Seminar : Trust in the cloud and cloud trust, or Security in the cloud : bust the hype

Since 2009 the IT industry has been overwhelmed with the concept of the Cloud. Starting as an evolution from the constant shifts between centralization and decentralization, the shared hosting and collocation offerings, managed services models and the growing technological advantages of broadband speeds and virtualization, Cloud Computing, today is a conglomerate of all sorts of services ranging from infrastructure, to back-end applications to full outsourcing of front- and backend applications and unlimited availability at Total Cost of Ownerships which becomes almost variable based upon the business requirements.
In addition to some of these and environmental advantages, there are also advantages of availability (suddenly you can get a full blown server OS, db, completely configured with all user ID’s, latest security packs available ready to go at no time) and advantages of resilience (automatic failover and redundancy).
Still, many European information security managers and their CIO’s are questioning the level of security of these clouds and cloud services providers. Can clouds be trusted with sensitive corporate data, critical information systems, high availability services, or should companies only consider unimportant information? Will Cloud Service Providers need to come up with a series of certifications such as CSA, or ISO for your organization to be able to trust? Let’s take some of the basic and more advanced security challenges and apply them to the cloud service provider that you would be investigating and test them to all levels of security that you would demand for your own organization. Will they stand the test? Would this be sufficient, or are there other levels of challenges that play, such as data protection regulation and availability 24/7, with high-throughput pipes and means. Are the cloud customers protected against failure, loss of data and what happens if there is an incident? What is the procedure that is being laid out to detect, report, and if possible remediate. What jurisdiction applies for potential litigation? Will there be audit possibilities? On site?

This event was supported by LSEC expert Members CA Technologies, MMS-Secure and Vasco Data Security.
Thanks to Verizon Business for providing the Ubicenter facilities.

Final Program

8.30 : Welcome & Registration

8.45 : Opening Notes & Introduction by Ulrich Seldeslachts, CEO LSEC
Coffee continuously available during the morning.

09.15 : Cloud Computing a systemic overview of opportunities and challenges, by Henk van der Heijden, Vice President Security Europe CA Technologies

About : prior to joining CA Technoligies, Henk has developed an extensive experience on customer cases and security needs as Managing Director at Comsec Consulting BV and as Director Security Services at EDS. Before that he was General Manager at Sequent Migrations. Broad and long (25 Years) experience in IT and IT Services. For the last 12 years specialised in Risk Management and Information Security. Henk is specialized in Risk Management and Security Consulting and has a broad and long IT Services knowledge. Within CA Technologies, Henk is responsible for the Security Business Unit in EMEA. Leading the Business Unit of CA Technologies excellent portfolio of Security Solutions.

10.00 : Security in the Cloud, myth versus reality. About auditing in the cloud. by Mike Chung, Manager IT Advisory KPMG Netherlands

About : Mike has been active in IT for over 12 years. Joined KPMG in 2006 where he is involved in security- and system architectures. Within KPMG Netheralnds, Mike is a recognized specialist on cloud computing and sourcing. In his spare time, he likes to listean to heavy metal.

10.45 : Cloud Computing and Virtualization, Security issues, by Jan-Willem Lammers,

About : His 20 years of broad IT experience enables him to keep the overview over complex environments. On the other hand he has the capability to absorb new technologies quickly and mix them with earlier experience. These capabilities has made him a valuable advisor for the most strategic customers in his region. He joined VMware in 2006 when virtualization was still just “cool technology”. His career started with 8 years Syntegra (BT), followed by 8 years of Digital Equipment, Compaq and HP. In HP Consulting he had built a VMware practice with knowledge management, service offerings and trained a large number of colleagues. That was the time to move to VMware, the source of Cloud Computing where his ability to absorb new technology has been put to the test ever since. Now that Virtualization has enabled Cloud computing the work around compliancy, organizational challenges and provider/consumer relations has to be balanced with technological developments.

11.30 : Challenges with Cloud services posed by legal constraints such as Privacy and Data Protection Guidelines; by Bruno Schröder, Microsoft

About : Civil engineer by education, Bruno has been more than 25 years in the IT industry : R&D, Process control, Systems Integration, consulting and sales. Bruno has been active in the public sector and became in charge of the EU consulting practice with Unisys, one of the large public sector suppliers. After having lead the Public Sector for Microsoft Belux, he still is part of the international team following on global level the evolutions and needs of the non-commercial sectors, and also informing governments about long term solutions of information technologies and the potential impact on citizens and organizations. Bruno is involved with the Microsoft Innovation Center and is Member of the Board with the CIO-Club.

