San Francisco hosts more than its share of conferences and festivals, and residents know the best way to maximize your time at events is to go in with a plan. With that in mind, we created a Skyhigh guide to RSA. Planning your agenda from the laundry list of speaking sessions is overwhelming. The guide specifically highlights sessions on cloud security from a host of industry voices including analysts, enterprise practitioners, board members, and the founder of the Cloud Security Alliance. (Not signed up for RSA? Get in free with this code.)
Enjoy the guide, and don’t forget to stop by our booth at the conference to see how Skyhigh is securing the cloud.
Cloud Threats to the Enterprise
Jim Routh, CISO at Aetna, is not only a forward-thinking security leader. He’s also an excellent speaker, and his talk at the Cloud Security Alliance Summit at RSA promises valuable insights from the practitioner’s perspective. Routh has taken a proactive approach to cloud visibility and security, making a point to cut the sensationalism out of security to focus on data-driven decisions.
While Snowden made insider threat a top of mind issue for every security team, the reality is that small-scale insider threat incidents frequently fly under the radar. Cloud offers a dangerous vector for insider threat because organizations lack control for sanctioned and unsanctioned cloud services. Only 17% of companies reported an insider threat incident at their organization in the past year, but 85% of companies had cloud usage activity strongly indicative of insider threat. We highlighted six particularly nefarious tales of insider threat in the cloud; this panel should provide practitioners with useful tips for preventing cloud insider threat.
It’s a good rule of thumb to tune in whenever Rich Mogull talks cloud security. While the description is ambiguous, this talk featuring the Securosis founder is mandatory for those paying attention to the cutting edge of cloud security.
The average organization connects with 1,555 partners through the cloud, with 30% of data shared going to high-risk partners. Despite being the source of high profile breaches at organizations like Target, risk from the partner environment is underrepresented in security industry conversations. In the case of Target, a heating a cooling vendor served as the entry point for attackers. This session covers a key security vector – one that may lead to future breaches if not properly addressed. Review our Q1 Cloud Adoption and Risk Report for key risk metrics from partner cloud connections.
Gartner analysts Neil MacDonald and Peter Firstbrook first called attention to the cloud access security broker (CASB) category in May of 2012. Two years later, Gartner named CASB the number one security technology for 2014. Cloud’s transformational power in the enterprise has driven the need for this layer of security, with features including visibility into shadow IT, data governance, and encryption. Learn why progressive organizations including Cisco, HP, Western Union, and Zurich Insurance rely on this tool within their security portfolios. Panel participants include some of the top names in enterprise security, as well as MacDonald himself as moderator.
While enterprise-ready cloud providers can be more secure than on-premise storage, the propagation of consumer cloud services in the enterprise and the lack of visibility into cloud use are leading down the path to a “cloudpocolypse.” With Cloud Security Alliance founder Jim Reavis moderating, this session should provide an excellent high-level introduction to the risk posed by line of business cloud adoption. Specifically, there should be an interesting debate on which security responsibilities reside with the cloud provider, security provider, and enterprise.
Catered to the C-Level
Cloud use and security have risen hand in hand, from lines of business, to the IT department, to the CIO and CISO. In 2014, security finally arrived in the boardroom with multiple CEOs losing their jobs in response to data breaches. This panel offers multiple perspectives, including those of a board member and a CISO.
Further to the topic, Australia Post CISO Troy Braban will share tips from his experience on selecting security metrics that resonate with the board. With Australia’s strict data residency regulations, Braban’s perspective should have great insights for security practitioners at global organizations.