“In most countries with data protection laws, a large part of existing big data applications is are simply illegal.”, says KuppingerCole’s privacy expert Dr. Karsten Kinast. In his Privacy and Compliance track, he will moderate guide you through the risk landscape of data breach, internal or external misuse, unexpected secondary use, government espionage access, and chilling effects on consumer behaviorbehaviour. Some of these risk scenarios are partly or completely beyond corporate control, but we still we need to consider them and at least try to at least partly mitigate them.
Discussion: How Strong could Privacy in Internet Communication be – and where are the Legal Barriers?
In this session, we will discuss about the technical and infrastructural implications of privacy enhanced secure communication on the one hand, and on possible legal barriers and political obstacles against real end-to-end security on the other side. But first of all: What is “real” end-to-end security? And – is this kind of security usable anymore? Ladar Levison will, for the first time in Europe, talk about the Dark Mail Alliance´s plans and status, which is a unique opportunity for the audience to get first hand information of what we expect to have enough potential to change the way we communicate over the internet.
Preventing your Enterprise from Cyber Attacks and Threats: Can this be Illegal?
With the evolution of new technologies and approaches to security, such as the application of big data tools to profoundly analyze network traffic in realtime, security professionals can have a high level of visibility into any type of information. These systems do not distinct between personal and “non-personal” information – they are just trained to detect suspicious patterns and can do so only if all packets are inpected. But what does the law say? Do enterprises have a right to process personal data in order to defend themselves against cyber attacks? KuppingerCole´s Senior Analyst and privacy expert Dr. Karsten Kinast, LL.M. will give you an overview on how current and future legislation is and will answer this question. There is an additional workshop offered for this topic.
Deep Security Monitoring Versus Privacy � Is There a Middle Ground?
The news is rife with the conflict of deep security monitoring versus personal privacy. Similar to the rise of sophisticated global terrorists is the rapid rise of advanced IT security threats from hacktivists, cybercriminals, and nation states, and the fast evolution of security technologies designed to defend against them. Security professionals now often find themselves pushing the boundary of what is socially acceptable and even legal, while trying to keep up their organization’s defenses.
With the evolution of security technologies such as network packet capture and big data security analytics, security professionals can have an unprecedented level of visibility into what is happening in their enterprise. But can security professionals use these monitoring oriented technologies without violating both laws and the monitored persons’ sense of reasonableness?
Given the insidious nature of many advanced threats and their associated malware, which have been known to hide amongst normal application traffic, detection often requires sophisticated anomaly detection leveraging the collection and analysis of very large data sets, which often include the personal information and communications (email, IM, ftp). Even if the collection of this personal information is not the primary purpose of the security system, doing so can sometimes be illegal and often times raise objections from individuals, workers councils/unions, and data privacy officers.
After providing the background on today’s threats and why monitoring & big-data analytic defensive techniques are really required to defend against today’s most difficult threats, the presenters/panelists will provide some specific deployment examples that highlight the challenges from both a legal and cultural perspective. They will go on to discuss how organizations in privacy sensitive regions can use advanced types of security monitoring technologies and will also review both technical and non-technical controls which can help enable a balance between the needs of risk reduction for the organization and the privacy expectations of the users and the laws. And they will also discuss with you the closely related issues of working with employees and data privacy officers to help smooth the deployment of security monitoring systems.