The RSA Conference provides a venue for information security professionals from across different backgrounds, countries, and industries to share their wisdom and expertise. In a rapidly changing category like cloud security, peer-to-peer learning is one of the most reliable methods of staying up-to-date with the latest practices in the industry. Every year, the conference welcomes a mix of trusted voices and rising newcomers to the stage for topics ranging from the technical nuts and bolts to executive sessions. For any attendee interested in cloud security, these sessions are a must-attend.
Cloud Security Essentials
Analysts like Rich Mogull have been predicting the wider shift to cloud computing environments for years and in 2017, cloud security is taking over traditional cybersecurity. Cutting-edge software companies like Netflix have adopted a cloud-first philosophy, pioneering the future of enterprise IT.
Tidal Forces: The Changes Ripping Apart Security as We Know It
February 14, 2017 | 1:15 PM – 2:00 PM | Moscone South | 301
February 14, 2017 | 3:45 PM – 4:30 PM | Moscone West | 2001
Cloud Security & Virtualization | Security Strategy | Classroom
The forces of technology are shattering information security as we know it, fundamentally reforging our practices and the industry itself. The very definition of endpoint is redefined as we shift our apps and data centers to the cloud, leveraging zero trust networks. This session will detail the trends, and show you how to best manage your organization (or product) through the tumultuous journey.
Speaker: Rich Mogull, Analyst/CEO, Securosis
Incident Response in the Public Cloud
February 14, 2017 | 1:15 PM – 2:00 PM | Marriott Marquis | Nob Hill A
Analytics, Intelligence, & Response | Cloud Security & Virtualization | Security Strategy | Peer2Peer
Conducting incident response (IR) in a public cloud is the same but different. IR on servers is not new and the public cloud is just other people’s servers; however, the “other people’s” part changes things a bit. This session will discuss public cloud incident response in which “they” handle the hypervisor and below and you handle the kernel on up.
Facilitator: Alex Maestretti, Manager, Security Intelligence and Response Team, Netflix
Infrastructure as a Service
Until now, SaaS has represented the most mature category of cloud adoption in the enterprise. The next wave of cloud growth, however, will come from infrastructure-as-a-service (IaaS), which Gartner pegs at nearly twice the growth rate of SaaS. Learning strategies to secure applications on IaaS platforms should be a critical goal for RSA attendees.
Hardening the Cloud: Assuring Agile Security in High-Growth Environments
February 17, 2017 | 9:00 AM – 9:45 AM | Moscone South | 301
Cloud Security & Virtualization | Classroom
Modern businesses recognize one of the greatest challenges they face on a day-to-day basis is meeting the demand for security at speed without jeopardizing protection; this is especially true in high-growth environments. This session will deliver IT and security professionals actionable, real-world insights aimed to improve AWS security strategies at minimal cost while delivering high value.
Speaker: Aaron McKeown, Lead Security Architect, Xero
Securely Moving Data to the Cloud with Confidence and Customer Focus
February 16, 2017 | 1:30 PM – 2:15 PM | Moscone South | 301
Cloud Security & Virtualization | Security Strategy | Classroom
This session will provide a deep dive of best practices to securely move customer data to the cloud through AWS, while keeping the customers’ interest top of mind. Nat Natarajan, CISO at Intuit, will illustrate how companies can successfully and securely harness the power of the cloud to ensure the speed of innovation.
Speaker: Michele Iacovone, SVP, Chief Information Security and Fraud Officer, Intuit
Rethinking Product Security: Cloud Demands a New Way
February 16, 2017 | 2:45 PM – 3:30 PM | Moscone South | 301
Application Security & DevOps | Cloud Security & Virtualization | C-Suite View | Classroom
Software providers that are in the business of running their software in the cloud have unique challenges when it comes to building and ensuring security in their products and the deployment of their products. This talk will cover the challenges that exist and a new paradigm on what product security means for a company moving from a shrink-wrap world to a software-as-a-service cloud services provider.
Speaker: Tony Arous, Head of Application Security, Autodesk, Inc.
Speaker: Reeny Sondhi, Chief of Product Security, Autodesk, Inc.
Dedicated Cloud Security Events
Each year, the Cloud Security Alliance hosts a summit before the RSA Conference officially begins entirely focused on cloud security. This year’s summit will feature a presentation from FinServ giant TIAA’s CISO, Steven Ward, along with Skyhigh CEO Rajiv Gupta. The event is a unique opportunity to learn about the future of cloud security technology from those who have worked on the cutting edge for years.
During show floor hours, Skyhigh will present a unique lecture series from security executives who have successfully deployed a CASB – Gartner’s top security technology. The Cloud Innovators Series provides practical knowledge from practitioners with hands-on experience spearheading organization-wide cloud security projects.
Audit and Compliance
Cloud governance calls for a cross-departmental coalition. Risk and compliance managers are responsible for consistently enforcing policies across their companies’ cloud portfolios. The regulatory environment is creating the need for additional focus on security when outsourcing data to cloud providers, especially with the EU GDPR little more than a year away from enforcement.