12.15 : lunch & networking

13.15 : Cloud Services by Verizon Business and Security measures taken, by Rob Kroneman, Verizon Business

About : Rob Kroneman is a security professional with extensive experience in the Information Security related disciplines both at the organizational, technical and the strategic levels where I have focused on Information Security Management, Information Risk Management, Security reviews, and corporate security policy. He worked for the Dutch National Bank ( De Nederlandsche Bank) in the role of Network Specialist, Security Manager and Auditor, Rob has a strong security expert background in information security, security reviews (audit) and was engaged in information security and information security related projects throughout his career. Rob has a strong security mindset and have an experienced out-of-the-box thinking approach. As cofounder and CEO of a privately run company, Rob was responsible for the creation and enforcement of a profitable organizational structure. Besides fulfilling the role of CEO, he was active in the field as an IT Security Expert. Rob is active as an Information Security consultant handling information security implementations, security reviews, advisory projects and information security framework implementations in the role as temperary CISO. Besides being active as an Intrim CISO Rob is Manager Professional Services ITS within Verizon working with his team on Cloud Strategie and Transformation/Transistion projects for customers.

14.00 : Cloud Services by Microsoft and Security Measures taken by Henk Den Baes, Microsoft

About : Henk Den Baes started his career as a consultant with AMS (now CGI). With AMS I was based at a huge mobile telecom corporation fixing and developing (C, C++, COBOL, JAVA) backend applications. After some years I moved to Utimaco AG, a pure security products company, where I was responsible for developing the Utimaco SSL stack. At that time there was still the strong crypto export restriction from the USA and the European browser versions only had weak SSL protection. While working for Utimaco I also gained a deep knowledge of PKI. Being knowledgeable of PKI, I moved to Belgacom where I was together with a small team responsible for building the Belgacom E-Trust PKI. Out of that department the Belgian eID card project was born and I moved to the newly formed company Certipost. Once the eID project more or less finished I moved to Belgacom ICT (former Telindus) to work as a Senior Technical security consultant. Today I’m working as a technology advisor at Microsoft for Security and Datacenter (Windows server and virtualization). Abstract: Very often, the terms ‘outsourcing’ and ‘Cloud’ are mixed. We can see here that while Outsourcing is mainly about the ownership for certain tasks and controls (e.g. Regulatory, security), Cloud is also an architecture question that goes beyond the who does what. However, this also means that the questions regarding regulatory and security requirements becomes more complex. While Outsourcing questions were often completely left to IT, the Cloud discussions needs involvement from a broader compliance community. The CIO/CSO also needs to be able to translate technological and architectural aspects into Business risks so that internal legal and compliance communities can be involved as early as possible. If this doesn’t happen, legal considerations can soon become a show-stopper in the whole Cloud story. During the LSEC „Security in the cloud“ seminar I will discuss the 5 security areas (COMPLIANCE AND RISK MANAGEMENT, IDENTITY AND ACCESS MANAGEMENT, SERVICE INTEGRITY, ENDPOINT INTEGRITY, INFORMATION PROTECTION) that have become the main focus of discussions with companies going into the Cloud.

14.45 : Cloud Services by Belgacom and Security measures taken, by Bart Callens, Belgacom

About : Bart Callens is a security professional with 15 years of experience. Bart has an extensive knowledge and experience with different security frameworks and technologies, including network, data and application security. Bart was also co-founder of the Belgacom E-Trust Certification Authority, which led to projects such as the Belgian eID Card.At this moment, Bart is as ICT Security Solution Ambassador within Belgacom responsible for managing the lifecycle of the ICT Security portfolio and launching new ICT Security solutions on the market.

15.30 : Panel Discussion

16.00 : Coffee Break

16.30 : Securing your Data in the Cloud, by Luc Wijns, Chief Technologist Oracle Systems

About : Luc has over 22 years of experience in IT, including 14 years at Sun Microsystems & Oracle Corporation. Currently Luc holds the position of Master Principal Sales Consultant in the Server Division of Oracle in Belgium & Luxembourg and Chief Technologist for the Benelux. Luc is also active in the Oracle Security Community and in the Oracle EMEA Cloud Architects Professional Community. Luc’s technical strengths are on Datacenter requirements, Architectures, Security (defense in depth, Identity & Access management), Networking, Virtualization and Datacenter Automation. These are the building blocks for a Cloud computing platform. Luc has a lot of software experience from the former Sun Software Practice, putting him in a unique position to understand integration of the software and hardware stack. This end-to-end view is a key differentiator in large data center projects. Luc holds an M.S. Degree in Electrical Engineering and an M.S. Degree in Computer Science from the “Université Catholique de Louvain” in Belgium. Luc is married, father of three children and lives in Belgium.

