- Smart, Safe and Secure Cloud ComputingFebruary 17th, 2012
Even though the term “smart” has been used a bit inflationary on this planet in recent times, the tectonic shift induced by cloud computing is significant, and it has multiplied your options over night. EIC 2012 will help you taking informed decisions on how to reach a new level of information security.
OASIS: Identity, Privacy, and Data Protection in the Cloud – What is Being Done? Is it Enough?
April 17, 2012, 09am – 1pm
Join a host of experts for this pre-conference roundtable, to hear the latest on what is being done to protect identity and ensure privacy within the cloud. This three-part interactive roundtable will open-up the dialogue on this topic, so come prepared to share information, insights and ideas. Part one of the roundtable will focus on the latest developments in the standards community, addressing important key identity, data protection and privacy issues in the Cloud. Part two will take a deeper dive into the obstacles, barriers, and successes identified in the many OASIS IDCloud case studies submissions. A representative from the OASIS IDCloud TC will lead the discussion, and provide a report on the outcome of committee’s evaluation process and future direction. The final part of the roundtable will be an overview of the draft Privacy Management Reference (PMRM) by members of OASIS PMRM technical committee and a case study workshop which will interactively develop one or more use cases following the PMRM methodology. With so much attention given the proposed EU Data Protection Regulation and EC consultations on cloud computing and the Internet of Things, this special hands-on roundtable will offer policymakers, business managers, practitioners and technologists a provocative and stimulating look at an extraordinary set of issues and practical work underway to help make them manageable.
Prof. Dr. Dawn Jutla
ISACA: Cloud Assurance
April 17, 2012, 09am – 1pm (in parallel to the OASIS Workshop)
As enterprises look for innovative ways to save money and increase the trust and value in their information systems, cloud computing has emerged as an important opportunity, offering enterprises a potentially less expensive model to handle their computing needs and accomplish their business objectives. Cloud computing offers enterprises many possible benefits but also comes with some relevant risks, which need to be assessed and controlled. Marc will present useful guidance for enterprises that are considering promoting data and business processes into a cloud environment and this based on his personal experience in guiding companies into the cloud and as chairman of the cloud computing task force of ISACA. Before moving ahead with the decision to roll out a cloud service or use cloud computing, Marc will show the need for assurance mechanisms. Marc will prove that assurance in the cloud is different from a traditional outsourcing arrangement. With shared resourcing, multi-tenancy and geo-location, cloud computing requires a new approach to providing assurance. In the cloud, boundaries are difficult to define and to isolate and client specific transactional information is difficult to obtain. Marc will show that assurance needs will become more real-time, continuous and process-oriented, while cloud service providers will need to provide greater transparency to their clients regarding the movement of the clients’ data. Security and assurance frameworks and certification and accreditation standards that are specific to cloud service providers must continue to evolve as clients seek confidence in these cloud computing services.
Cloud, Consumerization & Identity: Time to Transform the Security Model
April 17, 2012, 4:50 – 5:10pm
As the adoption of cloud computing and consumerisation of IT continues to accelerate, many IT organisations are forced to revisit their traditional security models in order to address the new risks being introduced. This session explores the impact of cloud computing and consumerisation of IT on security and how these emerging trends are reshaping the evolution of identity & access management (IAM), information protection, and compliance-related technologies and architectures.
In this session, we’ll look at:
- Why the current traditional security models cannot keep up with evolving trends and emerging threats
- How to evolve the security trust model and what new layers should it have
- Context- and content-aware IAM and the end of static security policies
Avoiding hidden Clauses and other Pitfalls – How to Deal a Good Cloud Service Contract
April 18th, 2012, 2 – 3pm
Like with all other immature and rapidly developing markets, there often is a significant difference between the expectations customers have when they contract a cloud computing service, and the reality of what they would get as one of many clients through some kind of standard contract. In this session, you will first and foremost learn, that most if not nearly all existing standard contracts from large cloud providers are crap, and how you easily can find out that they are crap, what your risks are if signing such a contract and how a fair deal would look like instead.
Timothy R.W. Cowen
Sidley Austin LLP
Simple Cloud Identity Management (SCIM)
April 18, 2012, 3 – 4pm
SCIM (Simple Cloud Identity Management) is one of the most popular standards in IAM these days. I shall replace SPML (Simple Provisioning Markup Language), building on a REST-based API. However the question remains whether it is more about porting the type of API or really a breakthrough for provisioning to the cloud. And the question remains whether it really will become adopted as a mainstream approach. Besides this, any good standard supports all of IT, not only the cloud. So what does SCIM provide for the on-premise IT?
Eyes Wide Shut? Seven Cloud-Computing Security Sins and how to Control them
April 18, 2012, 5 – 6 pm
Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers However – many organizations are sleepwalking into the Cloud. Moving to the cloud may outsource the provision of the IT service, but it does not outsource responsibility. This session will look at the issues that may be forgotten or ignored when adopting the cloud computing.
- Ensuring legal and regulatory compliance
- Assuring data security
- Ensuring business continuity
- Avoiding lock in
Providing and Maintaining a Secure Cloud Infrastructure – from Planning to Administration
April 19, 2012, 10:30 – 11:30 am
- Trust Assumptions and Trustworthiness Assurance
- Secure management of cloud components
- Identity management requirements for both, critical infrastructure and privacy protection
- Integrated Identitity management for administration personnel, maintenance personnel, hardware and autonomous systems, and software components.
Prof. Dr. Clemens
Atos Research &
216One ResponseSmart%2C+Safe+and+Secure+Cloud+Computing2012-02-17+19%3A22%3A02Joerg+Reschhttp%3A%2F%2Fwww.id-conf.com%2Fblog%2F%3Fp%3D216 to “Smart, Safe and Secure Cloud Computing”