Loading…
CloudEXPO 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

10 Mobility | Security [clear filter]
Monday, June 24
 

11:00am

Choosing the Right Cloud Environment: Public, Private, or Hybrid
Choosing the Right Cloud Environment: Public, Private, or Hybrid

​​​​In pursuit of enhanced connectivity, scalability, and efficiency, cloud migration is hastening across all industry sectors. In order to unlock the cloud’s benefits, these environments – public, private, and hybrid – must be explicitly architected and engineered to suit the respective applications they will host, while also meeting security and compliance requirements.

How do businesses determine their ideal cloud environment and optimize it post-migration?
In this informative session, we will review and compare:
  • The physical and virtual components of public, private, and hybrid cloud environments;
  • The business considerations that differentiate each environment, including storage space, workloads, compliance, internal staff, and other business requirements;
  • The relationship between organizations, cloud providers, and MSPs;
  • The best practices organizations should consider keeping their cloud environment secure, compliant, and optimized post-migration

Speakers
avatar for Scott Harvey

Scott Harvey

VP of Operations & Engineering, Atmosera
As the VP of Engineering and Operations, Scott leads the engineering team driving innovation and efficiency into the many services and solutions Atmosera offers. He is focused on defining and executing the development of new hybrid services including the evolution towards an increasingly... Read More →



Monday June 24, 2019 11:00am - 11:35am
10 Mobility | Security Room 210

1:55pm

Digital Framework for an Agile Cloud Governance Program
Digital Framework for an Agile Cloud Governance Program

Migrating to the Public Cloud (SaaS/PaaS/IaaS) at scale in the heavily regulated Financial Services and Insurance (FIS) industry requires the combination of process and digital capabilities to drive automation and accountability. In this session we will review a successful design and implementation of a solution to the complex problem of governance and coordinated Architecture, GRC and Security approvals for Public Cloud workload migrations at scale. If your enterprise strives for Agility and and is adopting Cloud services while remaining compliant this session is for you.

Speakers
avatar for Brian McCarty

Brian McCarty

Principal Technical Architect, USAA
Brian knows Dev and Ops, with deep experience building and supporting mission critical banking and financial systems. He is proud to have had the opportunity to serve on innovation teams whose mission is to facilitate the financial security of the military community and their families... Read More →



Monday June 24, 2019 1:55pm - 2:30pm
10 Mobility | Security Room 210

4:00pm

Hybrid Cloud Security - Why a Prevention-First Approach is Paramount
Hybrid Cloud Security - Why a Prevention-First Approach is Paramount

Enterprises need to understand that their biggest cybersecurity threat is not attackers targeting their data or even malicious insiders – it’s the complexity of and lack of visibility into hybrid-cloud environments.The complex nature of these environments makes them a breeding ground for simple but costly mistakes. This is what happened to AWS in 2017 where one incorrect command knocked their S3 service offline, taking dozens of websites and applications offline, impacting hundreds of thousands of businesses and causing millions of dollars in lost revenue.

In order to avoid these types of errors, enterprises need to better understand which employees have the privileges that can lead to these types of errors. Then, they must proactively manage those privileges to shrink their risk exposure using the principle of least privilege (POLP). If not, they run the risk of compromising every security system, policy and procedure they’ve ever worked to put in place.

Speakers
avatar for Balaji Parimi

Balaji Parimi

Founder & CEO, CloudKnox Security
Balaji Parimi is Founder and CEO of CloudKnox Security, a Cloud Security company that empowers organizations to manage identity privileges across private and public cloud infrastructure. Prior to founding CloudKnox, Balaji was VP of Engineering and Operations at CloudPhysics, Staff... Read More →



Monday June 24, 2019 4:00pm - 4:35pm
10 Mobility | Security Room 210

4:40pm

Continuous Security with Kubernetes
Continuous Security with Kubernetes

When it comes to adopting containers in the enterprise, Security is the highest adoption barrier. Is your organization ready to address the security risks with containers for your DevOps environment? In this presentation, you'll learn about best practices for:

- Addressing the top container security risks in a container environment including images, builds, registry, deployment, hosts, network, storage, APIs, monitoring & logging, and federation.

