Cloud and Data Protection – what you need to know
|Target Audience||Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security
From Consultancies and Resellers/Integrators are only technical peoples allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.
|CPE Credits||Earn 4.25 CPE (Continuing Professional Education) for attending a SIGS Afterwork Event. Please request a confirmation.|
|Location||Hilton Zurich Airport Hotel
(there are a lot of free park spaces available)
|Date of Event||3rd of February 2016|
|Language||German (if English-speaking persons attend, whole event in English)|
|Schedule||see agenda below|
|Participation Costs||Fr. 55.— per participants
Drinks are taken by the sponsors!
|14:00 – 14:30||Registration & Coffee|
|14:30 – 14:35||Welcome & Introduction by the moderator|
|14:35 – 15:05||Martin Leuthold, Chief Information Security Officer at OC Oerlikon
Data Compliance – Relevant Factor for the Cloud Service Business Case
|15:05 – 15:35||lic. iur. Alexander Hofmann, Senior Technology Counsel at Credit Suisse AG
Financial Institutions – Ready for the Cloud?
Financial market regulators worldwide seek to force financial institutions to maintain full control and responsibility over their business operations, also if outsourced, or “processed in clouds”.
While there are no “blanket bans” or similarly broad prohibitions or restrictions that should prevent financial institutions from adopting (and, therefore, benefiting from) cloud computing, financial market regulators have a key role to play in banks decision to enter into cloud computing engagements, or not. What are these regulators’ main concerns? And how can cloud service providers assist financial institutions to address those concerns? Key topics where financial institutions need to rely on the cloud service providers to meet regulators’ expectations will be discussed, including security, limits on data use, responsibilities for subcontractors, data locations, rights to audit, and exit provisions. In order to gain financial institutions as customers, cloud services providers are encouraged to develop an appropriate understanding of financial market regulations. An understanding that will prove useful latest when engaged in contract negotiations with financial institutions.
|15:35 – 16:05||René Räber, Distinguished Engineer at Cisco
Secure Infrastructure Concepts for the Policy based Datacenter
The policy based data center lets users control their data center resources with an application centric software approach instead of hardware only. It does so by moving organizations from physical storage, networking, and compute to a programmatically accessible infrastructure that offers the flexibility and efficiency to tailor infrastructures to suit specific needs and applications. However, separating the infrastructure from the service configuration to create a flexible and agile environment also needs to address new security and compliance requirements.
The policy model is a strategic, application oriented approach, how the deployment of the network service is separated from the configuration of the network infrastructure. Additional security concepts enable unified security policy lifecycle management with the capability to enforce policies anywhere in the data center across physical and virtual workloads. This offers complete automation of Layer 4 through 7 security policies and supports a defense-in-depth strategy while enabling deep visibility, automated policy compliance, and accelerated threat detection and mitigation.
This session explains all the building blocks of a typical cloud infrastructure and how security plays in to align with new governance and compliance models.
|16:05 – 16:30||Break|
|16:30 – 17:00||
Nigel Howthorn, Skyhigh Networks (presentation in English)
Shadow Cloud Control and Approved Cloud Enablement
On the other hand, most organisations are now starting to embrace approved cloud services – see how you can do this securely while also saving money on unused cloud licenses, such as extending DLP controls to the cloud, encrypting traffic and monitoring approved cloud use.
|17:00 – 17:30||Reto Haeni, Chief Security Officer Western Europe at Microsoft
Questions and Answer if you entrust your Data to the Cloud
When you entrust your data to a cloud, you will have questions. Who can access it? Where is it? What is the cloud provider doing to protect it? How can you verify that the provider is actually doing what they say?
However, there are answers. Because it’s your data, you should decide who has access, and you should decide where it is located. This session highlights how Microsoft safeguards your data, what for security technologies are in place, what for cryptography is used and shows independently audited compliance. In addition, it also discusses how legal demands for customer data are handled and the security of the code is ensured.
Learn more about how Microsoft provides a secure and private cloud and get a preview about future development.
|17:30 – 18:00||Dr. jur. Christian Laux, Attorney-at-Law at LAUX LAYWERS AG
Cloud Services – Where Things Become Serious and How to Solve a Perception Problem
Anyone who transmits personal data into a cloud service for the first time knows that this is a critical moment. It is critical because the integration of a cloud service into an existing corporate IT structure is a complex outsourcing project that can potentially reveal one’s own weaknesses, lack of knowledge, and incompatibilities ¬– as well as those of the provider. Last but not least, it is also critical because the transmission of personal data to a third party (a contractor), sometimes even to another country, is a process that is usually subject to strict legal conditions and regulations. In other words: Any grave mistake made here can result in serious commercial and legal consequences as well as damaged reputations.
We Are Making Things Difficult for Ourselves
The Methodology of the Cloud Privacy Check
I will show you an overview of general information on Data Protection, core rules of the Data Protection Law and Data Protection considerations in regards to Cloud Services. You will learn how the Cloud Privacy Check can help you to solve a perception problem.
|18:00 – 18:30||Panel Discussion moderated||18:30 – open end||Apéro Riche & Networking
The speakers will be onsite for Q&A
The Sponsor of this event is:
This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.
With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.