dr. Marnix Dekker
Dr. Marnix Dekker, NIS Expert and Information Security Officer, ENISA (European Union Network and Information Security Agency). Marnix Dekker works at ENISA in the area of secure services and critical information infrastructures. He focuses on cloud security, smartphone security and also leads the ENISA’s work on the implementation of EU-wide security regulation for the telecom sector.
He has a Master’s degree in Theoretical physics, a Ph.D. in Computer science, and a CISA certification. In his previous job he designed the protocols and processes of large online identity providers, and he performed the quality assurance during the roll-out of a large cloud service, working on behalf of the customer, a critical government agency.
Gil Delille
Gil Delille started his career at IBM, in positions within network and telecom to systems integration project director. He joined the Indosuez Bank in 1994 where he initially led several major delivery projects to later take on responsibility for Information security as Deputy Information Security Officer.
This combined background lead him to forge and promote across the Bank a management model embedding security and business continuity into the structure of large scale delivery projects and aligned to business objectives.
This was carried over through subsequent mergers & acquisition into Calyon, known today as Crédit Agricole Corporate and Investment Bank (CA CIB). to finally take group-wide responsibility as Crédit Agricole’s Chief Information Security Officer (CISO).
Present in all areas of finance, the Crédit Agricole Group is one of the leading actors in the European banking sector (retail banking, corporate and investment banking, consumer finance, etc.) with 54 million clients, €35.1 billion revenues, and 160.000 employees in over 70 countries.
Gil Delille holds an engineer diploma in electronics and industrial IT. He is also Chairman of the “Forum des Compétences”, a French association of Chief Information Security Officers (CISO) and managers of Business Continuity Plans from large French Financial Institutions, offering in close proximity to French Regulation bodies, a forum for exchange, dialogue to share experience, priorities, assessments methods and rational handling of risks.
Peter Dickman
Dr Dickman is an Engineering Manager at Google's Zurich engineering centre, where his teams are responsible for several aspects of the backend of Google Search, including assembling the index that underpins your search results. In addition, he has worked on user data protection projects within Google, addressing both security and privacy issues. He was a member of the EU DG CNCT Cloud Computing Expert Group and is the engineering liaison between Google and ENISA, the European Network and Information Security Agency, which advises governments and businesses on computer security issues.
Nicolas Dubois
Nicolas Dubois currently works as a policy officer in the Data Protection unit at the European Commission. He joined the European Commission in 2007 as a Security officer for the Schengen and Visa IT systems. Nicolas also worked as a researcher and project manager at Orange in Paris, mainly active in IP networks architecture and security. Nicolas received engineering degrees from Suplec (FR) and from the University of Darmstadt (DE).
Ken Ducatel
Ken Ducatel, British, aged 56, holds a PhD in economic geography from Bristol University and an MSc in transport policy from Cranfield University in the UK. He has worked on information society policy for twenty years. He was a member of the Faculty of University of Manchester for 14 years. From 1997 to 2003, he worked at the European Commission's Institute for Prospective Technological Studies in Seville, where he led the Institute's flagship "Futures Project." From 2004 to 2008 he was a member of Commissioner Reding's Cabinet responsible for Lisbon Strategy & Policies for the Information Society . In January 2009 he became Head of Unit for the "Digital Agenda: Policy Coordination" in DG Information Society. Since July 2012 he leads the "Software and Service, Cloud Computing Unit" in the newly formed DG CONNECT.
Phillip M. Dunkelberger
Phillip Dunkelberger has broad experience resulting from more than 30 years in technology. Prior to leading Nok Nok Labs, Mr. Dunkelberger served for 8 years as co-founder and CEO of PGP Corporation, the leader in the Enterprise Data Protection market, until acquired by Symantec in 2010. He has significant experience in SaaS infrastructure and enterprise software, having served as Entrepreneur-in-Residence at Doll Capital Management (DCM), President and CEO of Embark, and COO of Vantive Corporation. He has also held senior management positions with Symantec, Apple Computer and Xerox Corporation. Mr. Dunkelberger has served on several boards of directors, and currently serves on the Board of Social Fortress. He is a founding board member of the Cyber Security Industry Alliance (CSIA) and is Chairman Emeritus of TechAmerica’s CxO Council. Mr. Dunkelberger holds a B.A. in Political Science from Westmont College and is a member of the school’s President’s Advisory Board.
