All presentations are held in English
Impact of Digital Transformation on Data Centers and Clouds
Application Evolution drives new workload locations and impacts management & operations. A set of initiatives with use cases and a common methodology enabling organizations to clean-up and modernize datacenter and cloud infrastructure by simplifying and automate their infrastructure with full visibility and control in getting ready for the digital transformation.
Visibility across everything in your data center in real time? With hardware and software sensors we give you behavior-based application insight with deep forensics. Move to a highly secure and reliable zero-trust model. Dramatically simplify your operations. We incl. in this session a demo on Application Dependency Mapping, machine learning, behavior analyticx and automated whitelist policy generation.
His background includes having been part of the original team at Cisco back in its early days, then subsequently at the European
Service Provider Swisscom, at Netflix during their Internet videostream architecture and deployment, and at Nokia, designing and
implementing large-scale Data Center, hybrid Cloud, and SDN networks.
He focuses on implementing network-based Next Generation security in evolving SDN and NFV architectures in modern Cloud architectures.
Three Geographies of IT – Silicon Valley, US and Rest-of-World
Vendors, industry media, and pundits love to tell you how everything you do is obsolete, and how you should start using next-generation (whatever it means) concepts like clouds, everything-as-a-service, and DevOps to make your business more agile.
The only problem: the people promoting new technologies or products usually never deployed them, and most everyone around you is not doing it (whatever it is). However, there are tons of large organizations using these amazing new technologies (at least according to those same vendors and pundits). How true is that? Do we really have three geographies of IT (Silicon Valley, US and rest-of-world)? Christer Swartz and Ivan Pepelnjak will discuss these challenges and try to give you a broader perspective during the DC Day keynote.
Build your wings before jumping into the cloud
The move to the cloud has began already some years ago, but now the acceleration of its adoption is faster and faster. Driven by agility, efficiency and competitiveness, the curve of adoption is phenomenal. Cloud initiative are even not anymore driven by IT, but by all part of the business. Business cloud services provide a real consumer experience within the organisations. Faster experience, more user friendly interface, a “like at home” feeling for the user….
However, not all clouds are the same. How to choose or even differentiate between Public, Private or Hybrid, Single or Multi Tenant. How do you know what to assess in terms of legal, compliance, security and performance.
In this session Myke Lyons will discuss best practices for acquiring cloud services like IaaS, PaaS, and IaaS.
The Intelligent Security Graph
Real cyber threat intelligence requires more data than most organizations can acquire. Global cloud providers can rely on an unparalleled body of threat intelligence created from various sources: Microsoft analyzes—over 300 billion authentications processed per month, 200 billion emails scanned for malware and phishing, and one billion Windows devices updated.
Learn in this session more about the unique insights that are generated from this vast pool of security signals through machine learning and human intelligence and how they complement traditional security solutions.
Main differences between Cloud Migration and Regular Migration
Modernization of IT solutions (platforms, applications, databases etc.) is an ongoing process, especially in the continuously rapid development of our IT environment. New technologies enable new business and new (regulatory) requirements force us to rethink our IT strategy.
Cloud Computing/Cloud Services offer attractive service and price models, but which are the main challenges when migrating to such solutions? Let’s first have a look to classic migration models, approaches and scenarios. What does us force to migrate? Which aspects do we need to take into consideration?
Based on a few typical examples, the difference between regular and cloud migrations will be highlighted and explained.
Best Practice Cloud Computing from a bank’s perspective
Cloud services, in particular when provided in the form of Software as a Service (SaaS), imply a variety or legal, regulatory and contractual issues to be tackled.
Finding agreements on such issues are subject to constraints of, on the one hand, the applicable data protection laws and the legal and regulatory environment applying to the banking industry (especially regarding banking secrecy and outsourcing), and, on the other hand, to the cloud provider’s intention to keep its cloud system and processes standardized for all its customers.
The presentation will identify typical problems in this context regarding the financial industry and will give recommendations of what should be addressed in a cloud contract from a bank’s perspective.
Touch but don’t see; practical uses of encrypted computing
Computing directly on encrypted data has been a technological promise for many years that is finally becoming practical. Such advances enable secure cloud computing as the host never ‘sees’ the data nor has acces to the keys, providing a path to GDPR compliance.
Furthermore, analytics and machine learning algorithms can be run on multiple, private databases without revealing any information between the data sources. In this session you will learn about the technology that powers this new frontier and applications in the financial services industry.
Prior to joining iWelcome, Corné worked at RSA in different management positions, leading regions (including Switzerland) and lately being their Lead Technologist for Global Accounts and Strategic Alliances in Europe. After his study in Computer Sciences at the University of Utrecht he started in consultancy for UNIX. He then quickly stepped into the more exciting world of security in which he has been constantly active since the mid 90’s.
Identity in the Cloud; IAM for the new Digital Age
Digital transformation is reshaping every aspect of today’s business and it has strong influence on how Identities are managed within organisations going forward. Identities being employees, consumers or both.
