Classification and label-centric security approach in Office 365…
… and more best practice about Cloud


Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical peoples allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4.25 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 27th of September 2017
Language English, if non-German speaking people will attend, otherwise German
Schedule see agenda below
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and aperitif included


2:00 – 2:30 Registration & Coffee
2:30 – 2:30 Welcome & Introduction by the moderator
2:30 – 3:00 René Eberhard, CEO bei keyon AG

Classification and label-centric security approach in O365 – understanding the big picture
Organizations no longer operate solely within their premises. Cloud and mobility become more and more important. Data is transmitted between organizations, users, devices, and applications, regardless of their location. The challenge is to identify sensitive information and to apply the right level of control in order to maintain security and privacy of such information. Today’s security approach is to control data on premises and/or on a device. The classification and label-centric security approach applies security directly to the data itself, so that it’s always protected and identifiable, regardless of the location, device, application, or any additional security measures.

The goal of the presentation is to highlight the big picture of the classification- and label-centric security approach from an organizational view and how it can be implemented in an organization, especially in O365 and other applications.

3:00 – 3:30 Daniel von Büren, Technology Solution Specialist bei Microsoft

Identities – the new security perimeter
A lot of organizations still mainly invest in network security to protect their business data. However, the security landscape has changed and companies have to handle new challenges today. We strongly belief in a “Assume Breach” approach, where IT assumes that a hacker was already able to breach the security boundaries and accessing data. To manage these kind of scenarios IT needs new security tools which are able to identifies attackers in the network based on advanced detection methods.

The goal of this presentation is to give you a better understanding about the todays challenges and what kind of solutions are available for IT. We would like to give you a clear picture how you could implement such solutions in your organization.

3:30 – 4:00 Pius Graf, Sales Director Gemalto Switzerland

Enabling Compliance on Microsoft Azure
Businesses are increasingly turning to elastic cloud services like Microsoft Azure to run business-critical applications, but security and compliance remain top concerns. We will show you a possible solution how you can solves this challenge by delivering a simple and easy way to protect even the most sensitive and highly-regulated data on Microsoft Azure. By encrypting entire virtual machine instances and attached storage volumes, learn how “Microsoft Azure customers” are allowed to separate and simplify security administration duties, enforce granular controls and establish clear accountability with audit trails and detailed compliance reporting.

A New Breed of Authentication Platform
More and more cloud-based services are becoming an integral part of the enterprise, as they lower costs and management overhead while increasing flexibility. Cloud-based authentication services are no exception anymore, and can help organizations achieve significant savings through automation. An effective strong authentication service enables companies to pursue a consistent authentication policy across the organization by automating and simplifying the deployment and management of a distributed estate of tokens, while securing a broad spectrum of resources, whether on-premises, cloud-based, or virtualized.

4:00 – 4:30 Break
4:30 – 5:00 Erich Vogt, Technical Project Leader (Contract) at CKW AG

Classification – a holistic Approach
In an environment with a lot of different stakeholders and regulations, with a combination of state of the art and quite old (even outdated) technology, it is very important to open the focus, the use of different viewpoints on classification. Some of the viewpoints are: data (PI, availability, legal hold …), application, infrastructure (IoT), users.

The bandwidth of the stakeholders for CKW AG is quite special from private households, SMB, Enterprise and Government (up to critical infrastructure of Switzerland) local and abroad. From that point, the requirements to data protection are quite different and challenging.

In an actual project we had to deal with most of this points: an important application will be replaced with a new one — actual on premise, new on Microsoft Azure. You can profit in this talk about some lessons learned.

5:00 – 5:30 Paul Lanois, LL.M., PCIP, CCSK, CIPT, CIPM, CIPP, in-house legal counsel at a financial organization

Lessons from the trenches: Pitfalls to avoid when moving to the cloud
An increasing amount of organisations are moving – or considering to move – their assets to the cloud in order to take advantage of its many benefits: scalability, increased efficiency, etc. However, the cloud also offers an array of perils and pitfalls for the unwary or uninitiated. With the EU General Data Protection Regulation (GDPR) looming on the horizon, it is crucial to understand the unique legal risks and considerations presented by the cloud.

The goal of this presentation is to give you a better understanding of the challenges which may arise in relation to the cloud and what solutions are available.

5:30 – 6:00 Peter Heinemann, IT Forensic/IT Security Consultant at SySS GmbH

The Cloud – who owns your data?
Many businesses nowadays rely on the cloud for SaaS, FaaS, for backups or just as a data sharing platform. The traditional IT security has changed and new challenges apart from technical implementations arise.
Old challenges, however, are transferred to cloud providers and a feeling to be able to handle them results in the notion of being protected. On the other side, each month’s news report about hacks of cloud-based service providers blacken the positive image. It is therefore necessary that a rethinking of the current usage in the context of provided security and ownership of data happens.

This presentation addressed security weakness of cloud appliances and data stored in the cloud. Furthermore, dependencies between businesses and the cloud are highlighted and discussed.

6:00 – 6:30 Panel Discussion moderated
6:30 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A


The Sponsors of this event are:

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here if you have a XING account. If you don’t have or don’t like to have a XING account, just send us an email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.

Mobile Menu