Event Recording

Hanns Proenen - From Security to Information Security to Digital Risk

Show description
Speaker
Hanns Proenen
Chief Information Security Officer Europe
GE Europe
Hanns Proenen
Hanns Proenen studied Computer Science and Law at University of Bonn, Germany and UCLA, Los Angeles. Back then he already focused on the tensions between IT and civil rights. After 20 years in Software development he joined  General Electric where since 2002 he works in the areas of...
View profile
Playlist
European Identity & Cloud Conference 2015
Event Recording
Patrick Parker - How to Manage Authorizations in Cloud Services: Getting a Grip on Both Microsoft Azure and Amazon AWS
May 14, 2015

As organizations race to transplant onsite infrastructure and applications to the Cloud, strong yet flexible control over authorization will play a critical role. Each Cloud vendor approaches the challenge of role and attribute-based authorization in a completely different manner and the facilities they offer are undergoing a rapid evolution. This session offers an overview of the authorization capabilities offered by the Microsoft Azure and Amazon AWS platforms and include best practice suggestions.

Event Recording
Assessing and Mitigating Cloud Risks
May 17, 2015

The modern reality is that even the most technology conservative companies are thinking to shift some of their valuable assets to the cloud. However, since anyone with a credit card can purchase cloud services with a single click, the governance and control of organisations are frequently being circumvented. This can create various challenges for organisations that wish to adopt the cloud securely and reliably.

This session will lead you through various approaches on how to assess and mitigate risks for onboarding cloud solutions.

Event Recording
Dr. Scott David, LL.M. - Digital Transformation: New Dimensions of Risk and Risk Mitigation
May 14, 2015

As value propositions for organizations have changed, risks and risk mitigation strategies have changed along with them. When value was derived chiefly from physical property, risk involved more traditional theft or destruction of property and the technologies of fences and vaults, and fire extinguishers and insurance were developed to mitigate such risk to physical property. When value propositions migrated increasingly to services, risk of loss of proprietary secrets emerged, and mechanisms of secrets and confidential information were deployed to mitigate the risk of loss of such intangibles. The digitization of information led to new intangibles markets and new risk mitigation (in the form of information flow controls such as DRM and encryption).

Event Recording
Recruiting Customers, Suppliers and Even Competitors to Help Reduce Risk
May 17, 2015

Various types of shared economic interests and risks create communities of interest where separate organizations work together such as in myriad supply chains worldwide. How can COIs come together in structured settings such as technical and policy standards initiatives, government programs, markets and other regulatory and self regulatory contexts to identify common needs and design, develop and deploy mutually acceptable solutions?

Event Recording
Ravi Bindra - Moving the Security Perimeter: What Needs to be Done Before the Internet Firewalls are Removed?
May 14, 2015

If you announced “we will remove the internet firewalls” different people will hear different things. However, to ensure continued security (confidentiality, availability and integrity) of your information assets you will need to re-prioritise your budget spend, fit out your team with different skill sets, and paugh wholeheartedly at your peers. This presentation discusses all the considerations you may want to take before setting yourself down the path of removing the external barriers, which by itself will lead you to re-define your vision, strategy and roadmap. 

Event Recording
Prof. Dr. Rüdiger Grimm - Negotiating the Risk of Privacy, Understanding Privacy and its Risks
May 16, 2015

In this presentation, the risk of privacy in the modern communication technology, both Internet and mobile networks, is analyzed. It turns out, that users have to negotiate the risk of privacy between refraining from services, trusting services, using self-data-protection methods and trusting privacy enhancing technologies. Services, on the other hand, have to present themselves as trustworthy with respect of their competent and decent way to handle user data. This presentation identifies the privacy principles and related trust areas and protection means.

Event Recording
Bringing it All Together – Distributed Strategy Solutions for Distributed Risk
May 16, 2015

In evaluating distributed systems risk, the attention to data is misdirected. Rather it is the distributed nature of data management systems (and the increase in interaction volume) that increase the perception and actuality of risk. Distributed problems need distributed solutions. Applying the community of interest approach – how can your organization more effectively reduce and manage risk?

Event Recording
Mike Small - Cloud Risk Assessment
May 17, 2015

When moving to the use of cloud services it is most important to take a risk based approach.  However the process involved is often manual and time consuming; a tool is needed to enable a more rapid and consistent assessment of the risks involved.  This session describes why a risk based approach to the use of cloud services is needed.  It introduces the KuppingerCole Cloud Rapid Risk Assessment Tool developed by KuppingerCole to help organizations assess the risks around their use of cloud services together in a rapid and repeatable manner.

Event Recording
Ravi Srinivasan - Digital Identities = Security Threats. Is your IAM Program Ready?
May 14, 2015

Digital Identities are transforming the way companies architect their IT environment. They adapt and optimize by moving to cloud, adopting mobile technologies and interacting with customers through social platforms. These open enterprises now have little control over how users are entering their networks to access corporate information. As such, Identity has become a key security parameter that businesses can control. Watch this session to learn how organizations can manage the identity context across all security domains by implementing a threat-aware approach to IAM.

Event Recording
Mario Hoffmann - Dynamic Certification of Cloud Ecosystems
May 17, 2015

Cloud ecosystems are dynamic and flexible enablers for innovative business models. Some business models, especially for the European cloud market, however, still face challenges in security, privacy, and trust. A common approach among cloud providers addressing these challenges is proving one's reliability and trustworthyness by audit certificates. Basically, audit certificates are based on national and/or international as well as business and/or governmental compliance rules. The most prominent certifications in cloud computing are the "Open Certification Framework (OCF)" of Cloud Security Alliance, EuroCloud's "Star Audit", and "Certified Cloud Service" provided by TÜV Rheinland as well as more general certifications following ISO 27001, BSI Grundschutz, ENISA, and NIST.

This session discusses the state of the art of auditing and certifying cloud ecosystems and how current certification catalogues and schemes have to be enhanced to meet future requirements - requirements such as dynamic certification, on-demand-audits, and automatic monitoring and evaluations.

Event Recording
Amar Singh - It Takes a Community to Reduce Risk
May 16, 2015

To help stakeholders balancing their needs to protect the organization against the needs to run the business - this is the new role IT professionals have to take over in the era of digital business. Moving forward, security people aren´t the "defenders against cyber threats" anymore. They are becoming the facilitators of a balance between the needs to protect and the needs to run a business. In digital Business, we are moving things into the cloud. We are moving things into software-as-a service. We don´t have control of them anymore. A lot of the traditional technologies just don´t apply. So we have to start looking at other things like contract clauses and the new types of controls which come along with the new breed of digital risks.

Event Recording
Cloud Contracting Risks
May 16, 2015

Cloud adoption is rapidly increasing, many organisations struggle to establish a sustainable contracting process. The one-size-fits-all aspect of cloud computing is often reflected in the limited flexibility of cloud service providers during contract negotiations. More and more organizations are left with the choice of signing standard terms and conditions. This strongly increases the need for organizations to define their contract requirements prior to selecting a cloud solution. The specific types of data (e.g. confidential data, privacy sensitive data) to be stored in the future cloud service, the related risks and applicable legal domains (e.g. data privacy, trade controls) should determine the contract requirements. These requirements have to be taken into account in order to ensure compliance with laws and regulations after accepting any terms and conditions.