To successfully move the application landscape into the cloud, employee identities became ‘airborne’. This asks for a robust and secure IAM framework that is cloud-first while also supporting applications in existing datacenters. It’s also a balance between risk and user convenience, and more and more, user experience. The days that employees accepted ‘old fashioned’ and rigid IT solutions are far behind us, with consumerization of IT becoming such a strong factor. Add to the mix, the rise of the Mobile Workforce and new supply chain models, and it’s no doubt Identity Management needs a redesign.
To support new digital business models, consumer identities and their profile information became the new gold. And as with everything valuable, it needs to be protected well. The new EU regulation on GDPR is additionally driving strong data protection and privacy measures. Also here, user convenience and experience are key, consumers don’t accept poor digital service. It’s about finding the right balance between user convenience and staying out of the papers (breach).
The presentation will emphasize on the amount of similarities that both business trends introduce around managing identities as well as access rights. It will also cover new IAM topics like consent lifecycle management and family management.
Classification and label-centric security approach in O365 – understanding the big picture
Organizations no longer operate solely within their premises. Cloud and mobility become more and more important. Data is transmitted between organizations, users, devices, and applications, regardless of their location. The challenge is to identify sensitive information and to apply the right level of control in order to maintain security and privacy of such information. Today’s security approach is to control data on premises and/or on a device. The classification and label-centric security approach applies security directly to the data itself, so that it’s always protected and identifiable, regardless of the location, device, application, or any additional security measures.
The goal of the presentation is to highlight the big picture of the classification- and label-centric security approach from an organizational view and how it can be implemented in an organization, especially in O365 and other applications.
Alexander is co-founder of SWISS BUSINESS INNOVATION CLUB, a meeting place for Swiss financial and insurance institutions to design new business models and ideas together with innovation partners, and advance them from mere ideas or technologies into promising business cases and minimal viable products.
Panel Discussion – Get it Right
The various aspects of cloud migrations from a legal and organizational perspective
Cloud Privacy Check – Data Protection Law Made Easy
Lawyers from 32 countries have created the Cloud Privacy Check (CPC), the largest European information platform explaining data protection laws in the simplest possible terms and free of charge. The CPC makes 32 different national regulations directly comparable. Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge.
A vastly simplified approach has now been presented by Dr. Tobias Höllwarth (EuroCloud) together with LAUX LAWYERS AG and more than 40 legals from all over Europe. The website:
cloudprivacycheck.eu, hosts the Cloudprivacycheck (CPC), a visual-design infographic explaining the principles of data protection regulations in 26 languages, allowing information seekers to quickly determine key aspects. The Cloud Privacy Check (CPC) is intended to simplify certain decisions and processes for most affected persons. Additionally, the Data Protection Compliance database provides highly relevant legal information for 32 countries that can easily be compared with each other.
Mark completed his legal studies at the University of Basel.
Mark is fluent in German (native tongue), English and Dutch and also speaks French and Italian.
License Compliance in the Cloud
Are you ready to move your applications to the Cloud? You may be from a technical perspective, but are you entirely aware of the legal and license compliance issues a migration may have in the light of your existing contractual arrangements? Are you at all permitted to move a particular application to the Cloud? Are the current license metrics affected by a migration and is there a potential for additional costs?
This is only to name a few of the license compliance issues that sooner or later may arise when moving to the Cloud. Ultimately, it is all about being prepared – and to be prepared, it will normally make a lot of sense to, in the course of your ‘future state planning’, carry out a due diligence on your existing license and similar arrangements regarding the applications you wish to move to the Cloud.
The presentation seeks to give some guidelines on how to structure such a due diligence of your existing agreements – and what the typical contractual and license compliance issues are that you seek to identify.
A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.
Cloud Services – Friend or Foe?
Leif Kremkow will show that the subject of working with or against cloud service providers cannot be placed into a polarized debate about making information systems great again. His presentation, drawn from customer testimonials, shows how companies are already capable of maximizing the advantages that cloud services offer.
Reframing the topic as one of outsourcing shows that with small adjustments and a few improvements in process quality, leveraging the cloud can be safe, secure, and profitable.
Contain All Evil – Securing your infrastructure using container technologies
In a modern IT infrastructure, it’s extremely hard to know what exactly is running on a server and monitoring those systems for anomalies or even attacks is often nearly impossible due to too much noise from standard tasks performed by the operating system or other applications.
If we think about virtualization, it has solved some of the problems we had in the past regarding efficiency, availability and manageability of our infrastructures but the problems mentioned before are still untouched. During the last few years, Docker made quite an impression especially within DevOps driven organizations. Docker or older projects like LXC allow you to containerize applications and services so they become isolated from the rest of the system.
So, what will this presentation be about? You’ll simply learn how containers can be used to make the life of an attacker feel like hell. Expect live demos!
The Power of Cloud IGA PowerUP your journey to the Cloud
As companies use more and more cloud services, and with the massive adoption of BYOD strategies the corporate security perimeter has expanded to include every employee, partner, and customer on multiple devices. These are the new network endpoints. The task of managing and governing these identities and access to resources has grown exponentially and it has become more important than ever to manage identities and account for your cloud applications as well as your on-premise applications. Using various case study’s, Tim will explain how identity and access governance will play a critical role in successful and secure adoption of cloud services and the management of this continually expanding security perimeter.