Evangelos Floros
Mr. Evangelos Floros holds a B.Sc. and a M.Sc. in Computer Science from the National and Kapodistrian University of Athens, Greece. He has extensive experience in HPC, cloud and grid computing technologies, having participated in a large number of related European Projects like CrossGrid, D4Science, EGEE-I,II and III, StratusLab and PRACE. Currently he works as a Project Manager in GRNET, Athens, Greece, where he is coordinating the PRACE-GR national-funded project whose goal is to procure, deploy and operate a national HPC service for the Greek research community. He is also involved in the CELAR EU project, being responsible for the technical coordination of GRNET's participation and the adoption of the project' s elasticity innovations by the ~okeanos IaaS service.
Tim Grance
Tim Grance is a senior computer scientist at the National Institute of Standards and Technology in Gaithersburg, MD. He has previously held a variety of positions at NIST including Group Manager, Systems and Network Security and Program Manager for Cyber and Network Security. He has led a broad portfolio of projects including high profile projects such as the NIST Hash Competition, Cloud Computing, Security Content Automation Protocol (SCAP), Protocol Security (DNS, BGP, IPv6), Combinatorial Testing, and the National Vulnerability Database. He is presently a senior researcher supporting various projects in cloud computing, mobile devices/applications, and big data.
He has extensive public and private experience in accounting, law enforcement, and computer security. He has written on diverse topics including cloud computing, incident handling, intrusion detection, privacy, metrics, contingency planning, forensics, and identity management. He was named in 2003 to the Fed 100 by Federal Computer Week as one of the most influential people in Information Technology for the US Government. He is also is a two time recipient of the US Department of Commerce’s highest award—a Gold Medal, from the Secretary of Commerce.
Patrick Grete
Patrick Grete (born 1981) studied Physics. He worked on non-linear dynamics and solid state physics and hold a Master of of Science (2006) and a PhD (2011). After the PhD, he did a short Post-Doc at the Synchrotron Radiation Source DELTA in Dortmund Germany. In 2011 he switched fields and started to work for the Federal Office for Information Security (BSI), where he worked on Information Security Management Systems, Business Continuity Systems, Mobile Security and Cloud Computing.
Sven Hermerschmidt
Sven Hermerschmidt, born in 1969, currently acts as head of the task force on the reform of the EU data protection legal framework within the office of the Federal Commissioner for Data Protection and Freedom of Information. He joined the Federal Commissioner’s office in 2008 as a legal expert dealing with fundamental questions of data protection law. Besides his activities towards the EU data protection reform Mr Hermerschmidt is focused on legal issues of data protection in e-government services, geographical/spatial information services as well as cloud computing.
Before entering the Federal Commissioner’s office Sven Hermerschmidt was engaged for ten years by the State Commissioners for Data Protection in Brandenburg and Mecklenburg/Western Pomerania acting as a legal expert.
Besides his occupational activities Sven Hermerschmidt acted as a legal expert with several EU Twinning Projects in order to strengthen the capacities of data protection supervision in Lithuania, Malta, Macedonia, Bosnia and Herzegovina and Montenegro.
Sven Hermerschmidt studied geography, sociology and law in Berlin. He has been graduated with a law degree after passing the two legal state examinations under German law. During his university and practical studies he worked as a research assistant at Humboldt University Berlin and spent four months as a legal trainee in the German embassy in Canberra/Australia.
Sven Hermerschmidt is married and father of three daughters.
Brian Honan
Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to the Europol Cybercrime Centre, an adjunct lecturer on Information Security in University College Dublin, and he sits on the Technical Advisory Board for a number of innovative information security companies. He has addressed a number of major conferences, he wrote the book "ISO 27001 in a Windows Environment" and co-author of "The Cloud Security Rules". He regularly contributes to a number of industry recognized publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites. In 2013 Brian was awarded SC Magazine's Information Security Person of the year for his contribution to the computer security industry.
Dr. Michaela Iorga
Dr. Michaela Iorga serves as senior security technical lead for cloud computing with the National Institute of Standards and Technology (NIST), Computer Security division. She also chairs the NIST Cloud Computing Security Working Group and the NIST Cloud Computing Forensic Science Working Group. Having previously served in a wide range of consulting positions in both government and private sector industries before joining NIST, Dr. Iorga, a recognized expert in information security, risk assessment, information assurance, and cloud computing security, has a deep understanding of cybersecurity, identity and credential management, and cyberspace privacy issues, as well as an extensive knowledge base in the development of complex security architectures. In her role as senior security technical lead at NIST and chair of the NIST Security Working Group, Dr. Iorga supports the development and dissemination of cybersecurity standards and guidelines that meet national priorities and promote American innovation and industrial competitiveness. Dr. Iorga is particularly focused on working with industrial, academic, and other government stakeholders to develop a high-level, vendor-neutral cloud computing security frameworks under the NIST Strategy for Developing a US Government Cloud Computing Technology Roadmap.
