The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure and highly functional cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
The CSA has had a significant positive impact on the state of cloud computing, helping the community advance both the security and functionality of new compute business models across multiple sectors of the economy. In the federal space, technology decision-makers have engaged as members since the organization was founded in 2008. The CSA gained significant visibility in 2011 when the White House selected the CSA summit as the venue for announcing the federal government's cloud computing strategy.
Cognitio has tracked and supported the CSA since the beginning. Our partner Bob Flores is one of many volunteers helping advance the state of security and functionality through collegial action there and a frequent speaker at CSA events.
The CSA's federal summit will be held 5 May at the Ronald Reagan Building at 300 Pennsylvania Ave in DC to continue to advance concepts in cloud computing in the federal space.
We hope to see you there. Register here.
The agenda is below:
Tuesday, May 5th - 9:00am to 5:00pm
Ronald Reagan Building 300 Pennsylvania Ave NW, Washington, DC 20004
Cloud computing is a fast growing segment of the Federal IT landscape and is destined to become our next data center. Cloud Security Alliance has put together a stellar program of thought leaders from government and the private sector to provide key insights into security compliance, architecture, technology and defending the latest threats.
The Cloud Security Alliance Federal Summit is a free for government event, comprised of information security professionals from civilian and defense agencies to share experiences and learn about the best practices for securing cloud computing and emerging security topics.
Take advantage of this rare opportunity to collaborate with peers, receive actionable best practices and learn about security trends at the CSA Federal Summit.
Partial List of Program Topics:
"CSA Software Defined Perimeter Initiative"
Presenting: Jim Reavis, CEO, Cloud Security Alliance
"Status of CSA and FedRAMP Collaboration Efforts"
Presenting: Matt Goodrich, FedRAMP Program Director
"NIST Cloud Security Overlay and CSA Enterprise Architecture"
Presenting: Dr. Michaela Iorga, Sr. Security Technical Lead for Cloud Computing, NIST
Panel Discussion: Cloud Implementation Lessons learned
|7:30AM – 8:00AM||Registration, Breakfast, Exhibits|
|8:00AM – 8:15AM||Welcome and Opening Remarks|
|8:15AM – 8:45AM||Opening Keynote: An Overview of the CSA Software Defined Perimeter (SDP) Initiative
Presenter: Jim Reavis, CEO, Cloud Security AllianceCSA's Software Defined Perimeter (SDP), a next generation security architecture for virtual private clouds, hardened SaaS, BYOD and Internet of Things, is explained. The SDP incorporates security standards from organizations such as the National Institute of Standards and Technology (NIST) as well as security concepts from organizations such as the U.S. Department of Defense (DoD) into an integrated framework. The Cloud Security Alliance (CSA) intends to create a public SDP standard that is freely available for use without license fees or restrictions.
|8:45AM – 9:30AM||The Cyber Threat: Lessons learned from history and ongoing operations
Presenter: Bob Gourley, Partner, Cognito GroupAbstract: This presentation by one of the pioneers in intelligence support to cyber security and author of the best selling book "The Cyber Threat" extracts real world lessons that should inform strategic, operational and tactical decisions in network defense.
|9:30AM – 10:00AM||Industry Insights: Beyond Shadow IT — Turning Concern into Opportunity
Speaker: Kaushik Narayan, Co-Founder & CTO, Skyhigh NetworksEven before Hilary Clinton became the new face of shadow IT, government agencies struggled with the challenges and risks from technology that employees bring into the workplace (i.e. Shadow IT). In this session, we’ll look at cloud usage in the public sector to surface some startling statistics about shadow IT in government, including the prevalence of insider threats and compromised accounts putting government data at risk. We’ll share specific projects that IT and security teams have completed to flip shadow IT from a concern to an opportunity and secure their data in the cloud.
