Cloud Security Summit is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Informa
Key Sessions

Kevin Walker

Keynote: Finding the right IoT security strategy and methodology to secure the IoT network infrastructure -- presentation by Juniper Networks

Juniper Networks

Thien La

Keynote: Journey to the Secure Cloud

Wellmark Blue Cross Blue Shield

Arjmand Samuel

Keynote: Building Trustworthy IoT Systems -- presentation by Microsoft

Microsoft

Katherine Fithen

Keynote Panel: Learning from Infamous Security Breaches

SecureWorks

Oct 23
Show Filter
7:00am - 5:00pm 600 mins
Main agenda
Registration
8:50am - 9:00am 10 mins
Keynotes
Opening Remarks
  • Sue Troy - Executive Editor, The IoT Institute
9:00am - 9:20am 20 mins
Keynotes
Keynote: Finding the right IoT security strategy and methodology to secure the IoT network infrastructure -- presentation by Juniper Networks
  • Kevin Walker - Security CTSO (Chief Technology and Strategy Officer), Juniper Networks
9:20am - 9:40am 20 mins
Info
Keynotes
Keynote: Journey to the Secure Cloud
  • Thien La - CISO, Wellmark Blue Cross Blue Shield

Join Wellmark Blue Cross and Blue Shield’s CISO Thien La as he shares Wellmark’s two-year journey designing the healthcare leader’s cloud architecture and migration plan. La will discuss specific concerns for highly regulated industries, along with their experience working with leading cloud providers.

9:40am - 10:00am 20 mins
Keynotes
Keynote: Building Trustworthy IoT Systems -- presentation by Microsoft
  • Arjmand Samuel - Security lead for Microsoft Azure Internet of Things at Microsoft, Microsoft
10:00am - 10:40am 40 mins
Info
Keynotes
Keynote Panel: Learning from Infamous Security Breaches
  • Moderator Katherine Fithen - Managing Principal Consultant, SecureWorks
  • Panelist Arun Hegde - Principal Security Architect, Fortune 500 Media Company
  • Panelist Thien La - CISO, Wellmark Blue Cross Blue Shield
  • Panelist Weifeng Li - Director PwC Cybersecurity, PwC

In this panel, IT and security leaders will discuss best practices and lessons learned from some of the most infamous security breaches in the past few years, as well as touching on the lessons not yet learned as we enter a world where IoT, Blockchain, shadow IT, hybrid cloud, mobility all converge.

10:40am - 11:30am 50 mins
Main agenda
Networking Coffee Break & Exhibition Visit
11:30am - 11:50am 20 mins
Info
The Human Side of Cloud Security
SecDevOps: What's Hype? What's Valuable
  • John Steven - Advisory Board | Senior Director of Security Technology and Applied Research, Synopsys

SecDevOps is to the 2010s what Agile was to the early 2000’s: Your ticket to speak at a conference. Yet, having attended tens of these talks, you may be forced to conclude practices rarely get beyond: “Code first and chase that coding with automation." …also… “Monitoring. You’re gonna need monitoring and feedback.” In this talk, we’ll boil off some of the hype and look at key (actual) best practices that tie back to BSIMM capabilities in a meaningful way. We’ll discuss Vulnerability Discovery, Developer enablement, Runtime Protection/RASP, Threat Modeling, and more.

11:50am - 12:30pm 40 mins
Info
Governance, Compliance & Risk
Solving Privacy Challenges and Concerns with Cloud Solutions
  • Katherine Fithen - Managing Principal Consultant, SecureWorks

While there is a lot of focus on cloud solutions for many good reasons (e.g., cost savings is usually the justification but there are not justifications as well), with the evolving privacy laws and regulations, there are some challenges (e.g., access controls to personal information). During this session, we will look at the challenges and how some companies have managed the use of cloud solutions while aligning privacy laws & regulations.

12:30pm - 1:30pm 60 mins
Main agenda
Lunch
1:30pm - 2:10pm 40 mins
Info
Success with the Software Defined Perimeter
Panel: Shadow IT's Role in Driving Innovation
  • Panelist David Hahn - VP and CISO, Hearst
  • Panelist Michael Goodenough - Principal Architect, Northeast Region, Omada Solutions
  • Moderator Regine Bonneau - Founder and CEO, RB Advisory

Shadow IT is here to stay, and is a driver of innovation even though CIOs and CISOs may consider its elimination as an accepted best practice. While the practice does create a multitude of data and integration issues for under-resourced IT teams, along with unknown risks for the entire company, it can also drive productivity and innovation in the lines of business.  This panel will explore how CIOs and CISOs can balance the innovation potential of Shadow IT while keeping the enterprise secure.