Arjan de Jong
Arjan de Jong is a policy and legal advisor on information security and privacy at the Ministry of the Interior and Kingdom Relations of the Netherlands. He currently works on eGoverment, governmental Cloud, information security, data protection and electronic signatures and trust services.
Arjan has Master’s degrees in Law & IT and Law & Research and furthermore a background in International Relations. He has focussed on issues at the interface of policy, law and technology. In close connection with his current activities, his specialization and special interest lies in (EU) privacy and information security law and policy, intellectual property and electronic identification and trust services.
Hing-Yan LEE
Hing-Yan LEE PhD is Director of National Cloud Computing Office at the Infocomm Development Authority of Singapore, where he oversees the national programme in cloud computing. Under his purview are initiatives such as grid service provisioning, SaaS incubation centre, cloud innovation centre, SaaS Enablement Programme, Technology Evaluation Programme, Data-as-a-Service Programme, development of cloud security standards, CloudAsia as well as collaboration in Open Cirrus and IBM Cloud Lab Singapore. Prior to this, Hing-Yan was Deputy Director of National Grid Office at the Agency of Science, Technology and Research as well as Principal Scientist at the Institute for Infocomm Research. He also held senior management and technical positions at Kent Ridge Digital Labs, Japan-Singapore Artificial Intelligence Centre, Information Technology Institute (applied R&D arm of the National Computer Board) as well as two high-tech start-ups.
Hing-Yan is an Adjunct Associate Professor in National University of Singapore, member of School of Digital Media & Infocomm Technology advisory panel at the Singapore Polytechnic, vice chair of Special Interest Group on Enterprise Cloud Computing & Virtualisation (Singapore Computer Society), and member of Cloud Computing Standards Coordinating Task Force (IT Standards Committee). He has served on the NatSteel Corporate R&D advisory panel, Singapore National Archives Board, Australia-Singapore Joint ICT Council, and co-chair of National Infocomm Competency Framework (NICF) technical committee on Cloud Computing.
He graduated from the University of Illinois at Urbana-Champaign in USA with PhD and MS degrees in Computer Science, specializing in artificial intelligence and software reuse. He previously studied at Imperial College London in UK where he obtained a BSc (Eng.) with 1st Class Honours in Computing and MSc in Management Science.
Rocco Mammoliti
Rocco Mammoliti holds a Degree in Electronic Engineering and a Master's Degree in Security from the CASD (Ministry of Defense - Centre for High Studies).
He has several years of experience in scientific research activities within the field of Information Security, Engineering and Biomedicine at CNR (Italian National Research Council). He has co-authored several scientific papers on topics related to Nonlinear Time Series Modeling, Multivariate Statistical Data Analysis, Information Security, Cryptography and Data Hiding.
He has worked for companies in the field of IT and TLC industries such as Ericsson, Bull, IT Telecom and Telecom Italia, where he held various positions of responsibility, such as IT Security Manager and Information Security Manager. His main areas of activities are network & information security, creation and management of SOCs, abuse & cybercrime prevention, NTD (Notice and Take Down) and COP (Child Online Protection).
He participated in several working groups at ITU and GSMA and he holds membership in several professional associations including the IEEE and the IEEE Computer Society. He is currently Chief Information Security Officer in the Security and Safety Department of Poste Italiane and he’s in charge of the Cybersecurity District and of Poste Italiane's CERT.
Lee Miller
Lee is Lead Governance, Risk and Compliance Architect for Verizon Terremark in EMEA. He has wide ranging experience of designing strategic risk management solutions for organisations across many verticals in the commercial and public sectors. Lee works with Verizon Terremark Cloud customers to ensure effective risk and compliance management is integral to the services provided. Prior to joining Verizon Terremark in 2010, Lee managed the GRC Professional Services Practice for HP Enterprise Security in the UK.
