Cloud Security Summit
Date & Time
Thursday, April 2, 2020, 9:00 AM - 5:00 PM
This year’s Cloud Security Summit dives deep into the technical aspects of securing your cloud-based data. From the state of security in the cloud, to evaluating your environment to identify vulnerabilities, and developing and delivering a secure multi-cloud ecosystem, this Summit is designed to prepare your organization to defend against the ever-growing threats in the cloud.
With real-life case studies and lessons learned from recent breaches the Cloud Security Summit focuses on actionable insight you can take back to your office to start enhancing cloud security immediately.
Cloud Security Summit Session Schedule:
9:15 AM - 10:15 AM
CS1 Stranger Things in the Cloud: How Do We Stop Breaches?
Roger Ofarril, Information Security Manager, Federal Reserve Bank of Chicago
The race to the cloud is on full force. As enterprises fast-track their cloud adoption, strange things keep happening that undermine security and put data at risk. This session explores the state of security in the cloud, from the real meaning of “shared responsibility” to the lessons learned from recent breaches. The focus is on actionable content that you can take back to your day job and start enhancing cloud security.
10:15 AM - 11:15 AM
CS2 Building a Secure K8S Multi-Cloud Platform
Vincent LaRosa, VP Global Security Architecture, ADP
Kubernetes (K8S) has exploded in popularity and is quickly becoming one of the hottest and most important technologies of our time. In this session we'll discuss how to design and deliver a secure multi-cloud ecosystem to allow your company to leverage the power of K8S in a robust and secure fashion across public and private clouds.
11:30 AM - 12:30 PM
CS3 A Live Simulation of an Advanced Cloud Misconfiguration Exploit
Josh Stella, Cofounder & CTO, Fugue
Wayne Crissman, Director of Security, Fugue
The leading cause of data breaches in the cloud aren’t application or OS vulnerabilities--it’s cloud misconfiguration, which are almost always due to customer error. Unfortunately, these mistakes are easy to make and extraordinarily common in enterprise cloud environments. We’ve moved beyond simple “misconfigured S3 bucket” incidents and into more advanced attacks that exploit a series of common cloud misconfiguration vulnerabilities--many of which are often missed or not even categorized as misconfigurations by security teams.
Traditional security approaches and solutions can’t prevent misconfiguration or detect associated data breaches because cloud misconfiguration is a software engineering problem, not a security analysis problem. That’s good news, because with the right cloud security architecture, we can address cloud misconfiguration before hackers can find and exploit them.
The demonstration will utilize a running AWS cloud environment, but the concepts and misconfiguration risks are applicable to any cloud provider, including Microsoft Azure and Google Cloud Platform.
1:30 PM - 2:30 PM
CS4 Session to be announced
2:45 PM - 3:45 PM
CS5 Session to be announced
3:45 PM - 4:45 PM
CS6 Securing your Cloud and Your SaaS: 6 Practices to Beat Hackers and Satisfy Regulators
Tony Pietrocola, President, Agile1, LLC
Cybercriminals have expanded every company’s attack surface by attacking networks, cloud, SaaS, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers. This presentation will show real life case studies, how the company handled the breach and six practical applications to secure your cloud, your SaaS applications and your mobile surface.