Cloud Computing Security Foundations

Is it really that nightmare from a security perspective? Many things which have to be done around security are still established or should be at least best practice. But how about governance? Are we able to keep things under control? How does this relate to service management?

The Kuppinger Cole Virtual Conference on Cloud Security will do away with many myths and FUD (Fear, Uncertainty, Doubt) around Cloud Computing, Cloud Governance, Cloud Security and highlight what you can do to go the evloutionary path to the new paradigm of IT, where Cloud Computing allows you to choose the best provider for the services you need and nevertheless keep things under control. It's about advice and guidance, not about FUD. Many things are here, many are proven. For sure there are some gaps to be closed. But overall there is no reason not to embrace your existing IT to benefit from the cloud in the areas where these benefits are in. 

Agenda

Thursday, 03/25/2010
	15:00 -16:00 CET, 10am Eastern	Keynote Cloud Computing – is it Really a Risk? Cloud Computing frequently is discussed mainly as a security risk. However, there is as well the view that the cloud is or might be more secure than on-premise IT solutions. Martin Kuppinger will look at risks of cloud computing, the status and outline the points which you should look at when considering a move to the cloud or moving additional services to the cloud. In contrast to most other information on that topic available today, the presentation will also look at solutions for these issues – some will be discussed in detail her, some in the closing keynote. MORE INFORMATION  SPEAKERS  WATCH NOW
	16:00 - 17:00 CET, 11am Eastern	Panel Discussion Cloud Computing Standards - Which ones are Already there and which ones are Missing? There are many standards out there for the cloud. SAML (Security Assertion Markup Language) for federation, SPML (Service Provisioning Markup Language), and many others. But there are as well many standards missing, either directly related to security or in some relation to security – like service management standards, given that SLAs (Service Level Agreements) and service descriptions are a key for measuring service fulfillment and thus managing risk and security issues. Obvious shortcomings are in the field of governance and auditing. In this panel, several experts will discuss the state and the lacks of standards as well as their expectations regarding the adoption of existing and new standards by vendors. MORE INFORMATION  SPEAKERS  WATCH NOW
	17:00-18:00 CET, 12pm Eastern	Panel Discussion The Internal Cloud – What are the Risks Involved and how to Avoid them? Many companies are telling that they tend to start with a “private” cloud instead of going to the “public” cloud. Besides the question whether hybrid IT environments aren’t reality today, this panel will discuss the specific security risks of internal clouds, especially around the changes from physical to virtual environments, but as well with respect to more loosely coupled IT environments and their new threats – which are in fact not that new, given that we have some experience on loosely coupled environments from SOA. MORE INFORMATION  SPEAKERS  WATCH NOW
Friday, 03/26/2010
	15:00 -16:00 CET, 10am Eastern	Panel Discussion Cloud Management – Sufficient to Mitigate Security Risks? There is an increasing number of tools to manage cloud environments. Some are, in fact, more tools to manage virtualized environments, whilst others focus more on service management issues. More and more of these tools promise to support hybrid environments as well. However the question arises whether security is covered sufficiently by these tools. The panel will discuss the state of cloud management with respect to the security requirements. MORE INFORMATION  SPEAKERS  WATCH NOW
	16:00 - 17:00 CET, 11am Eastern	Analyst View Identity, Security, Governance for the Cloud – Who is Who? A Market Overview There is an increasing number of offerings around Identity Management, Cloud Security, and Cloud Governance in the market. Some of these are well-known and established, others are new. Martin Kuppinger will provide an overview of the different elements of cloud security (for private, hybrid, and public clouds) and a structuring of that emerging market(s). This presentation provides insight into what is there and what is missing from a KuppingerCole perspective. MORE INFORMATION  SPEAKERS  WATCH NOW
	17:00-18:00 CET, 12pm Eastern	Keynote Managing Cloud Security and Cloud Risk Martin Kuppinger will discuss in this presentation risk-based approaches to manage cloud security. The issue, from his perspective, isn’t that the cloud is inherently insecure. The real issue is to deal in appropriate way with the specifics of the cloud – which includes not only security but as well related issues like availability. In this presentation, Martin Kuppinger will talk about aspects like authentication and authorization in cloud environments, cross-cloud governance approaches and the specific issues around changing providers. He will also highlight his view that risk and services are the two fundamental elements for IT management – even more in these cloudy times. MORE INFORMATION  SPEAKERS  WATCH NOW