17.15 : Security Services in the cloud, managed cloud security services, by Christophe Bianco, Qualys

About : With 15 years of experience in providing security services, including security policy and governance, audits, and intrusion detection, Christophe is responsible for strategic, operational, field sales and marketing activities in EMEA. Most recently leading Western Europe sales and managing the Luxembourg subsidiary for Verizon Business Security Solutions, Christophe led a team advising the extended enterprise on how to secure information, secure the infrastructure, and implement governance, risk and security policies. Christophe has also served as the general manager for Ubizen in Luxembourg, where he managed operations and executed the company’s partner and vendor strategy, set up a customer loyalty program, and extended the products and services offered. He has also been manager of information security for SkillTeam, an IBM subsidiary, and network and telecoms engineer for Banque Paribas, both based in Luxembourg. Christophe has a master’s degree in telecoms from the National Superior School of Telecommunications of Brittany, a degree in engineering from the National School of Brest, and an Executive MBA from HEC Paris.

18.00 : Securing the cloud and cloud security, by Rashmi Knowles, Chief Security Architect EMEA RSA – the Security Division of EMC

About : Rashmi is Chief Security Architect at RSA, The Security Division on EMC. In her role Rashmi is responsible for Technology and Compliance Solutions for the EMEA region. Her current responsibilities include working with customers in a trusted advisor role, evangelism for emerging technologies and key spokesperson in the region for RSA’s Cloud Strategy and Compliance Solutions and a subject matter expert on Data Loss Prevention and Encryption Solutions. Rashmi has over twenty years experience in data communications, mobile communications and has focussed on Information Security for the last ten years, Prior to joining RSA, Rashmi has worked for Hewlett-Packard as a Network Consultant. She has also held Product Marketing and Business Development roles in Ericsson and Damovo responsible for developing key vertical solutions based on information security. Rashmi holds a degree in Computer Science from the De Montfort University and a Post Graduate in Computer Studies from the University of the South Bank, London.

18.45 : Bringing TRUST to the cloud: strong authentication as an enabler for SaaS adoption, by Kurt Berghs, Product Manager VASCO Data Security

About : Kurt Berghs is the worldwide product manager for VASCO’s DIGIPASS as a Service and aXsGUARD Gatekeeper product lines. Kurt started working for Vasco Data Security 6 years ago, with the acquisition of ABLE. He started as channel manager responsible for Belgium. Before Vasco, Kurt started his IT carreer as a programmer. Later he switched from programming to network infrastructure consultant to selling Software solutions for Softconstruct. Abstract : DIGIPASS as a Service is VASCO’s cloud based authentication service. The offer has been designed for companies who want to enhance the security of their web based applications. For web applications traditional authentication does not always offer the adequate solution. Traditional authentication is often considered too costly due to low usage of the application or low transaction value. DIGIPASS as a Service is the answer to these concerns. With DIGIPASS as a Service VASCO manages the entire authentication process for its customers. The end-user will use a hardware or software DIGIPASS to generate a one-time password to log on to the web based application or an e-signature to sign an online transaction. The company can focus on its core activities while VASCO manages the authentication process.

19.15 : Cloud Security Solutions wrap-up, and future challenges by Ulrich Seldeslachts, LSEC

19.30 : Closing Reception & Networking

20.30 : Close of Conference

During this seminar, we wanted to try to get most of the uncertainties out, and remove the clouds from the cloud in terms of security challenges. Can we put trust in the cloud? To what extent and at which levels. What is the level of granularity and maybe layers of confidence that we have to build upon? What is needed for the clouds to be trusted and to become secure? How does this work in an ever changing and challenged environment which is facing new security threats every next day.

We’ve invited both Cloud Service Providers and Security Experts to challenge and be challenged. We don’t expect to receive all answers, but at least some issues will rise, and a discussion at large can be held properly.
This seminar is intended to all business people considering cloud services that want to be informed about their options and potential risks, to all security managers and executives who might feel threatened by the opportunity of the cloud services, to all IT auditors that want to be informed about challenges and opportunities, to executive management that needs to be informed about risks and potential costs versus the cost reduction potential that they get presented.

You can also download the whole slideware package.

Practical Details :

Seminar with presentations and panel discussions

Leuven, Ubicenter, September 8th

Free of Charge for LSEC Members and Affiliate Members, and by special invitation. Cancellation Fee of 150 € : please cancel latest the day prior to the event to avoid a cancellation fee.
Thanks to the sponsors of the Global Security Week, we can offer participation to this event. Free of charge upon registration prior to September 5th, 50€ entrance fee after that date.

Sponsoring opportunities :
CA is an LSEC platinum sponsor for this event, but we are open to other, additional interested parties.
MMS Secure is a gold sponsor.

About the organizers :
This event is organized by LSEC, a not-for-profit association focused on Information Security in Belgium. LSEC has been organizing over the last couple of years over 100 highly professional information security oriented activities. LSEC is a founding member of the European Security Innovation Network, a project supported by the European Commission through the INTERREG IVb program that supports innovative developments in the North Western European region in Security. With its partners Systematic Paris region in France, SITC in the UK and TeleTrusT in Germany, LSEC welcomes the active participation of companies to participate in the discussion of potential threats, challenges and opportunities for companies in the domain of Security, or to the enterprise market and government institutions.