Telecoms, Media & Technology is part of the Knowledge and Networking Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.
Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing. As a member of the OWASP Foundation, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions. He is an official (ISC)²-authorised instructor and a regular speaker at events organised by OWASP, ISACA and (ISC)² among others; and provides commentary and written articles for specialized industry media (Computer Weekly, Infosecurity Magazine, SiliconRepublic.com, etc). He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from (ISC)².
We have recently spoken with Fabio about information security and cloud, and here's what he shared with us:
This event is fully focused on the Cloud and Cloud-based technologies and offers a unique opportunity to meet with new and existing contacts, all looking to share and enhance our knowledge. There will be a variety of talks, panels and workshops where best practices and the challenges of managing local, regulatory and security issues will be discussed. This event gives attendees the time and the place to hear and learn about the huge benefits and potential of Cloud technologies, and take away the most relevant and transformative information for their organisations.
Cloud computing offers significant advantages; flexibility, scalability and costs saving, but only if security is integral to the approach taken. It has created a level playing field for organisations. No longer limited by access to technologies or budget for infrastructure, it has been a game changer for innovation and growth. Those organisations that take a strategic approach to the Cloud – seeing it as an integral part of their development path – will be able to get the most return from their investment – focusing their efforts and resources away from managing infrastructure and being faster to respond to the needs of their business.
The workshop looks at what organisations need to be aware of and manage when they look to leverage the Cloud. We will look at the options available to organisations in terms of Private vs. public vs. hybrid Cloud and the process for Cloud adoption and management from a security perspective. Attendees from small and medium sized companies will learn about how they manage the Cloud security not only for their organisation as it exists currently, but also as it grows.
The Cloud offers benefits to companies of all sizes and the value of these may vary depending on the stage of development or growth of the organisation. For start-ups, the cost savings low initial costs and pay-as-you-go aspects of a Cloud based infrastructure offers significant advantages – they can scale faster and get to market quicker without the investment in hardware. For larger corporates with thousands of employees based all over the world the Cloud offers other advantages and efficiencies such as centralised and standardised management and processing. As powerful as cloud computing is for the organisation, understanding its information security risks and mitigation strategies is critical. All organisations need to re‐evaluate existing security risks - patching and vulnerability management - as well as cloud specific security risks. They need to be aware of the security oversights that can occur during a cloud implementation and ensure they identify and remediate these, using tools and best practices. Legacy approaches are inadequate, and organizations need competent, experienced professionals equipped with the right cloud security knowledge and skills to be successful.