Hackathon On! Cloud Security Alliance Challenges Hackers to Break its Software Defined Perimeter (SDP) at CSA Congress 2014
Successful Breach of SDP Protected Public Cloud Will Earn a Prize of $10,000
San Jose, CA – August 27, 2014 – The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced it will hold its second Hackathon this year at the upcoming CSA Congress 2014, to validate the CSA Software Defined Perimeter (SDP) Specification to protect application resources distributed across multiple public clouds. In a twist from its last event (where no one was able to hack the SDP), the CSA is inviting Congress participants, along with hackers from all over the world to attempt to access a file server in a public cloud, which is protected by the SDP via a different public cloud. The first participant to successfully capture the target information on the protected file server will receive $10,000. Additionally, all participants will be entered into a random drawing to win $500.
At the first Hackathon held at the RSA Conference earlier this year, hackers from all over the world participated, including notable entrants from China, Russia, United States, Brazil, Romania, Hungary, Argentina, Hong Kong, United Kingdom, Chile, Korea and more. During the five-day event, there were more than 10 billion attacks at the Software Defined Perimeter. No one was able to circumvent even the first of the five SDP security controls layers.
“We expect, in a relatively short time, the SDP to be widely adopted as the industry standard by enterprises and federal organizations where security is a critical path to achieving a competitive advantage and critical business objectives, such as accelerating time-to-market and cost savings, ” said Bob Flores, former CTO of the CIA, current Partner at Cognitio Corp and also co-Chair of the CSA SDP Working Group. “Over the last several months, we are seeing momentum in SDP adoption by enterprise companies. This signifies that the SDP Specification has had a real impact on people’s thinking, and its ability to protect networks has garnered strong confidence among our enterprise users who are relying on it today to protect their own networks.”
For the first time, the SDP security components will be used to create secure connections between public clouds as well as protecting application resources within them. “For this Hackathon, we are testing a new concept of cross cloud security,” said Junaid Islam, CTO of Vidder Inc. and co-chair of the SDP Working Group. “At the end of this Hackathon, we intend to demonstrate to enterprises that they can distribute applications across multiple public clouds knowing they will be protected.”
At this year’s CSA Congress SDP presentation, Jeff Schweitzer, Chief Innovation Architect of Verizon, will join Islam to discuss both the theory and hackathon setup in detail.
Increasingly, enterprises are deploying assets across multiple public clouds. Enterprise security teams are responding with urgency to create a secure connection between public clouds while protecting application resources within them. This hackathon will test – and prove – the SDP’s ability to secure connectivity and applications cross clouds.
Participants will have the option to attempt access to the file server either via the secure cloud connection or directly. The grand prize of $10,000 will be awarded to the first person successfully downloading a message from an SDP-protected file server. Full contest rules and registration are available at https://cloudsecurityalliance.org/research/sdp/.
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at https://cloudsecurityalliance.org, and follow us on Twitter @cloudsa.