Understanding which tools and services consumer can expect from cloud providers.
For each layer of the SPI stack (IaaS ,PaaS, SaaS) we will review the security controls and how they are implemented.
Audience: Cloud consumers who are taking first steps into the cloud and wish to know what to expect.
Cloud migration bring different challenges for security professionals, but the nature of the security challenges vary between the different market sectors. While finance sector is coping with compliance challenges, hi-tech companies are struggling to earn customers trust and create scalable applications. In this presentation we will examine cloud security challenges according to the different market sectors. For each sector we review the current cloud adoption status and list cloud challenges based on the risk profile of the sector.
Audience: Security professionals, CTO & CIO.
We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our back-end systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology.
But the described changes are being held and delayed, and that is mostly because the information security. Unsolved challenges regarding trust, privacy and compliance are currently holding cloud computing from moving on. Information Security has never been such a barrier in front of technology progress, until today.
So it is time for innovation. There are many thing we need to change in the way provide security. We need to add more robust virtual controls such as encryption and we need to re-think about the way we provision identities and perform authentication. Cloud provider will have to invent ways to increase transparency and consumers trust and cloud consumers will have to learn how to perform adequate risk management and elevate new security controls.
In the presentation we will examine the road-map of cloud security and the requirements for new solutions. We will overview new technologies such as SDN (software defined networks) and Encryption methods and discuss its effect on security, we will elaborate the changes made in the last years in the API security and Identity Management and try to think where will technologies take us on that.
Passing through the Lion’s den – How to sell cloud services to security guys
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
Securing your IaaS infrastructure
Or - how not to become the next Code-Spaces.
Last June, a code repository SaaS provider name code-spaces was completely wiped out and closed business after an intruder managed to gain access to their AWS dashboard. All of the company data including volumes, snapshots, objects and backup was deleted leaving the company manager only one alternative – shutdown the business.
Infrastructure as a Service can do amazing things for your business, providing young companies access to enterprise level infrastructure with flexibility and ease of use. But the very same advantages of the cloud also possess the greatest threats. The centralization of controls, resources polling and automation capabilities can act as two edged sword if not maintain correctly.
In the presentation we will review the challenges facing IaaS consumers, overview important IaaS security features inside OpenStack and other platforms and list the important attack vectors to look out for.
Cloud Computing presents major opportunities and benefits for the organization worldwide. It is scalable, flexible and efficient. But along with those major advantages, comes the threats. Most Cloud Computing threats and risks are well documented, but we are missing information regarding how those threats can be put into practice in the real world, what are the attack vector used and what is the risks and results for those events. In the presentation we will elaborate the notorious nine Cloud computing threats as described by the Cloud Security Alliance, and for each threat we will provide recent examples for known incidents, the attack vectors used and the damage resulted from the incident. By understanding the risks and case studies, we can better prepare our organization for cloud adoption. Among the recent events we will explore: Supply chain attacks, Attacks for Bitcoin mining, Attacks on the management GUI, API manipulation and more. We will talk about recent incidents for such as Code-spaces.com hack, Buffer and Mongo DB OAUTH credential theft, attacks on Twitter and Microsoft and many more.