LSEC - Leaders in Security

On January 22nd 2009, LSEC organized its 4th Information Security Forum a conference that brings together some international experts from around the world to exchange ideas on the evolution and future of Information Security. This year the focus theme was on Storage Security. Not only from a technical perspective, but also from a business and a management perspective we’ve tried to understand the evolutions of both worlds and where they meet up on a strategic level.

It was our aim to present to a number of business leaders and Information Security professionals the changes and potential impacts for their business of these technologies that support the business operations on a day to day life, gaining increased importance.
Leading technology companies such as EMC, IBM and Symantec have been making major acquisitions and have been spending quite an enormous amount of development on either security or storage technologies. From a business perspective, after a couple of years of operations, the business would like to get a better understanding of the evolutions of those developments and how the joined technologies can improve their business and operations.

Final Program

10.30 : Registration & Welcome

11.00 : Introduction of the day by Ulrich Seldeslachts, CEO LSEC

11.15 : Opening address : outlining the issues on Storage and Security
By Jim Hughes, SUN Microsystems Fellow and Vice President.

Being the chair of the IEEE Forum on Storage Security, and within his role within SUN Microsystems, Jim has the key to enlighten us on the frameworks of both worlds, where they meet and how technology is evolving to support key business processes such as real-time massive storage access.
During this opening address, Jim will set the scene and outline some of the issues, returning in the later part of the afternoon and evening on how to handle some of these concerns.
From a technology perspective some of the following themes will be addressed : Cryptographic Algorithms for Storage, Key Management for Sector and File based Storage Systems, Balancing Usability, Performance and Security concerns, Unintended Data Recovery, Attacks on Storage Area Networks and Storage, Insider Attack Countermeasures, Security for Mobile Storage, Defining and Defending Trust Boundaries in Storage, Long-term storage, …)

12.00 :  Sandwich Lunch

12.30 : Storage Security Best Practices,
by Gordon K. Arnold Product Manager, STSM
(Technical Strategy Security and Storage Software)

With optimization of storage resources based upon pooling of networked storage comes a number of vulnerabilities to your data. However, there are best practices for protecting your data in a cost-effective manner. This session surveys the techniques used to mitigate threats to your data and meet the requirements for auditing of storage operations. Innovative self-encrypting storage media and key management will be highlighted, including new full disk encrypting product announcements.
Three keys elements that you will walk away with:
1. What are the biggest threats to my data with networked storage?
2. What are the best practices for securing my data?
3. What are the practical lessons learned to make storage security cost-effective?

About : Gordon Arnold is the strategy lead for encryption key management for IBM.  Gordon defines strategy and roadmaps for storage security, encryption and key management.  Gordon joined IBM through acquisition in 1994.  Prior to joining IBM he worked in a variety of technical and development management positions for e-mail and directory integration company Soft-Switch.  His focus in IBM has been on large scale Internet deployments, security, and for the last 6 years storage.  He was part of the core team which brought to market our storage virtualization offerings. Gordon has a BA in Liberal Arts and Sciences from the University of Illinois, over 25 years experience in IT products development, and holds the Senior Technical Staff Member grade in IBM.  He is currently chair of the Storage Security Industry Forum of SNIA.

13.30 : Service as a Security Feature
By Stephan Haux, Senior Product Manager EMEA, Iron Mountain Digital

Every week we read about a data breach throughout Europe. It seems like a contradiction having the rapidly developing security technologies on the one hand and the more frequent and more severe data losses on the other hand. Looking closer into the incidents, you find that humans, processes and coincidence are causing them rather than technologies. “as a Service” does provide a more comprehensive approach into protecting information against theft, loss or breach.
• Exceptional case studies presenting data loss caused by employees, bad processes and pure coincidence.
• The varying needs for protection throughout the life of information
• 360 degree promise of service – not only technology, but processes executed by professionals.
• Examples of how only a service can secure information fully.

About : Stephan Haux is a Senior Product Manager for EMEA at Iron Mountain Digital. Haux oversees EMEA activities for determining market requirements for going to market across Iron Mountain Digital’s product and service portfolio. Haux frequently speaks at events, briefs journalists and engages with the analyst community in all parts of the world. Before Haux joined Iron Mountain, he held various international positions with SAS, including Team Leader and Product Manager. With more than 20 years experience in IT and Marketing, covering areas from ERP, CRM, Business Intelligence and Performance Management, Haux is embarked for the ultimate challenge: Protecting the world’s information by Storage as a Service.
14.30 : Coffee Break
15.00 : Storage Security Best Practices
By ir. Erik R. van Zuuren MBA is Senior Manager at Deloitte Enterprise Risk Services
Organizations have become dependent on (the storage of) their electronic data and on (the processing of) their electronic transactions. This dependence and the need for protection of this data and the transactions is getting every day higher on the agenda, hence this seminar. 
However, data centers represent the central hubs for this data storage, information exchange and transaction processing. Therefore they are not to be forgotten in the context of an organization’s data & information storage- & security-strategy.
Data center security is not solely focused on preventing data breaches. The security of a data center must protect the confidentiality, integrity, and availability of process and functions that depend on the data center. The security of the data center must address each type of threat, including those posed from humans, electronic data, and nature (i.e., the environment).  This expose will give an overview of the risk management & security-aspects which are required to sustain normal business operations and protect the business from harm.

