The Cloud Security Alliance Summit 2014 at the RSA Conference this year opened with a keynote by Richard Clarke, Chairman & CEO of Good Harbor, Member of President Obama’s Review Group on Intelligence and Communications Technology.
Clarke presented the top ten recommendations from the Review Group’s report submitted to the President regarding the NSA surveillance issue. Clarke mentioned this entire report was published on a public domain intentionally, in the interest of liberty and civil rights.
Professor Udo Helmbrecht, Executive Director of European Union Agency for Network and Information Security (ENISA) spoke after Clarke’s keynote and defended EU policy on data localization, which was contrary to one of the recommendations in the Review Group’s report. Helmbrecht also mentioned that major cloud companies are all US companies and therefore, the need to help EU companies come up and help local economies.
However, he was supportive of CSA alliance best practices, including CSTAR certification for cloud service providers. CSA presented him the Industry Leadership Award for 2014, in recognition of his open policy and continued efforts across the EU countries for cloud adoption and security.
The rest of the conference theme covered three major cloud security topics–Application Security, Critical Infrastructure Protection and Cloud Trust and Risk Management–through panel discussions by various vendors and service provider participants.
As applications continue to grow rapidly, it is important to consider distributed policy enforcement based on application awareness and visibility with emphasis on APIs for cloud accessible apps. While ID federation is critical for hybrid cloud access, risk analytics go beyond device and users, and needs to include application risk.
Trend Micro, with Vodafone, presented a cloud-simulated honey pot project on critical infrastructure protection and Vodafone perspective and initiatives on cloud security. The presenters mentioned several research reports available on the topic, including a couple of Trend Micro whitepapers that the attendees should find useful for further research.
These sessions were followed by a new CSA initiative named Software Defined Perimeter–a breakthrough framework to secure multiple clouds, mobile computing and the Internet of Things. The SDP project and code/design is now in open source for participation/contribution by the community. The team presented the framework that could potentially become the future standard for secure internet connectivity based on robust protocols and integration of several key technologies.
And be sure to join us at Tripwire’s RSAC Booth (3501) to get your free customized t-shirt printed on the spot, and listen to an array of in-booth guest speakers we have lined up. For the speaking schedule and information on how to obtain a free RSA Expo pass, see more details here.
- Cyber Security Framework Lacks Mitigating Controls and Cloud Security
- The Cyber Security Framework and the Case for Platform IT
- Implementing the Cyber Security Framework
- Don’t Reinvent the Wheel: Phil Agcaoili on the Cyber Security Framework
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock