CSA Official Press Release
CSA Summit Returns to Infosecurity Europe 2018
World’s leading cloud security organization brings its premier event to Europe’s top information security conference
Seattle, WA – May 9, 2018 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the agenda for the second annual CSA Summit at Infosecurity Europe 2018. The full-day event will be held Tuesday, June 5, as part of Infosecurity Europe 2018 (London, June 5-7).
The event will bring together leading security experts and cloud providers from around the world to discuss global governance, the latest trends in technology, the threat landscape, security innovations, and best practices, in order to help organizations fully understand the capabilities of cloud and how to properly protect themselves from its potential risks. Attendees will also have the opportunity to take advantage of Certificate of Cloud Security Knowledge (CCSK) exam training and a workshop - Achieving General Data Protection Regulations (GDPR) Compliance with the CSA Code of Conduct.
“Today, cloud adoption encompasses a wide range of mission-critical business functions. Some organizations, such as those in the financial and government sectors, have made significant steps thanks to regulatory mandates, requiring a change in technology security as well as the mindset of security professionals,” said Jim Reavis, CEO of the Cloud Security Alliance. “This year’s Summit will examine these advancements and others as we look to provide companies with actionable advice on how they can best apply these technologies to their unique business needs.”
The CSA Summit at Infosecurity Europe 2018 will feature keynote presentations from some of the industry’s most notable thought leaders in cloud, who will speak on such topics as:
- Security as a Service: Work Where Your Engineers Live. Julia Knecht, Adobe Experience Cloud’s manager of Security & Privacy Architecture, will explain how Adobe leveraged existing software development processes to enable their engineers to get security work done when and where it needs to get done —without the overhead of constantly trying to reinforce security-specific processes.
- Confessions of a Cloud Security Convert. In this talk, Michael Farnum, solutions architect manager/South Texas for Set Solutions, Inc., will share what he has learned as he transitioned from a career in network and application security to one in cloud security and take attendees through his journey of converting to the cloud.
- Quantum-Safe Cloud Security. ID Quantique's Quantum Safe Product Manager Bruno Huttner will discuss quantum-safe security and the recent work of the CSA Quantum-Safe Security Working Group.
- Threat Modeling: The Ultimate DevSecOps. Learn how to take DevSecOps to the next level using threat modeling in this session from Fraser Scott, senior cloud security & DevSecOps engineer, with Capital One. He will walk the audience through a threat model of a cloud-based service using the Open Web Application Security Project (OWASP) Cloud Security project, looking at it from the perspective of development, operations and security. Attendees will walk away with an understanding of how threat modeling can dramatically improve the security of services by identifying and addressing threats, and will have the basic tools and techniques they need to get started threat modeling their own cloud services.
- Secure by Design IoT. In this session, Matthew Theobald, a Cloud Security Architect with Schneider Electric, will show how to significantly reduce an Internet of Things (IoT) device's attack surface using an alternative approach for bi-directional data flows to arrive at an IoT solution that is secure by design. The session will include a demonstration of an IoT device which sends telemetry to the cloud and responds to commands from a web application to perform actions on the board. The demonstration will include a network scan to show the device does not have an addressable server endpoint.
Also on the agenda is the EMEA Chapters Panel, during which time attendees will have the chance to provide feedback on cloud issues that are specific to Europe, as well as:
- Discover what is going on in their country;
- Understand what research is being undertaken within Europe; and
- Learn of various projects’ progress and how they can contribute to areas of their own areas of interest.
CCSK v4 at Infosecurity Europe 2018. Attendees who are thinking of taking the CCSK exam or who simply want to deepen their knowledge of cloud security controls and implementation will want to register for this 1-day training workshop on June 7. Taught by Peter HJ van Eijk, an authorized CSA training partner and noted cloud computing expert, the provides students a comprehensive 1- day review of cloud security fundamentals and prepares them to take the CSA CCSK certificate exam.
Starting with a detailed description of cloud computing, the course covers all major domains in the Guidance document from the Cloud Security Alliance, the CSA Cloud Control Matrix (CCM), and the recommendations from the European Network and Information Security Agency (ENISA). Participants are encouraged to take advantage of some of the online training that is provided in advance of the course in ordered to maximize the training’s benefit. Students receive an exam token as part of the course fee.
Achieving GDPR Compliance with the CSA Code of Conduct. This workshop on June 7 (10 a.m. – 1 p.m.) provides a brief overview of the European General Data Protection Regulations (GDPR) requirements. It explains the key role of the principles of accountability and transparency within the scope of the law and finally introduces the CSA Code of Conduct for GDPR compliance. During the workshop, representatives from CSA, the auditing community (ICT Legal and EY Certify Point) and a cloud service provider will walk-through a real-world scenario of how they can adopt the Code of Conduct for their organizations. Attendees of this workshop will walk away understanding: which are the GDPR requirements for data controller and processors in the cloud. what the CSA Code of Conduct for GDPR compliance is and how to integrate the CSA Code within their existing security program.
the importance of transparency and accountability from both the cloud service providers and customer perspective. Presenters include Daniele Catteddu, CTO, Cloud Security Alliance; Paolo Balboni, founder of ICT Legal Consulting and chair of the CSA Privacy Level Agreement Working Group; Mayank Joshi, Manager, Ernst & Young Certify Point; and a representative from a cloud service provider.
To register or learn more, visit csacongress.org.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.