Paul Nicholas
Paul Nicholas leads Microsoft's Global Security Strategy and Diplomacy Team, which focuses on driving strategic change, both within Microsoft and externally, to advance infrastructure security and resiliency. His team addresses global challenges related to risk management, incident response, emergency communications, and information sharing. Paul recently served as subject matter expert for the East West Institute's 2011 publications, including the first U.S. Russia taxonomy for cyber collaboration and a review of the applicability of The Hague and Geneva Conventions on cyberspace. In 2007, he helped to establish the Software Assurance Forum for Excellence in Code (SAFECode), a multi-company effort to advance industry best practices for software security and integrity.
Prior to joining the Microsoft, Paul spent over eight years in the U.S. Government, focusing on emerging threats to economic and national security. From 2002-2004, he served as White House Director of Cybersecurity and Critical Infrastructure Protection. In that role, he coordinated the National Strategy to Secure Cyberspace and Homeland Security Presidential Decision Directive 7. Paul also served in the legislative branch, working as a senior policy advisor for U.S. Senator Robert F. Bennett and as a staff member of the Judiciary Subcommittee on Technology, Terrorism and Government Information. He has also served as an Assistant Director at the U.S. Government Accountability Office, and as an analyst for the U.S. Department of Defense. Paul earned a B.A. from Indiana University, an M.A. from Georgetown University, and is a Certified Information Systems Security Professional.
Tom Nicholls
Tom joined BSI in 2005 taking on a variety of projects spanning product and strategic marketing, corporate strategy and training, during which time Tom was based in the UK and Asia. Tom spent 4 years as a strategic planning manager responsible for planning systems BSI's UK and later the wider EMEA business. More recently Tom has held roles responsible for business process improvement and new product development. Tom is currently the Global Commercial Manager for BSI's Systems Certification Business. Tom is a graduate of Cambridge University with a degree in Geography. Tom's other interests include sailing and climbing.
Jean Dominique Nollet
Jean Dominique Nollet is the head of the European cybercrime EC3 laboratory.
Engineer in physics of weapons, he started his career as combat platoon commander in the French Marines Engineer corps. After a diploma in criminal law and forensics ,recruited by the Gendarmerie, he occupied different command position in the regions. He then was appointed in the national headquarters to manage some international cooperation functions. In 2007 he entered in Europol as head of the Analysis unit. Since the opening of EC3 he manages the forensic laboratory in charge of advanced forensic support to the European international investigations.
Mark O’Neill
Mark O’Neill is VP of Innovation at Axway. Mark co-founded Vordel, a leading vendor of API Management products, which was acquired by Axway in 2012. He is author of the book “Web Services Security” and a frequent speaker and blogger on security and integration topics.
Dr. Evangelos OUZOUNIS
Dr. Evangelos OUZOUNIS is the head of ENISA’s Secure Infrastructure and Services Unit. His unit implements EU Commission’s CIIP action plan, facilitates Member States efforts towards a harmonised implementation of incident reporting scheme (article 13 a & article 4 of new Telecom Package), contributes to the development of the NIS Platform and develops good practices for national cyber security strategies.
ENISA’s Secure Infrastructure and Services Unit runs also numerous studies on cyber security aspects of critical sectors and services like Industrial Control Systems-SCADA, Smart Grids, Cloud Computing, Finance and Interconnected Networks. The Unit also organised in the past the first CIIP exercises (e.g. Cyber Europe 2012/10, Cyber Atlantic 2011).
Alain Pannetrat
is a Senior Researcher at Cloud Security Alliance. He supports CSA's research contributions in national and EU funded projects as well as in cross-industry European R&D initiatives. He is a security and privacy expert, specialized in cryptography, cloud computing and smart-cards.
Before joining CSA, he worked as a IT Specialist for the CNIL, the French data protection authority, and was an active member of the Technology Subgroup of the Article 29 Working Party, which informs European policy on data protection. He started his career as an IT Security consultant specialized in bank smart-card systems. He received a PhD in Computer Science after conducting research at Institut Eurecom on novel cryptographic protocols for IP multicast security.
Prof. Dr. Dr. h.c. Radu Popescu-Zeletin
Prof. Dr. Dr. h.c. Radu Popescu-Zeletin graduated from the Polytechnical Institute Bucharest, gained his doctorate at the University of Bremen, and his habilitated at the Technical University of Berlin where he holds the Chair for Open Communication Systems. As executive director of the Fraunhofer Institute for Open Communication Systems FOKUS, his name is closely associated with the development of numerous solutions for communication infrastructures. Radu Popescu-Zeletin is a member of the Romanian Academy and bearer of the Public Service Medal of the Republic of Romania.