About : ir. Erik R. van Zuuren MBA is Senior Manager at Deloitte Enterprise Risk Services and has an extensive experience in Information Security Governance and Risk Management related disciplines, both at strategic and tactical level and has an extensive experience at C-level in the private sector and management- / cabinet-level in the public sector. ir. Erik R. van Zuuren MBA is active as consultant since over 10 years and since participated in and led a broad range of strategic and tactical projects mostly in Belgium and The Netherlands.

15.45 Keynote - Virtual IT: A Strategy For Thriving In The Information Economy
A holistic view on the future of storage and security by EMC.
by Hans Timmerman, Technology Officer EMC Netherlands

In this keynote by EMC, the leading Storage company it will become clear why they have acquired RSA with the specific goal in mind of Security and Storage. Include VM Ware to the table and a whole new paradigm presents itself what the future of Information Technology could look like. Learn about the view on the future by EMC/RSA.
• The Need For Information Governance
• New Focus on Information Risk Management
• The Rise of Social Computing
• The New Knowledge Worker
• The Demand For Personal Information Control
• The Deconstruction and Reconstruction of IT

About : Prior to joining EMC The Netherlands beginning 2002, Hans was active in the Dutch Aerospace industry. He lead many years the manufacturing development at Fokker Aircraft after which he held several management and director roles. During his career he has been a guest professor at several universities and was involved in various international IT and standardization projects. At EMC after having been responsible for the Professional Services and Pre-Sales, Hans today is Country Technology Officer and responsible for the ONE EMC view - for development and empowerment of both EMC’s local business development as for the existing Strategic Alliances and partnerships.

17.10 : Welcome note to the evening sessions participants, Ulrich Seldeslachts, CEO LSEC

17.15 : Keynote : Cross Border Data & Information Storage & Security

by Erik Luysterborg, Partner Deloite ERS

When you are storing, hosting, processing etc. (personal) data you need to consider how to appropriately to manage the requirements and risks of applicable data protection and privacy laws, regulations and internal policy/contractual requirements. All of this needs to be done while ensuring that from a technical and procedural point of view the necessary tools are in place to protect and share such data efficiently. What are the key parameters in order to achieve such a balance ? How is it that implementation/usage of technology tools is often not sufficient to obtain data privacy ? What impact do data protection laws and regulations/contracts have on issues such as data leakage, data retention, data access etc .? What is this so-called security/privacy paradox and why is it relevant to storing/processing (personal) data in a (international) data centre ?  During this presentation we will shed some light on the above issues and how to manage them in a pragmatic manner. We will share with you some experiences and thoughts and suggest a “real life” checklist for dealing with a number of the major implications of these data protection issues and requirements.

About : Erik Luysterborg is a partner of Deloitte Enterprise Risk Services, operating out of the Brussels office. In his cross-functional client role, he heads up Deloitte’s data protection and privacy services both in Belgium and for the EMEA region. He also acts as the global Chief Privacy Officer for Deloitte Touche Thomatsu worldwide. He is a lawyer by training but runs an integrated team of both lawyers and security & privacy experts who are specialized in ICT and data protection related ICT and regulatory compliance services.  Erik is an active member of several global data privacy steering committees and has extensive experience in assisting clients regarding the cross border aspects of data protection including the outsourcing aspects thereof. He has a specific focus on both designing and implementing a pragmatic data protection strategy as well as providing hands on privacy solutions and advice on setting up manageable and auditable compliance structures within international organizations.

18.15 : Closing Keynote : the future of storage and security explained

By Jim Hughes, SUN Microsystems Fellow and Vice President.
A glimpse in the future of storage and security and the world of information technology and systems. Jim will bring some of the key learning of the day and expands that into a view of technological developments in close contact with tomorrow’s business requirements. A view from the leading companies in technology of the world …
19.15 : Closing Notes & LSEC activities in 2009 by Ulrich Seldeslachts, CEO of LSEC
19.30 : Reception, Walking Dinner, Networking and Fun Activities
22.00 : Close of Event

Practical Details

LSEC Security Forum – Storage & Security, LSEC New Years Event
Brussels, Claridge