Cloud and Data Protection – what you need to know

Target Audience	Information Security Professionals CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security From Consultancies and Resellers/Integrators are only technical peoples allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.
CPE Credits	Earn 4.25 CPE (Continuing Professional Education) for attending a SIGS Afterwork Event. Please request a confirmation.
Location	Hilton Zurich Airport Hotel Hohenbuehlstrasse 10 8152 Opfikon-Glattbrugg (there are a lot of free park spaces available)
Date of Event	3rd of February 2016
Language	German (if English-speaking persons attend, whole event in English)
Schedule	see agenda below
Participation Costs	Fr. 55.— per participants Drinks are taken by the sponsors!

Agenda

14:00 – 14:30	Registration & Coffee
14:30 – 14:35	Welcome & Introduction by the moderator
14:35 – 15:05	Martin Leuthold, Chief Information Security Officer at OC Oerlikon Data Compliance – Relevant Factor for the Cloud Service Business Case Main topics of the presentation: Definition of data compliance – scope on legal and regulatory compliance and not on standards compliance General critical data categories and Industry-specific critical data categories – scope on personal data and export controlled data Data compliance requirements for cloud services Data compliance complexity for different types of cloud services Data compliance aspects to be considered in the cloud services business case Expectations towards cloud services provider & lessons learned
15:05 – 15:35	lic. iur. Alexander Hofmann, Senior Technology Counsel at Credit Suisse AG Financial Institutions – Ready for the Cloud? No doubt, cloud computing can offer substantial benefits to corporate customers, also to financial institutions. However, financial institutions have generally proved slow to adopt cloud computing. Why so? Financial market regulators worldwide seek to force financial institutions to maintain full control and responsibility over their business operations, also if outsourced, or “processed in clouds”. While there are no “blanket bans” or similarly broad prohibitions or restrictions that should prevent financial institutions from adopting (and, therefore, benefiting from) cloud computing, financial market regulators have a key role to play in banks decision to enter into cloud computing engagements, or not. What are these regulators’ main concerns? And how can cloud service providers assist financial institutions to address those concerns? Key topics where financial institutions need to rely on the cloud service providers to meet regulators’ expectations will be discussed, including security, limits on data use, responsibilities for subcontractors, data locations, rights to audit, and exit provisions. In order to gain financial institutions as customers, cloud services providers are encouraged to develop an appropriate understanding of financial market regulations. An understanding that will prove useful latest when engaged in contract negotiations with financial institutions.
15:35 – 16:05	René Räber, Distinguished Engineer at Cisco Secure Infrastructure Concepts for the Policy based Datacenter The policy based data center lets users control their data center resources with an application centric software approach instead of hardware only. It does so by moving organizations from physical storage, networking, and compute to a programmatically accessible infrastructure that offers the flexibility and efficiency to tailor infrastructures to suit specific needs and applications. However, separating the infrastructure from the service configuration to create a flexible and agile environment also needs to address new security and compliance requirements. The policy model is a strategic, application oriented approach, how the deployment of the network service is separated from the configuration of the network infrastructure. Additional security concepts enable unified security policy lifecycle management with the capability to enforce policies anywhere in the data center across physical and virtual workloads. This offers complete automation of Layer 4 through 7 security policies and supports a defense-in-depth strategy while enabling deep visibility, automated policy compliance, and accelerated threat detection and mitigation. This session explains all the building blocks of a typical cloud infrastructure and how security plays in to align with new governance and compliance models.
16:05 – 16:30	Break
16:30 – 17:00	Nigel Howthorn, Skyhigh Networks (presentation in English) Shadow Cloud Control and Approved Cloud Enablement Your users are using many more cloud services than you think; the average enterprise is using over 900. Many of these are risking your data, breaking regulations and do not conform to data regulations. Skyhigh Networks shares its latest Cloud Adoption and Risk Report for Europe and shows how you can discover the cloud services in use, analyse your risks and enforce security. On the other hand, most organisations are now starting to embrace approved cloud services – see how you can do this securely while also saving money on unused cloud licenses, such as extending DLP controls to the cloud, encrypting traffic and monitoring approved cloud use.
17:00 – 17:30	Reto Haeni, Chief Security Officer Western Europe at Microsoft Questions and Answer if you entrust your Data to the Cloud When you entrust your data to a cloud, you will have questions. Who can access it? Where is it? What is the cloud provider doing to protect it? How can you verify that the provider is actually doing what they say? However, there are answers. Because it’s your data, you should decide who has access, and you should decide where it is located. This session highlights how Microsoft safeguards your data, what for security technologies are in place, what for cryptography is used and shows independently audited compliance. In addition, it also discusses how legal demands for customer data are handled and the security of the code is ensured. Learn more about how Microsoft provides a secure and private cloud and get a preview about future development.
17:30 – 18:00	Dr. jur. Christian Laux, Attorney-at-Law at LAUX LAYWERS AG Cloud Services – Where Things Become Serious and How to Solve a Perception Problem Anyone who transmits personal data into a cloud service for the first time knows that this is a critical moment. It is critical because the integration of a cloud service into an existing corporate IT structure is a complex outsourcing project that can potentially reveal one’s own weaknesses, lack of knowledge, and incompatibilities ¬– as well as those of the provider. Last but not least, it is also critical because the transmission of personal data to a third party (a contractor), sometimes even to another country, is a process that is usually subject to strict legal conditions and regulations. In other words: Any grave mistake made here can result in serious commercial and legal consequences as well as damaged reputations. We Are Making Things Difficult for Ourselves Understanding the complexity of current Swiss and European data protection laws and regulations is already difficult enough. In combination with the often small but nevertheless significant differences between various Switzerland and EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start. The Methodology of the Cloud Privacy Check This means there is need for immediate relief. The Cloud Privacy Check (CPC) is intended to provide that relief by employing three methodical approaches: 1. Simplification 2. Structuring 3. Separation I will show you an overview of general information on Data Protection, core rules of the Data Protection Law and Data Protection considerations in regards to Cloud Services. You will learn how the Cloud Privacy Check can help you to solve a perception problem.
18:00 – 18:30	Panel Discussion moderated
18:30 – open end	Apéro Riche & Networking The speakers will be onsite for Q&A

The Sponsor of this event is:

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here if you have a XING account. If you don’t have or don’t like to have a XING account, just send us an email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.