Prof. Dr. Bart Preneel
Prof. Bart Preneel received the Electr. Eng. and Ph.D. degrees from the KU Leuven (Belgium). He is a full professor at the KU Leuven where he heads the COSIC research group. He was visiting professor at five universities in Europe. He has authored more than 400 scientific publications and is inventor of 4 patents. His main research interests are cryptography, information security and privacy. Bart Preneel has coordinated the EU Network of Excellence ECRYPT. Since 1997 he is serving on the Board of Directors of the IACR (International Association for Cryptologic Research), from 2002-2007 as vice president and from 2008-2013 as president. He is a member of the Permanent Stakeholders group of ENISA and of the Academia Europaea and president of LSEC. He has served as program chair of 15 international conferences and he has been invited speaker at more than 90 conferences in 40 countries.
Aernout Reymer
Aernout is responsible for the security of all BT Group's international activities - technology platforms, services, people, physical estate, cyber, and contractual arrangements with customers and suppliers. Aernout joined BT Global Services in 2001, and after several positions in the UK in the Global Networks and Systems division he moved into security to oversee the integration of 27 companies acquired by BT (2005-2009), before becoming CSO for EMEA. Today as Head of Security for BT outside the UK he enjoys working closely with the business and sets a security strategy on the basis of 'think global, act local'. Aernout holds an MSc in Business Administration from Erasmus University Rotterdam, and an MSc in Telecom Engineering from University College London.
Simon Rice
Simon Rice became the Principal Policy Adviser (Technology) at the ICO in February 2011, with responsibility to lead and develop the technical and information security expertise within the office. Simon achieves this by advising on the technical aspects of complaints received and data breach investigations.
Between 2005 and 2011, Simon was a database and software developer at the Health and Safety Laboratory, the principal source of scientific support for the Health and Safety Executive. Prior to joining the Health and Safety Laboratory, Simon studied for his PhD at the University of Manchester in the field of data mining. His research utilized a range of machine learning techniques to extract information from large collections of numeric and textual data.
Ralph Salomon
Ralph Salomon is responsible for defining and maintaining the strategic and operational cloud & IT security requirements at SAP worldwide. Currently he is working on the integration of security frameworks across the different SAP Cloud offerings. His many accomplishments include setup of security framework for SAP HANA Enterprise Cloud, integration of Security, Quality, and Risk Management and improvements in IT Service Continuity Management, which led SAP to achieve ISO27001 certification as one of the first companies in Germany and to become the first German company to be ISO22301 certified. Prior to SAP, Ralph worked at KPMG as an IT Security, Quality, and Risk Management advisor and auditor.
Raj Samani
Raj is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK. He volunteers as the Cloud Security Alliance Chief Innovation Officer, and Special Advisor for the European CyberCrime Centre, and is on the advisory councils for Infosecurity Europe, and Infosecurity Magazine. In addition, Raj was previously the VP for Communications in the ISSA UK Chapter, having presided over the award for Chapter communications programme of the year 2008, and 2009, and was inducted into the Infosecurity Europe Hall of Fame 2012.
Dr. Theodoros Stergiou
Dr. Theodoros Stergiou holds a PhD degree from University of Warwick, UK, in Protocol Security for 3rd Generation Telecommunication Systems. Since then, he has been involved in research of information security management issues as well as innovative security solutions, such as, cloud computing. With more than 10 years of industrial experience, he now holds the position of Security Solutions Product Manager at Intracom Telecom, Greece, while he is the acting Cloud Security Officer of the company. He is specialized in the areas of security consulting services, design and architecture of security solutions, as well as, security portfolio management. At the same time, he has been actively involved in the design of Intracom Telecom’s Public Cloud. He is a chartered engineer affiliated with the British Engineering Council and a member of IET, ISACA, IEEE and IEEE computer society. He is finally engaged in initiatives for the Cloud Security Alliance and ISACA; for ISACA, he is one of the expert reviewers for “Cloud Computing Security”.
Linda Strick
Linda Strick is more than 25 years with the Fraunhofer-Institute FOKUS and works as business developer in the application domain of eGovernment. Her main areas of work are: distributed systems, telecommunications, Service Oriented Architectures and Cloud Computing with focus on security. She is in charge of the Cloud Computing Lab at FOKUS, which provides secure and interoperable cloud scenarios for the public sector. She has been working with national and international projects, in standardization organizations and published several papers. Mid-2013 she became the coordinator of the Cloud for Europe project funded by the European Commission under its 7th Framework Programme.
