Architecting Security for Digital Transformation

Save the DateKlick for the .ics file to save the date

Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical people allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4.25 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free parking places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 7th of March 2018
Language English
Schedule see agenda below
Participation Costs Fr. 55.— per participant
Organization, presentations, beverages and aperitif included

Agenda

2:00 – 2:30 Registration & Coffee
2:30 – 2:30 Welcome & Introduction by the Moderator
2:30 – 3:00 Lorenz Neher, Senior Manager Cybersecurity Strategy and Transformation at PwC

Integrate security by design when digitizing the business process
The Digital Transformation forces companies to rethink business processes, the IT landscape and interfaces to clients, partners and suppliers. We see the following challenges when supporting clients in the digital journey:

  • In digital transformation projects the culture of modern, agile projects clashes with the “old world” security organisation and project management toll gates
  • Modern IT projects create more data, use more data, have distributed data processing and storage triggering concern of increased privacy and data protection regulation
  • Time to market and costs are crucial, as such security measure need to address the major threats and risks. However, identifying the relevant risks and threats is not easy

To demonstrate compliance by design and privacy by design and default a structured and coordinated approach embracing compliance and security by all involved parties is necessary. To do so, the appropriate level of security needs to be defined and built in at the beginning and not amended at the end.

Lorenz explains how security requirements and threat modelling needs to be included in the architecture, design and development lifecycle with some real world examples.

3:00 – 3:30 Thomas Louis, Digital Transformation Leader at Alpha Solar Project AG

Digital Execution of Business Transactions as Part of the Architecture for Digital Transformation Projects
A qualified electronic signature is deemed equivalent to a handwritten signature according to Swiss and EU law. Digitally signed documents have significant advantages over paper-based documents across the entire document lifecycle, from creation through signature to archival.

Digitally signed documents are far more “tamper proof” and qualified digital signatures are far more “non-reputable” than their traditional paper-and-pen-based equivalents. We will show how the currently still very low acceptance of digitally signed documents with recipients/readers can be raised dramatically by senders/signatories by creating and sending a validation protocol from a trusted validation service along with the digitally signed document. Hundreds of business transactions involving signed digital documents over the last 4 years prove that trust is more important than understanding as regards acceptance of digitally signed documents instead of paper.

We will explain why this is the case, what senders/signatories can do today to raise acceptance with recipients/readers of digitally signed documents and how an “open validator.ch” service would look like to further improve acceptance of digitally executed document based business transactions.

3:30 – 4:00 Michael Loger, Senior Sales Engineer EMEA, Thales eSecurity

Securing your digital transformation – encrypt everything
Protect sensitive data with encryption

Cyber threats are not diminishing. Protecting an organisation’s data is critical to the daily workings, reputation and future growth of every business. Within European enterprises action is being taken with a focus to protect “data at rest” and increase data in motion security. According to the Ponemon Global Encryption Trends Study 2017, 41% of respondents say their organisation has an encryption strategy applied consistently across the entire enterprise.

Compliance with privacy and data security requirements such as GDPR, PCI DSS and eIDAS is one of the main drivers to extensive encryption use within companies. In the presentation Michael Loger will elaborate the benefits of modern encryption technologies and how these technologies can be reflected in an enterprise-wide encryption strategy.

    Takeaways:

  • Benefits of modern encryption technology
  • Best practice for enterprise encryption strategies
  • Compliance considerations including GDPR, PCI DSS, eIDAS and how it drives encryption use
  • How to deliver trust wherever information is created, shared or stored
  • How to secure data in any environment (e.g. cloud, on-premise) without sacrificing business agility
  • Why organisations are increasing their data protection strategy to focus on data-at-rest and data-in-motion
4:00 – 4:30 Coffee Break
4:30 – 5:15 Dominique Climenti, Senior Security Engineer at Kyos and CTO at Monnaie Léman

Blockchains and decentralised systems – the new building blocks of tomorrows IT infrastructure and a new challenge for today
These technologies are making a lot of buzz, but when the ICOs will slow down it will become important to understand them to face comfortably the evolution of distributed and decentralized system in the IT infrastructures of tomorrow.

To express its full potential, a blockchain-based application must be coupled with decentralized systems. But even if a correctly implemented blockchain allows to secure transactions between several players who don’t trust each other, the introduction of components shared between the different players reintroduces many difficulties for the management of the data outside the blockchain. Integrity of data on different nodes, encryption of data in transit and at rest are some of the challenges we have to face. But the biggest risk we face is that we are confronted with systems that are highly asynchronous in an environment that has not yet developed the different layers of abstraction that allow us to manage the system’s asynchronicity. This induces errors in the development of solutions, that in turn can lead to critical vulnerabilities like the famous “the DAO” two years ago.

This talk will give an overview of those topics through the challenges and accomplishments in building a system for the “managements of the commons”.

5:15 – 6:00 Jonathan Sinclair, Associate Director Information Security at Celgene

Architecting Trust in the Digital Landscape, or lack thereof
The trend in existing enterprises is to adopt a zero-trust model, often using the pretext of the “insider threat” as the protagonist for stimulating justification.

This modus operandi is producing a mosaic of digital architectures, where security and privacy-by-design are taking center stage.

In this presentation we will investigate the emergence of this phenomenon, propose architectures that cater for its digital positioning and identify social and technological disadvantages of adopting a fear induced digital transformation.

6:00 – 6:30 Panel Discussion moderated
6:30 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A

 

The sponsors of this event are:

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here if you have a XING account. If you don’t have or don’t like to have a XING account, just send us an email.

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.



Mobile Menu