This year’s Cloud Security Summit dives deep into the technical aspects of securing your cloud-based data. From the state of security in the cloud, to evaluating your environment to identify vulnerabilities, and developing and delivering a secure multi-cloud ecosystem, this Summit is designed to prepare your organization to defend against the ever-growing threats in the cloud.
With real-life case studies and lessons learned from recent breaches the Cloud Security Summit focuses on actionable insight you can take back to your office to start enhancing cloud security immediately.
Cloud Security Summit Session Schedule:
9:30 AM - 10:30 AM
CS1 Stranger Things in the Cloud: How Do We Stop Breaches?
Roger Ofarril, Information Security Manager, Federal Reserve Bank of Chicago
The race to the cloud is on full force. As enterprises fast-track their cloud adoption, strange things keep happening that undermine security and put data at risk. This session explores the state of security in the cloud, from the real meaning of “shared responsibility” to the lessons learned from recent breaches. The focus is on actionable content that you can take back to your day job and start enhancing cloud security.
10:30 AM - 11:30 AM
CSS2 Enabling a Cloud Security & Operating Model
Rob LaMagna-Reiter, CISO, FNTS
Organizations have also realized they need to realign their IT skillsets & culture to take advantage of the cloud & automation shift. Learn first-hand how enterprises are taking an active role to adjust their service delivery, as well as leveraging calculated risk to improve the efficiency and effectiveness of the security program.
11:30 AM - 12:30 PM
CS3 A Live Simulation of an Advanced Cloud Misconfiguration Exploit
Josh Stella, Cofounder & CTO, Fugue
The leading cause of data breaches in the cloud aren’t application or OS vulnerabilities--it’s cloud misconfiguration, which are almost always due to customer error. Unfortunately, these mistakes are easy to make and extraordinarily common in enterprise cloud environments. We’ve moved beyond simple “misconfigured S3 bucket” incidents and into more advanced attacks that exploit a series of common cloud misconfiguration vulnerabilities--many of which are often missed or not even categorized as misconfigurations by security teams.
Traditional security approaches and solutions can’t prevent misconfiguration or detect associated data breaches because cloud misconfiguration is a software engineering problem, not a security analysis problem. That’s good news, because with the right cloud security architecture, we can address cloud misconfiguration before hackers can find and exploit them.
The demonstration will utilize a running AWS cloud environment, but the concepts and misconfiguration risks are applicable to any cloud provider, including Microsoft Azure and Google Cloud Platform.
1:30 PM - 2:30 PM
CS4 Cloud and Container Audit-Compliance Considerations
Trip Hillman, Director, Cybersecurity Services, Weaver
2:45 PM - 3:45 PM
CS5 Internal Controls in the Cloud
Ryan Mackie, Principal, Schellmann
Moving to the cloud, whether it is IaaS, or SaaS, is nearly inevitable in the current market. As a user of cloud services, it is important to understand the risk and control landscape an organization must navigate. Learn what an organization should know when using cloud providers as a component of their supply chain. Hear about internal control boundaries and who is responsible for what. Explore tools and resources, such as the Cloud Security Alliance and ISO/IEC 27017:2015, that an organization can utilize when determining control boundaries and assessing internal controls. Monitor your cloud provider's controls through SOC examination and understand complementary user entity controls.
3:45 PM - 4:45 PM
CS6 Securing your Cloud and Your SaaS: 6 Practices to Beat Hackers and Satisfy Regulators
Tony Pietrocola, President, Agile1, LLC
Cybercriminals have expanded every company’s attack surface by attacking networks, cloud, SaaS, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers. This presentation will show real life case studies, how the company handled the breach and six practical applications to secure your cloud, your SaaS applications and your mobile surface.