Information Security in the Cloud - that's in fact moving towards a location-independent and provider-independent approach for information security. In the days of on-premise only IT (plus maybe an outsourcer), the focus could be on securing the network and the device. In these days where IT services are a mix of on-premise, private and public cloud services - i.e. in days where things become hybrid - we can't rely on network or system security. We don't really know where our data remains and where services are run. The cloud sprawl, with chains of providers like your SaaS provider relying for example on Amazon Web Services, leads to a situation where we have to re-think the approach in Information Security.
The most important cornerstone is to move from system, network, device security towards information-centric security, which we might name "real Information Security". Another one is understanding Information Security as an initiative which isn't focused on technologies first of all, but on understanding risks, contracts and other aspects. Another important cornerstone is, without any doubt, the identity. We have to deal with more identities and with persons using different identities. Identity and Access Management is a key element in Information Security in, for, and with the Cloud.
There are many other aspects. In this session, we will provide our view on the future of Information Security - an approach that works seamless for the hybrid world of today and tomorrow, from classical on-premise IT to the public Clouds.