Peleus Uhley
Peleus Uhley is the Platform Security Strategist within Adobe's Secure Software Engineering Team (ASSET). His primary focus is advancing Adobe's Secure Product Lifecycle (SPLC) and assisting with incident response within Adobe platform technologies, including Flash Player and Adobe’s Creative Cloud platform. Prior to joining Adobe, Peleus started in the security industry as a developer for Anonymizer, Inc., and went on to be a security consultant for @stake and Symantec.
Stefaan Van Daele
Stefaan Van daele is Senior Security Architect at IBM and member of a worldwide team. In this role he is encountering security officers and security architects of organizations from all industries in the European Region and helps them to define security solutions for their business. Also does he facilitate on a regular base workshops with the security teams of those organizations helping them to shape their security strategy . He has more than 25 years experience in the IT industry and since 2000 he is active in the Information Security Domain. He is co-author of the latest version of the IBM Redbook about the IBM Security Blueprint.
Frank van Dam
Frank van Dam works as Enterprise IT Architect / Information Strategist for the Ministry of Economic Affairs of the Netherlands.
His field of work includes IT Strategy, Enterprise (IT) Architecture, eGovernment, Cloud Computing. He is responsible for the development of the architecture of the “Closed Governmental Cloud” of the Netherlands. This is a cloud owned and managed by government for government. He currently works for the FP7 project Cloud for Europe.
Frank holds Master degrees in Business Economics and IT Architecture. In his final Thesis of the MSc IT Architecture, Frank has developed a Cloud Computing Decision Framework which is used by governmental organizations.
Chad Woolf
Chad leads the global compliance program at Amazon Web Services. His efforts focus on enabling enterprise and government adoption of cloud computing by supporting integration of the AWS environment into customers’ risk and control frameworks. The scope of Chad’s program includes governance, risk, compliance, and privacy programs.
Program Committee
Bernd Becker
Since the foundation of EuroCloud Europe as the umbrella organization of the European network of national EuroCloud associations in January 2010, Bernd Becker acted as Vice President before he was elected as President of EuroCloud Europe in January 2013.
Next to his engagement on European level he also is in charge as Chairman of EuroCloud Deutschland_eco e.V. as the German representation in the EuroCloud Europe network. Further, he is actively contributing to the activities of eco e.V., the Association of the German Internet Economy, where he was a Member of the Board between 2002 and 2010, before he took over the responsibility for EuroCloud.
Since 2010, he runs his own businesses with Scout2Cloud and as Co-Owner of the ICTAN GmbH by providing Business Consultancy Services for Cloud providers and Cloud customers.
Camillo Särs
Camillo is the Information Security Manager for F-Secure. His career at F-Secure includes positions as Security Advisor to R&D, Senior Security Researcher, Software Development Manager for the FileCrypto product, and he originally joined the company in 1996 to do SSH technical support. Camillo holds an M.Sc. from Aalto University in software systems and network security. Over the course of his career, he has had to face challenges ranging from implementing ISO 27001 controls, handling security incidents with teams spanning several continents, lobbying for and aiding in the implementation of a SPKI-based authorization framework, to teaching software engineers why and how to do software security.
Dr. Walter Fumy
Dr. Walter Fumy is Chief Scientist at Bundesdruckerei GmbH, where he is responsible for overseeing research and development in the area of eID security. He is strongly involved in the international standardization of security techniques, serving since 1997 as Chairman of ISO/IEC committee SC 27 IT Security Techniques. He is also chairing the BITKOM (German Association for Information Technology, Telecommunications and New Media) Working Group on Security Management.
Jens Fromm
Jens Fromm is head of the competence center public IT at one of the largest European research associations the Fraunhofer Society. His research focus at the Fraunhofer Institute FOKUS is on public IT, eGovernment, IT infrastructures, electronic identities and technical and organizational interoperability. The competence center public IT is funded by the German Federal Ministry of Interior.
Prior to his current position, he was the head of the research group electronic identities as well as of the test- and demonstrationcenter German eID (Test- und Demonstrationszentrum neuer Personalausweis) which was supported by the German Federal Ministry of Interior. Next to managing numerous industry and research projects, he was accompanying the introduction of Germanys electronic identity card, predominantly the so called eID-function.