  • Why Shadow IT isn’t nefarious, but the result of business users finding new and more effective and efficient ways to work.
  • How to create a security program to take Shadow IT into account and allow user flexibility by incorporating methods of protection.
  • Why Shadow IT doesn’t mean allowing business users free reign accessing technology and users must understand restrictions and why they exist.
2:10pm - 2:50pm 40 mins
Info
Governance, Compliance & Risk
Panel: Compliance vs. Security
  • Moderator Regine Bonneau - Founder and CEO, RB Advisory
  • Panelist Paul Twomey - Co-Founder, STASH
  • Panelist John Whiting - Chief Security Officer, DDB

In this panel, industry leaders from leading companies in Finance, Healthcare and Technology will discuss how to balance compliance and security, including such topics as:

  • Does regulatory compliance have a positive or negative impact on an organization’s security?
  • Regulations: A surprising source of security funding thanks to C-Level focus.
  • Issues with dealing with potentially conflicting regulations, across geographic regions, industries (GDPR, PCI DSS, HIPAA, etc.)
  • What constitutes a company’s exercise of a due care or due diligence level of cybersecurity?
  • How to create an effective security strategy – especially in world where the perimeter is disappearing.  Focus on defense in-depth or a layered defense strategy.
2:50pm - 3:30pm 40 mins
Main agenda
Networking Break & Exhibition Visit
3:50pm - 4:30pm 40 mins
Info
Governance, Compliance & Risk
Case Study: Cloud Security in Financial Services
  • Scott Matsumoto - CISO, Circle

Financial Services have special considerations when operating in the cloud, including compliance with rigorous and sometimes conflicting regulations. Circle Pay operates entirely in the cloud and we are a licensed Money Transmitter in many states. This talk covers our experience managing the regulators/examiners.

Regulators and examiners are, for the most part, familiar with traditional IT, but do not understand cloud platforms, agile development and how to evaluate the regulations for cloud applications. I’ll talk about some of the ways we’ve been able to get our examiners comfortable with our use of the cloud, including:

  • Helping the regulators understand the additional threats in our cloud environment
  • How we address these additional threats using cloud-based services
  • How cloud applications built from services are different than on-prem software
  • How cloud improves our overall development processes well beyond virtualization
4:30pm - 5:10pm 40 mins
Info
Success with the Software Defined Perimeter
Panel: How the Cloud and IoT Are Disrupting Identity & Access Management
  • Moderator Jo Peterson - Vice President, Cloud Services, Clarify360
  • Panelist Michael Goodenough - Principal Architect, Northeast Region, Omada Solutions
  • Panelist Tina Gravel - SVP, Global Channel and Alliances, Cyxtera
  • Panelist Carmen Sorice III - Senior Vice President, Channels, Sungard Availability Services (Sungard AS)

According to Forrester, 80% of breaches involve access of privileged credentials. With statistics like that, it’s easy to see that ensuring only the right people access the right documents/data is paramount. In this panel discussion, we’ll explore the challenges and advantages that enterprises face with IAM, including:

  • Expanding perimeters – telecommuting, mobility, wireless connectivity, IoT devices and personal devices have all widened the access point to sensitive data
  • Expanding web of identities and exploding user accounts
  • How to stamp out common threats: Privilege creep, orphan accounts, unnecessary super users
  • IAM Systems themselves – proprietary, one-off solutions in a collaborative, open source world
5:10pm - 5:30pm 20 mins
Info
Governance, Compliance & Risk
Case Study: Cloud Security Best Practices in the Public Sector
  • Jim McGinn - Chief Technologist and Senior Director, Jacobs

In this session, we’ll examine lessons learned and best practices for creating a secure Cloud Ecosystem, Cloud Security Operations Center (CSOC), and an approach to Cloud Security Compliance within a highly regulated Federal Government Construct. We will discuss how we set up and configure secure cloud environments for a range of IT applications from Big Data to Applications Hosting.

5:30pm - 7:00pm 90 mins
Main agenda
Opening Night Reception