- Integrating continuous security for containers in the CI/CD pipeline

- Deployment strategies for deploying container security updates including recreate, rolling, blue/green, canary and a/b testing.

Speakers
avatar for Chris Van Tuin

Chris Van Tuin

Chief Technologist, NA West, Red Hat
Chris Van Tuin, Chief Technologist, NA West at Red Hat, has over 20 years of experience in IT and Software. Since joining Red Hat in 2005, Chris has been architecting solutions for strategic customers and partners and is a frequent speaker on DevOps, Security, and Containers. He started... Read More →


Monday June 24, 2019 4:40pm - 5:15pm
10 Mobility | Security Room 210
 
Tuesday, June 25
 

3:40pm

FedRAMP Focus 2019: Know the Soft Money Challenges and Time Costs
FedRAMP Focus 2019: Know the Soft Money Challenges and Time Costs

Many SMB cloud solution providers see the Federal Marketplace as the best path to hockey-stick revenue. With the emphasis on Cybersecurity, Privacy, and Compliance, the mandatory FedRAMP certification often becomes a Board Level strategy focused on ROI. To date, visibility has been on FedRAMP direct costs such as technology, third-party services, and FedRAMP 3PAO testing. This presentation will discuss the “soft” money challenges and “time” costs of the FedRAMP journey and explore the relationship to the business aspects of positioning, marketing, and momentum.

Speakers
avatar for Maria Horton

Maria Horton

CEO, EmeSec Incorporated
Ms. Horton founded EmeSec, a cyber, cloud, and engineering business specializing in compliance. EmeSec maintains 4 ISO certifications and FedRAMP 3PAO accreditation. Ms. Horton incorporates her own game-changing cloud compliance advice for her company, commercial and Federal customers... Read More →



Tuesday June 25, 2019 3:40pm - 4:15pm
10 Mobility | Security Room 210

4:20pm

Advancements in Encryption to Protect Data in the Cloud
Advancements in Encryption to Protect Data in the Cloud

While encryption protects data at rest and data in motion, until recently only operational controls were employed to protect data in use. Learn how advancements in encryption and secure enclaves protect data in use and the application runtime. This enables new sensitive workloads, ranging from high-value enterprise applications to emerging Blockchain, IoT, ML applications, to run safely in the cloud.

Speakers
avatar for Anand Kashyap

Anand Kashyap

CTO, Fortanix
Anand is the co-founder and CTO at Fortanix, and leads engineering and product development. He also leads the customer acquisition and customer success process at Fortanix, working closely with customers and partners in enabling technical sales.  Previously, Anand worked at VMware... Read More →


Tuesday June 25, 2019 4:20pm - 4:55pm
10 Mobility | Security Room 210

5:00pm

CI + CD + CC - Why Leave Compliance Out?
CI + CD + CC - Why Leave Compliance Out?

Compliance is not a checkbox item. It is intended to safeguard enterprises from Risks and Threats that they face everyday. It is time that enterprises take a systemic view of Operations Risk; whether in managing back office IT systems or in releasing engineering features for self-driving cars on a daily basis. How can we extend our current implementations on Continuous Delivery Pipelines, to Continuous Compliance and Continuous Risk Assessment?

Speakers
avatar for Raj Krishnamurthy

Raj Krishnamurthy

Engineer, ContiNube Inc
Systems Engineer. Software Developer. 22+ years. Ran product engineering teams at Sungard Availability Services for New Product Development. Built industry's first Recover-2-Cloud PaaS in 2012. Ran the Solutions Engineering team and Developer Evangelism at Startups. Focused on Application... Read More →



Tuesday June 25, 2019 5:00pm - 5:35pm
10 Mobility | Security Room 210

5:40pm

Securing Cloud Repositories – All Types
Securing Cloud Repositories – All Types

You love the Cloud, but you still don’t feel 100% secure, here’s why.

Speakers
avatar for Richard Blech

Richard Blech

Founder & CEO, Secure Channels
Richard Blech is an entrepreneur, investor and innovator. His primary business focus is on data security, technology and strategic alliances. As managing member of Imperium Management LLC, Richard actively invests in technologically advanced ventures. He has a discerning ability to... Read More →


Tuesday June 25, 2019 5:40pm - 6:15pm
10 Mobility | Security Room 210
 
Wednesday, June 26
 

8:30am

A Practical Approach to Cloud Security, Architecture and Implementation
A Practical Approach to Cloud Security, Architecture and Implementation

While cloud computing provides lower Infrastructure cost, higher agility and faster delivery, it also presents higher operational and security risks for a business critical assets; but a well-designed solution and security architecture will keep businesses safe during and after migrating their assets to the cloud.

