17
Highlights of the CSA Conference Orlando, Nov. 2010 Guy Alfassi Alfa Consul.ng
Highlights of the CSA Conference Orlando, Nov. 2010
Guy Alfassi
Alfa Consul.ng
Agenda
• 14:00 Registration, networking and general chaos • 14:20 Highlights of the CSA event in Orlando - Guy Alfassi, General Manager,
Alfa Consulting • 14:40 CCSK - Ariel Litvin, Technology Innovation Leader, PWC • 14:50 The Technology Showcase Wiki - Iftach Amit, VP Business
Development, Security Art • 15:00 Security management to, for, and from the cloud - Oded Tsur, Senior
Solution Strategist, CA • 15:30 Short break • 15:50 OWASP Israel & Introduction to OWASP Top 10- Ofer Maor, CTO -
Hacktics & Chairman - OWASP Israel • 16:20 Practical Enterprise use cases of data protection in the cloud - Guy
Bejerano, Chief Security Officer, LivePerson • 16:50 Virtual Private SaaS - the solution to data privacy and data compliance
issues in SaaS - Dr. David Movshovitz, CTO, Navajo Systems
About CSA Formed in 2008 as a non-profit organization. Objectives: • Promote a common level of understanding
• Promote research
• Awareness
• Create consensus lists and guidance.
CSA Members
CSA Research
• Cloud Control Matrix
• Top threats to Cloud Computing
• Guidance for Identity and Access Management
• Application Security Whitepaper
How to get there
http://cloudsecurityalliance.org/
Managed through a LinkedIn group:
Cloud Security Alliance
http://www.linkedin.com/groups?mostPopular=&gid=1864210
CSA Israel • An Israeli chapter of the CSA, formalized in June 2010.
• Our focus:
– Cloud Security technology innovations – localization of Cloud Security best practices
– LinkedIn group: http://www.linkedin.com/groups?mostPopular=&gid=3050440
Join CSA at http://cloudsecurityalliance.org/Membership.html , And then request to join our chapter.
About the conference
First independent global event for CSA 2 days, 4 tracks , 32 presentations, 4 keynotes Hundreds of participants from all over the world
About the conference
Keynotes were very insightful and surprisingly not own-company-oriented.
About the conference
• General impression: Vendors, clients and regulators are highly interested in cloud security.
• Some might actually try it sometime.
FedRAMP
• Federal Risk and Authorization Management Program
• Providing a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.
FedRAMP – Applicability to Israel
• The standard itself does not apply here.
• The need for such a standard exists.
• A call to action to government / the private sector : Let’s do our own version / adopt FedRamp !
Quantum Datum
Information Centric Security for Cloud Computing
Rich Mogull, Securossis
Quantum Datum
• An analogy between quantum mechanics and cloud computing
• Quantum: The minimum unit of a physical entity.
• Datum: the singular form of Data. A single piece of information.
Quantum Mechanics
• Quantum mechanics looks at the particle, and tries to explain its behavior.
• Wave- Particle duality
• The uncertainty principle: Heisenberg principle
Why is this relevant? • The perimeter shrinks to the size of a datum.
• Datum can be in multiple places at the same time, and have different security levels.
• A breach for one instance of the datum affects other instances.
• Leakage can occur even when the probability is low.
What can we do?
• Use data labeling.
• Use data encryption according to security needs.
• Implement DLP and DRM in our architecture.