EU Data Privacy: What US Orgs Need to Do Now to Prepare for GDPR
February 14, 2017 | 3:45 PM – 4:30 PM | Moscone West | 2020
C-Suite View | Governance, Risk & Compliance | Privacy | Classroom
The European General Data Protection Regulation is the most significant development in data protection in the last 20 years. With a May 2018 compliance deadline looming, and more privacy and security requirements than ever, this presentation will help US companies understand their privacy and security compliance obligations and the steps they must take now to prepare for GDPR.
Speaker: Chris Zoladz, Founder, Navigate LLC
Auditors in the Cloud: Audit Risk and SaaS Applications
February 15, 2017 | 8:00 AM – 8:45 AM | Moscone West | 3018
Cloud Security & Virtualization | Governance, Risk & Compliance | Classroom
With the proliferation of cloud apps, some key mission critical applications are no longer on-premises. As a result, they are starting to come to the attention and priority of auditors. This session will focus on what you need to do to vet, implement and distribute cloud apps across your business in an audit-friendly way.
Speaker: Conrad Smith, Chief Information Security Officer, Bitium
There is no substitute for experience, and any company planning a move to the cloud should pay attention to the advice of those who have gone before.
The Wild West Cloud Security Shootout
February 15, 2017 | 10:30 AM – 11:15 AM | Marriott Marquis | Nob Hill A
Application Security & DevOps | Cloud Security & Virtualization | Peer2Peer
CISOs evaluating cloud migration of ERP applications struggle with security approaches. A “lift and shift” of existing on-premise controls to PaaS/IaaS is a path to failure. Cloud security for SAP, Oracle and similar applications is unchartered territory. Gather with peers to discuss cloud migrations, architectures, security models, application controls and secure operations.
Facilitator: Adrian Lane, Analyst and CTO, Securosis
Learnings from the Cloud: What to Watch When Watching for Breach
February 15, 2017 | 2:45 PM – 3:30 PM | Moscone West | 2006
Analytics, Intelligence, & Response | Cloud Security & Virtualization | Security Strategy | Classroom
Protecting against account breach and misuse when using a cloud service can be challenging, as the cloud service decides what tooling is available, and control may be limited. This session will share learnings and best practices from the Office 365 engineering team: from the patterns observed, what are best practices to protect against account breach? less…
Speaker: Sara Manning Dawson, Principal Group Program Manager, Microsoft
War Stories: Corporate Cyberespionage Tales from the Trenches
February 15, 2017 | 9:15 AM – 10:00 AM | Marriott Marquis | Yerba Buena 9
C-Suite View | Security Strategy | Panel Discussion
How do the FBI and some of the world’s largest companies integrate their cyber-risk and business-risk practices? Learn from real case studies of how fraud, employee espionage and physical security threats were all enabled by cybercrime, and how those threats were discovered and stopped. The panel will also provide a checklist to begin integrating cyber into the broader business-risk discussion.
Moderator: Dr. Edward Amoroso, CEO, previously SVP and CSO of AT&T, TAG Cyber
Panelist: Chris Camacho, Chief Strategy Officer, Flashpoint
Panelist: Luis Guzman, Manager, Security Response, Uber
Panelist: Milan Patel, Managing Director of Cyber Investigations and Incident Response, K2 Intelligence
The C-Suite View
If the CEO has not yet asked what IT security is doing about cloud, the question is not far off. Cloud offers IT the opportunity to help the business be more productive, collaborative, cost-effective, and secure. CISOs should research how companies in even the most regulated sectors have securely embraced the cloud.
Pitching Infosec in the Boardroom When Your Customers Don’t Care
February 17, 2017 | 9:00 AM – 9:45 AM | Moscone West | 2006
C-Suite View | Security Strategy | Classroom
The CISO’s Lament: “I’m tired of banging my head against the boardroom door.” Even with a renewed sense of urgency around security, corporate leaders develop amnesia to bad times when the good times are aplenty. Consumer spending research at breached companies agrees with this notion. So how do you protect the enterprise when the board treats breaches like a Black Swan?
Speaker: Branden Williams, Director, Special Projects, Union Bank
The Finance Sector and Countering Cyberthreats: Lessons from the Front Lines
February 16, 2017 | 2:45 PM – 3:30 PM | Marriott Marquis | Yerba Buena 9
C-Suite View | Governance, Risk & Compliance | Panel Discussion
How do CISOs defend the integrity of financial networks? What technological and strategic tools are available to cyber-defenders? How should critical infrastructure defenses be prepared for a cyber-crisis? This panel of veteran security leaders will share lessons learned from countering the most advanced cyberthreats targeting financial services to inform cybersecurity strategies across sectors.
Moderator: Frank Cilluffo, Director, Center for Cyber and Homeland Security, George Washington University
Panelist: Valerie Abend, Managing Director & Lead for North America Financial Services Security, Accenture
Panelist: Cheri McGuire, Group Chief Information Security Officer, Standard Chartered PLC
Panelist: Troels Oerting, Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO), Barclays
Panelist: Rob Wainwright, Director, Europol