14.05.2014 12:00-13:00

European Identity & Cloud Conference 2014
Combined Session


Preventing your Enterprise from Cyber Attacks and Threats: Can this be Illegal?

With the evolution of new technologies and approaches to security, such as the application of big data tools to profoundly analyze network traffic in realtime, security professionals can have a high level of visibility into any type of information. These systems do not distinct between personal and “non-personal” information – they are just trained to detect suspicious patterns and can do so only if all packets are inpected. But what does the law say? Do enterprises have a right to process personal data in order to defend themselves against cyber attacks? KuppingerCole´s Senior Analyst and privacy expert Dr. Karsten Kinast, LL.M. will give you an overview on how current and future legislation is and will answer this question. There is an additional workshop offered for this topic.   

Deep Security Monitoring Versus Privacy – Is There a Middle Ground?

The news is rife with the conflict of deep security monitoring versus personal privacy. Similar to the rise of sophisticated global terrorists is the rapid rise of advanced IT security threats from hacktivists, cybercriminals, and nation states, and the fast evolution of security technologies designed to defend against them.  Security professionals now often find themselves pushing the boundary of what is socially acceptable and even legal, while trying to keep up their organization’s defenses.

With the evolution of security technologies such as network packet capture and big data security analytics, security professionals can have an unprecedented level of visibility into what is happening in their enterprise.  But can security professionals use these monitoring oriented technologies without violating both laws and the monitored persons’ sense of reasonableness? 

Given the insidious nature of many advanced threats and their associated malware, which have been known to hide amongst normal application traffic, detection often requires sophisticated anomaly detection leveraging the collection and analysis of very large data sets, which often include the personal information and communications (email, IM, ftp).  Even if the collection of this personal information is not the primary purpose of the security system, doing so can sometimes be illegal and often times raise objections from individuals, workers councils/unions, and data privacy officers.  

After providing the background on today’s threats and why monitoring & big-data analytic defensive techniques are really required to defend against today’s most difficult threats, the presenters/panelists will provide some specific deployment examples that highlight the challenges from both a legal and cultural perspective.  They will go on to discuss how organizations in privacy sensitive regions can use advanced types of security monitoring technologies and will also review both technical and non-technical controls which can help enable a balance between the needs of risk reduction for the organization and the privacy expectations of the users and the laws. And they will also discuss with you the closely related issues of working with employees and data privacy officers to help smooth the deployment of security monitoring systems.  

Seraphinite AcceleratorBannerText_Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.