Max has researched and identified many of the security risks associated with migrating to public cloud infrastructure. During the research, he also recommended solutions and designed a secure cloud architecture to manage these risks; and his recommendations are based on industry best practices and aligns with the AWS Well-Architected Framework. In 2018, his research was published at Cornell University and he programmed his recommended architecture into thousands of lines of Infrastructure Codes.

With Data breaches on the rise, the total number of compromised data is expected to increase from over 14.7 billion to about 33 billion by 2023. Max practical cloud security and architecture approach will help keep businesses safe before and after migrating their data and applications to a public cloud environment, this will help reduce the number of data breaches in a cloud environment.

Speakers
avatar for Max Farnga

Max Farnga

Lead Solutions Architect, BioFortis
Max Farnga is a Lead Solutions Architect for Security and Cloud Infrastructure, with a Master in Information Security and an AWS Certified Solutions Architect Associate. He is certified and experienced in: Cloud, Security, Databases, IaC, Infrastructure Architecture and Engineering.Prior... Read More →



Wednesday June 26, 2019 8:30am - 9:05am
10 Mobility | Security Room 210

3:40pm

What’s Old Is New Again: Data Loss Prevention Techniques for a Cloud World
What’s Old Is New Again: Data Loss Prevention Techniques for a Cloud World

ShieldX’s CEO and Founder, Ratinder Ahuja, believes that traditional security solutions are not designed to be effective in the cloud. The role of Data Loss Prevention must evolve in order to combat the challenges of changing infrastructure associated with modernized cloud environments. Ratinder will call out the notion that security processes and controls must be equally dynamic and able to adapt for the cloud. Utilizing four key factors of automation, enterprises can remediate issues and improve their security posture by maximizing their investments in legacy DLP solutions. The factors include new infrastructures opening up, public cloud, fast services and appliance models to fit in the new world of cloud security.

Speakers
avatar for Ratinder Ahuja

Ratinder Ahuja

CEO, ShieldX
Dr. Ahuja draws from a career as a successful entrepreneur and corporate leader, bringing with him his unique blend of business acumen and deep technical knowledge.His knowledge of innovation and emerging trends in network security and data loss prevention are derived from years of... Read More →



Wednesday June 26, 2019 3:40pm - 4:15pm
10 Mobility | Security Room 210

4:20pm

Is Everything in the Cloud?
Is Everything in the Cloud?

Having to undergo an onsite assessment for a cloud environment sounds like an oxymoron, right? Many organizations tell their auditor that because they are a cloud-based organization, they do not want or need an onsite assessment. A new, dangerous trend that we’ve seen is auditors complying with that request. Audit firms advertise that they can effectively conduct an audit 100% remotely. This disregards physical controls that are in place to safeguard sensitive data and the frameworks that require testing of physical controls.

Not everything is in the cloud, and it’s irresponsible to claim that everything is in the cloud. Offices, employees, weather patterns, heating and cooling systems, power regulation, device management, physical security controls — these things don’t exist in the cloud. Physical security and onsite assessments must be a major component of cloud security and the shared responsibility model.

As more organizations migrate massive amounts of data to the cloud, it drives both cloud service providers and customers to consider how the cloud will change their privacy, security, and compliance efforts. Lack of security in the cloud can be detrimental to both providers and customers. In this session, Shannon Lane will educate the audience through lessons learned from recent breaches, his own experiences as an information security auditor, and best practices for cloud security.

Speakers
avatar for Mike Wise

Mike Wise

Information Security Specialist, KirkpatrickPrice
Mike Wise is an Information Security Specialist at KirkpatrickPrice with over 15 years of experience in the information security industry. He holds CISSP, QSA, CISA, and ITIL certifications and tends to focus on data centers and distributed computing. In his current role, he enjoys... Read More →


Wednesday June 26, 2019 4:20pm - 4:55pm
10 Mobility | Security Room 210