|10:00AM – 10:30AM||Break|
|10:30AM – 11:15AM||Panel: "Managing Cloud Security: Considerations and Best Practices"
Moderator: Bill Corrington, Federal Director, Cloud Security Alliance
|11:15AM – 12:00AM||"Not all Clouds are equal — Can you Tell the Difference? Security and Privacy Controls for Federal Cloud Based Information Systems"
Presenting: Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing, NISTSecurity and privacy controls in a cloud ecosystem are unknowns of a complex risk assessment equation difficult to resolve for cloud consumers that do not have sufficient visibility into the cloud offerings. NIST introduces a cloud-based risk management process and develops in-scope implementation and assessment guidance for the security and privacy controls applicable to cloud-based information systems. The proposed approach also provides cloud consumers and cloud assessors with means of comparing services offered by different cloud providers.
|12:00PM – 1:00PM||Lunch|
|1:00PM – 1:30PM||Industry Insights: Compliance is More than a “Documentation effort”
Speaker: Mike Mellor, Director of Information Security for Digital Marketing, AdobeTo be a world-class cloud services company not only requires being agile and innovative but also living up to the trust our customers put into the service. Major frameworks like FedRAMP and others often invoke fear that everyone is in for a grueling documentation and legal exercise that just slows everything down. However, we have found that in the cloud services world it is possible approach compliance as a possible competitive differentiator — and something that is of immense benefit to the business in terms of process, efficiency, and instilling a deeper culture of security.
This session will discuss the approach Adobe took to FedRAMP and our learnings from that, including the Adobe Common Controls Framework (CCF) — our approach to meeting the compliance challenge in a cloud services world that builds upon existing efforts like the CSA Cloud Controls Matrix. We hope at the end of this session you will have the tools you need to use compliance as a tool to gain your own competitive advantage.
|1:30PM – 2:15PM||Panel Discussion — Cloud Implementation Lessons Learned
Moderator: Elad Yoran, CEO, Security Growth Partners (SGP) | Chairman, KoolSpan
|2:15PM – 2:45PM||Break|
|2:45PM – 3:30PM||Update on the FedRAMP 2-year Roadmap and Mapping to industry Standards
Presenting: Matt Goodrich, FedRAMP Program Director, GSA
|3:30PM – 4:00PM||Industry Insights: Evolving Security in the Federal Cloud - Lessons Learned fromPrivate Sector DevSecOps
Presenting: Tim Prendergast, CEO and Co-Founder, Evident.IOAs public sector adoption of cloud reaches new highs, there are organizational and practical adjustments necessary to maximize new technology capabilities. Removing the barriers left by legacy security and operations solutions is now necessary for public sector organizations to keep pace with the rapidly evolving infrastructure powering today's innovative products and services. As evidenced by the rise of DevOps in the private sector — while things are moving faster than ever before, organizations must now also develop the skills and organizational knowledge and experience to cope with the diversity of today's infrastructure and security challenges. This session will plant the seed to help you start growing an agile, cloud-centric DevSecOps practice to drive your organization forward successfully in an ever-evolving threat landscape.
|4:00PM – 4:45PM||Closing Keynote: The Business of Cloud
Presenting: Keith Trippie, The Trippie GroupCloud is transforming businesses on a global level and the number of new cloud offerings and companies are growing annually. The reason for this growth is less about the technology and more about the economics of cloud. Time to market for new services, reducing capital expenditures and providing transparent operational expenses are just a few of the business reasons why commercial entities are adopting this new deployment model. This discussion and Q and A will include observations and lessons learned from a former SES who led the Cloud practice for the Department of Homeland Security as well has his experiences leveraging cloud in the commercial sector to build applications, including mobile.
Latest posts by Bob Gourley (see all)
- Chances to Speak at O’Reilly Media’s Upcoming Conferences - March 24, 2017
- Cybersecurity Due Diligence: Now a best practice in Merger & Acquisition (M&A) - March 14, 2017
- Leveraging The FFIEC Cybersecurity Assessment Tool (CAT) To Improve Corporate Culture and Raise Security Posture - March 11, 2017