Event Recording

Mike Small - Cloud Risk Assessment

Show description
Speaker
Mike Small
Senior Analyst
KuppingerCole
Mike Small
Mike Small is the retired director of security management strategy of CA, where he was responsible for the technical strategy for CA's security management software product line within Europe, Middle East and Africa. Mike did work for CA between 1994 and 2009, where he developed CA’s...
View profile
Playlist
European Identity & Cloud Conference 2015
Event Recording
Howard Mannella - I Am a Black Swan
May 15, 2015

Much has been written about “Black Swans”: unpredicted, massively game-changing and, in hindsight completely foreseeable events. Why do they happen and why are we surprised? More importantly, what can we do to mitigate against the unforeseeable?

The potential for game-changing risks is becoming more frequent and more impactful, due to global drivers and trends: from the technology front (speed of technical advance and disintermediation of technology) to the business front (concentration risk from outsourcing and interdependencies of supply chains) to the political front (Eurozone consolidation and global terrorism).

Event Recording
Thom Langford - Flushing Away Preconceptions of Risk
May 16, 2015

Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme. This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation.

In this presentation Thom looks at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:

  1. The initial interpretation of risk and how it is often misunderstood.
  2. The measurement of risk, and how some systems work and other don’t.
  3. The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.
Event Recording
Prof. Dr. Rüdiger Grimm - Negotiating the Risk of Privacy, Understanding Privacy and its Risks
May 16, 2015

In this presentation, the risk of privacy in the modern communication technology, both Internet and mobile networks, is analyzed. It turns out, that users have to negotiate the risk of privacy between refraining from services, trusting services, using self-data-protection methods and trusting privacy enhancing technologies. Services, on the other hand, have to present themselves as trustworthy with respect of their competent and decent way to handle user data. This presentation identifies the privacy principles and related trust areas and protection means.

Event Recording
Andrea Servida - Boosting Trust in the Digital Market: the Role of eIDAS Regulation
May 14, 2015

eIDAS Regulation 910/2014 on electronic identification and trust services provides the legal framework for the cross-border recognition of electronic identification means, ensures the legal certainty and interoperability of trust services (namely electronic signatures, electronic seals, electronic registered delivery services, electronic time stamp and web site authentication) and establishes the non-discrimination of electronic documents vis-à-vis their paper equivalent. The presentation focuses on the role of eIDAS in realising the digital single market and on the actions at the EU level to support the uptake of electronic identification and trusts services and the Regulation in the EU.

Event Recording
Dr. Scott David, LL.M. - Digital Transformation: New Dimensions of Risk and Risk Mitigation
May 14, 2015

As value propositions for organizations have changed, risks and risk mitigation strategies have changed along with them. When value was derived chiefly from physical property, risk involved more traditional theft or destruction of property and the technologies of fences and vaults, and fire extinguishers and insurance were developed to mitigate such risk to physical property. When value propositions migrated increasingly to services, risk of loss of proprietary secrets emerged, and mechanisms of secrets and confidential information were deployed to mitigate the risk of loss of such intangibles. The digitization of information led to new intangibles markets and new risk mitigation (in the form of information flow controls such as DRM and encryption).

Event Recording
Ravi Bindra - Moving the Security Perimeter: What Needs to be Done Before the Internet Firewalls are Removed?
May 14, 2015

If you announced “we will remove the internet firewalls” different people will hear different things. However, to ensure continued security (confidentiality, availability and integrity) of your information assets you will need to re-prioritise your budget spend, fit out your team with different skill sets, and paugh wholeheartedly at your peers. This presentation discusses all the considerations you may want to take before setting yourself down the path of removing the external barriers, which by itself will lead you to re-define your vision, strategy and roadmap. 

Event Recording
Amar Singh - It Takes a Community to Reduce Risk
May 16, 2015

To help stakeholders balancing their needs to protect the organization against the needs to run the business - this is the new role IT professionals have to take over in the era of digital business. Moving forward, security people aren´t the "defenders against cyber threats" anymore. They are becoming the facilitators of a balance between the needs to protect and the needs to run a business. In digital Business, we are moving things into the cloud. We are moving things into software-as-a service. We don´t have control of them anymore. A lot of the traditional technologies just don´t apply. So we have to start looking at other things like contract clauses and the new types of controls which come along with the new breed of digital risks.

Event Recording
Kim Cameron - Identity Services 2020
May 13, 2015

Keynote at the European Identity & Cloud Conference 2015

Event Recording
Kuan Hon, Dr. Karsten Kinast - The EU Draft General Data Protection Regulation: Where are we and what can we expect?
May 15, 2015

Keynote at the European Identity & Cloud Conference 2015

Event Recording
Mario Hoffmann - Dynamic Certification of Cloud Ecosystems
May 17, 2015

Cloud ecosystems are dynamic and flexible enablers for innovative business models. Some business models, especially for the European cloud market, however, still face challenges in security, privacy, and trust. A common approach among cloud providers addressing these challenges is proving one's reliability and trustworthyness by audit certificates. Basically, audit certificates are based on national and/or international as well as business and/or governmental compliance rules. The most prominent certifications in cloud computing are the "Open Certification Framework (OCF)" of Cloud Security Alliance, EuroCloud's "Star Audit", and "Certified Cloud Service" provided by TÜV Rheinland as well as more general certifications following ISO 27001, BSI Grundschutz, ENISA, and NIST.

This session discusses the state of the art of auditing and certifying cloud ecosystems and how current certification catalogues and schemes have to be enhanced to meet future requirements - requirements such as dynamic certification, on-demand-audits, and automatic monitoring and evaluations.

Event Recording
Olga Kulikova - Dynamic Control Selection Framework for Onboarding Cloud Solutions
May 17, 2015

This talk proposes a data-driven selection of organisational, technical, contractual and assurance requirements, so secure usage of cloud solutions within the enterprise can be guaranteed. The importance of data oriented control selection is outlined and key control domains are introduced.

Event Recording
Stefan van Gansbeke - One Step Closer to the Unhackable Enterprise
May 17, 2015

The threat landscape became wicked and rougher. Governments are desperately  trying to fight the cyber threats. But their efforts will  never satisfy the needs. As a company, community or individual you remain a vulnerable target. Applying a layered information security strategy can effectively reduce your risk exposure. Define your drivers and long term security goals; involve your  stakeholders; engage your customers, employees and suppliers; clearly communicate and achieve your targets by implementing the security roadmap are the key steps for becoming a security intelligent company who will be better protected against the next attack.