Dimitra Liveri
Dimitra Liveri has been working in ENISA (second time) since March 2013 as a Networks and Information security officer, focusing on cloud computing by managing the ENISA Cloud security and resilience working group, making research on incident reporting for cloud computing, certification and standardization on clouds and issuing guidelines on how to securely deploy governmental clouds. Before re-joining ENISA she was working in CSA EMEA as a researcher. She has an excellent overview of the security telecommunications standards and policies across Europe. Furthermore she has contributed in several studies on Auditing Frameworks, Metrics and Measurements for resilience and National and pan European cyber exercises. She holds a Master degree from Athens University of Economics and Business (aueb) on Informational Systems, specialized on Critical Information Infrastructure Protection and Information Security, and a Bachelor degree from AUEB on Computer Science.
Dr. Jesus Luna Garcia
Jesus Luna Garcia is the Research Director of the Cloud Security Alliance EMEA. His main responsibilities include the internal scientific/technical management of CSA’s EU funded projects (HelixNebula, A4Cloud, CloudWatch, Cumulus, Cirrus and SPECS). Jesus has worked in the ICT security field for more than 17 years with both industry and academia. Jesus obtained his PhD degree (Cum-Laude) in Computer Architecture from the “Technical University of Catalonia” (2008), and has published more than 30 scientific papers in prestigious venues.
Herbert Leitold
Herbert holds a master of telecommunications and informatics. He has been research assistant at Graz University of Technology. In 2001 he changed to the Secure Information Technology Center – Austria (A-SIT) where he manages the technology assessment activities. In 2003 he became board member of the non-profit foundation Stiftung Secure Information and Communication Technologies (SIC). From 2005 to 2012 he has been head of the E-Government Innovation Center (EGIZ), a joint initiative of Graz University of Technology and the Austrian Federal Chancellery.
Since 2013 he contributes to the Cloud for Europe project where he leads the work package on pre-commercial procurement preparation.
Mario Maawad Marcos
Maawad Marcos has worked in IT for 15 years, the last 10 in Information Security. Since 2004 he has been working in “La Caixa”, the first financial institution in Spain, as Director of Digital Security. He received a B.S. degree in Computer Science from the Politecnic University of Catalonia (Barcelona, 1997) and a MS in Laws, Lawyer, from the Open University of Catalonia (Barcelona 2010). Received also a Postgraduate Diploma in Business Banking from Pompeu Fabra University (Barcelona 2009), and has several Security Certifications such as CISSP 2005,or GCIH 2006.
Olivier Perrault
Olivier is Chief Information Security Officer in charge of Cloud services within Orange Business Services. In Orange group for over than 20 years, he add several directorial experiences in the R&D and wholesale division of Orange group before joining the cloud computing business unit in 2011 as Technical director. Now he has a much more operational role, since he is in charge of a department which defines, builds and runs the security of Orange Cloud Services. His objective is to make security the point that convinces companies to migrate to the cloud. Turning an obstacle, this is how security is currently seen by business customers, into an asset.
Michael Waidner
Michael is the director of the Fraunhofer Institute for Secure Information technology (Fraunhofer SIT) and Chair Professor for Security in IT at the Technische Universität Darmstadt. He is also responsible for two competency centers located in Darmstadt: for the European Center for Security and Privacy by Design (ECSPRIDE), and for the Center for Advanced Security Research Darmstadt (CASED).
He received his PhD from the University of Karlsruhe in 1991. He was one of the initiators of the Zurich Information Security Center (ZISC) at the ETH Zurich. In 2006 he moved to IBM in New York. There he was an IBM Distinguished Engineer and the Chief Technology Officer for Security. Michael Waidner authored more than 130 scientific publications and is inventor of more than 20 patents. He is an IEEE Fellow and an ACM Distinguished Scientist.
Neeraj Suri
Suri received his Ph.D. from the University of Massachusetts at Amherst. He currently holds the Chair Professorship in "Dependable Embedded Systems and Software" at TU Darmstadt, Germany. His earlier appointments include the Saab Endowed Chair Professorship, faculty at Boston University and multiple sabbaticals at Microsoft Research.
Currently he serves as the associate Editor-in-Chief for the IEEE Trans. on Dependable and Secure Computing (TDSC) and an inaugural editorial board member for TDSC. He also serves on the editorial boards for IEEE Transactions on Software Engineering, ACM Computing Surveys, Journal of Security and Networks, and has been an editor for the IEEE Trans. on Parallel and Distributed Systems. He is a member of IFIP WG 10.4 on Fault Tolerance and Dependability, and on advisory boards for IBM, Intel, NASA, Uppsala University, European Commission RISEPTIS Board for Trust and Security, and a member of Microsoft's Trustworthy Computing Academic Advisory Board (TCAAB).