HSM in the Cloud — Threats and Opportunities
Cloud services are a blast. All servers have the same configuration and all your data is available, wherever you are, whenever. However, the drawback is that these services are operated by a third party that must be trusted. It is also a security and safety problem.
These issues are exacerbated when using hardware security module (HSM) in the cloud to store all encryption keys and to perform encryption functions as well as authentication and signing operations on it. Compared to an on-premise HSM, access latency will go up and the control over the device and security officer roles might have to be given up. Also, performance is impacted due to network and service provider availability.
However, there are great advantages choosing an HSM in the cloud from the right, trusted provider. Foremost, the HSM is already setup, ideally multi-site, geo-redundant to provide fail-safe access as well as multiple backups. Besides a quick start to get operation going it will also result in reduced setup and operating cost. Moreover, the IT team has not to travel to the datacenters, but, using the right provider, can perform security officer functions using two factor authentication from their offices.
In this presentation we will discuss the threats and opportunities of such an approach and demonstrate it on an explicit example.
Secure Enterprise Software Delivery in the Age of Platform-as-a-Service
How does Swisscom integrates PaaS on the basis of Cloud Foundry for Container based Cloud Native and Microservices Architectures in a secure way. In this session we will look at different strategies how Swisscom uses Cloud Foundry to power a big SaaS, their Cloud Native PaaS, as well the Swisscom internal Application Cloud used to develop and delivery most of its new and modern digital solutions.
At Swisscom we use an agile delivery process we call BizDevOps. Based on this process we will walk through different steps we take to develop, test and deliver Cloud Native Applications into the Swisscom Cloud (PaaS) and run them in a secure way. We will start by shortly look at our Secure Software Development Lifecycle and go through the different challenges we face to bring new software into the cloud, based on the three scenarios of a large Microservice, of using the internal Application Cloud for small Applications that need to live in more classic zone concepts, as well how we provide large, dedicated Virtual Private PaaS for demanding customers.
Finally we will look at what’s on the Roadmap of Cloud Foundry in the areas of Container to Container Networking, Volume Services and TCP Routing. If the time allows, we will also shortly touch the questions of hybrid scenarios between the Swisscom Cloud and other large cloud providers.
The State of Security: Securing today´s elastic IT assets
With increasing threats and a constantly changing IT landscape, it’s more challenging than ever to keep up with identifying vulnerabilities and, more importantly, fix them. As organizations embrace public cloud, mobile and DevOps, the fundamental concept of an asset changes, and radically impacts how security teams performs their jobs and interacts with the rest of the organization.
This presentation will give you an overview of fresh vulnerability management approaches that give the visibility and insight to protect what matters most.
Cloud and SDN concepts will raise the flexibility of modern networks extremely… but will also result in “lost of control”!
Thus general policy orchestration tools get more and more important for companies to keep compliance and auditability. In our network world of raising flexibility and dynamic concepts like Cloud and SDN/SDDC are growing. If the business needs more resources or a restructure of existing resources – very interesting and helpful concepts. Regarding security, compliance and auditability these concepts are a huge problem. Can companies stay compliant and auditable within such heterogeneous traditional physical and dynamic virtual networks? Is it still possible to use one central compliance and security policy for the whole heterogeneous company network without tons of (not available) rare security experts review permanently the compliance of these general policy?
During this presentation you can see, how central policy orchestration tools will help you to fulfill compliance requirements, disburden your rare security experts and get a central overview of the important connectivity rulesets within your company network.
To develop Deltalis as the reference site for the most secure Datacenters is his commitment, customer focus and satisfaction, driven by continuous improvement is his dedication.
From Military Bunker to Weapons Grade Datacentre – a customer success story
Deep in a Swiss mountain could be considered a Hostile environment to have a datacentre. Not so for DELTALIS, the MSP who bring a weapons grade security and optimisation of their operation. In this presentation you will hear what were the challenges and the goals to reach, and learn more about the way to get there.
SecDevOps – securing DevOps
While Developers and Operators have learned to collaborate in DevOps, both application and infrastructure security have struggled to be kept in the loop. In this talk I’ll shed some light on keeping the DevOps infrastructure (Continuous Integration/Delivery, Configuration Managment, Containers/Docker) safe and applying deployment automation to security infrastructure like web application firewalls, identity and access management, audit logging and network segmentation.
I will show examples from customer projects at VSHN.ch and use mostly open-source tools. After the talk you will be able to argue why you need automated tools and know what to look out for when deploying them.
Side-Channel Attacks in the Cloud
Side-channel attacks are known to be a concern in implementations of cryptographic systems since decades.
Through the adoption of cloud technologies, side-channels in cloud environments have become an area of increasing concern. Thanks to the nature of cloud technologies where resources are shared and consolidated across users and organizations the attack surface is broad and thus many side-channels exist.
This talk will give an overview of side-channel attacks in the cloud. We will look at different side-channels and their attack vectors. The goal is to get a better understanding of the side-channel threat and what that means for users and organizations relying on cloud services.