Cloud Encryption; Securing IaaS

  • TYPE: Combined Session DATE: Wednesday, May 06, 2015 TIME: 14:30-15:30 LOCATION: ALPSEE


Businesses put a lot of trust in the cloud, believing that, as paying customers, they will enjoy total protection from hackers and law enforcement agencies trying to access their private data.

But the majority of cloud providers who encrypt data have full control over encryption keys and could – if required to – access and share the data. This is a risk many businesses are unaware of. It also means CISOs in industries handling very sensitive data cannot take advantage of the benefits of cloud technology, as their enterprise policies and regulatory compliance requirements prohibit them from having implementations where providers have full access to their data. Customer-managed encrypted keys (CMKs) offer a solution to this problem, putting the data owner in full control of the encryption being used within the cloud service regardless of where it is stored.

This combined panel & presentation session will explore how implementing CMKs will give customers back the control of their data as well as promoting cloud adoption. You will become familiar with cryptography systems available now that use CMKs to protect data held by cloud vendors, how they work, when it is necessary to implement, and how it can enable highly regulated industries to operate securely beyond the firewall.


Richard Anstey is Chief Technology Officer EMEA at Intralinks. In his role, Richard is responsible for guiding the development of the Intralinks SaaS portfolio of secure collaboration products. Anstey joined Intralinks after serving as Chief Architect at OpenText, where he was responsible for...

Dan Plastina leads the information protection team at Microsoft, with the Microsoft Rights Management suite of products being one of his core responsibilities. RMS includes an on-premises Active Directory RMS offering, an Azure hosted offering called Azure RMS, as well as the many PC/Mobile RMS...

Cloud instances lifecycles are accelerating fast. Cloud providers are competing among them by switching to by-the-minute server billing instead of hourly billing. This means that servers should be installed, launched, process and terminate and all within a range of minutes. This new accelerated life cycle makes traditional security processes such as periodic patches, vulnerability scanning, hardening and forensics impossible. In this accelerated lifecycle, there are no maintenance windows for patches or ability to mitigate a vulnerability, so the security infrastructure must adapt into new thinking. In this new thinking we must adopt new methods for server’s security configuration, evaluation and termination. Servers must be patched before they boot up, security configuration and hardening procedures should be integrated with server installation, vulnerability scanning and mitigation process should be automatic and operating systems should not even include user’s ability to login directly. In the presentation we announce on a new open source tool named “Cloudefigo” and explain about techniques that enables this new accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instances into encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption keys repositories for secure server’s communication. The result for those techniques are cloud servers that are resilient, automatically configured and secure without any attack surface for hacker to explore.


Nir is employed at NCR Corporation as the CISO of the Retail line of business. Before the acquisition of Retalix by NCR, he was Chief Security Officer of R&D at the company. As part of his previous positions in the last decade, he worked as Chief Security Architect, Senior Technology...

Log in to download presentations:  


Session Links


European Identity & Cloud Conference 2015

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 05 - 08, 2015 Munich, Germany