Tjabbe Bos
Tjabbe Bos is a policy officer at the European Commission. At DG CONNECT (Communications Networks, Content and Technology) he is responsible for the implementation of the European Cloud Computing Strategy. In particular he has a focus on security and certification related aspects of cloud computing. He has a university degree in both Information management and Public international law and is experienced in information policy for the public sector.
Veaceslav Puşcaşu
Veaceslav Puşcaşu has over 12 years of experience in the field of Information Technology. He currently serves as Cloud Operation and Security Manager at the Electronic Government Center in the Government of the Republic of Moldova. Mr. Puşcaşu is leading the development of the national cyber security framework, defining the government private cloud security strategy and framework, and ensuring the security of government e–services. Before joining the Electronic Government Center, Mr. Puşcaşu held various positions from Information Security to IT Consultancy Manager during his 10 year activity within Endava. Mr. Puşcaşu has vast experience in implementing and auditing the ISO 27001 and PCI DSS standards. He is ISACA Certified Information Security Manager and holds a PhD Degree in Electronics and Telecommunications from Bucharest Polytechnic University.
CCSK Training
Date: 31 March 2014 (the day before the conference starts)
The CCSK training is design for IT professional and Cloud Computing stake holders who wish to better understand Cloud Computing risks, solutions and security methodology.
Security in Cloud computing is a great challenge. We all know that security, privacy and compliance are major obstacles when adopting cloud computing. But, as any other risk to the business, we need to learn how to understand the risk and manage it.
Secure-Cloud 2014 is a great opportunity to close the knowledge gap about cloud computing security. We invite all conference attendees to participate in official Cloud Security Course (CCSK certification) taken place in the day before the conference.
During the one day training we will review topics like risks and challenges at Cloud Computing environments and analyze different solutions and best practices for Data lifecycle, application and users security.
Class Outline:
This class is broken out into 6 modules that cover the 13 domains of the CSA Guidance and the ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security.
Module 1:
Introduction to Cloud Computing. This module covers the fundamentals of cloud
computing, including definitions, architectures, and the role of virtualization.
Key topics include cloud computing service models, delivery models, and fundamental
characteristics. It also introduces a model for assessing the risk of moving
to the cloud.
Module 2:
Infrastructure Security for Cloud Computing. This modules digs into the details
of securing the core infrastructure for cloud computing- including cloud
components, networks, management interfaces, and administrator credentials.
Students will learn the key components to public and private clouds and techniques
for securing them.
Module 3:
Managing Cloud Security and Risk. This module covers important considerations
for managing security for cloud computing. It begins with risk assessment
and governance, then covers legal and compliance issues, such as discovery
requirements in the cloud. It finishes with a discussion or portability and
interoperability and managing incident response when working with cloud providers.
Module 4:
Data Security for Cloud Computing. One of the biggest issues in cloud security
is protecting data. This module covers information lifecycle management for
the cloud and how to apply security controls, with an emphasis on public
cloud. Topics include the Data Security Lifecycle, cloud storage models,
data security issues with different delivery models, and managing encryption
in and for the cloud.
Module 5:
Application Security and Identity Management for Cloud Computing. This module
covers identity management and application security for cloud deployments.
Topics include federated identity and different IAM applications, secure
development, and managing application security in and for the cloud.
Module 6:
Selecting Cloud Services. This module covers key considerations when evaluating,
selecting, and managing cloud computing providers. It includes important
questions to ask and what to look for. We also discuss the role of Security
as a Service provider.
About the instructor
Moshe Ferber is a security expert and entrepreneur, with 20 years' experience in information security. Serving in various capacities in information security field, and was involved in major projects in leading organizations worldwide. He has in-depth knowledge of both the technical and the business aspect of the latest, cutting-edge technologies.
Among his achievements, Moshe was leading the security product group at Ness Technologies (Nasdaq: NSTC), where he worked with state of the art security technologies, such as IDM, SIM and DLP. Later on founded Cloud7, a leading managed security services provider (acquired later on by Matrix ltd).
In the last couple of years, Mr. Ferber has focused on various aspects of cloud technology as entrepreneur. He is a partner at FortyCloud and Clarisite - startups companies with innovative solutions for information security. He is also a board member for the Cloud Security Alliance Israeli chapter and official CCSK trainer.