Cloud Security Alliance Annual EMEA Congress Discussions

Cloud Security Alliance Annual EMEA Congress Discussions

Cloud Security Alliance Annual EMEA Congress Discussions

It was as cloudy as Edinburgh could be in the autumn, when the “Cloud Security Alliance Annual EMEA Congress” featuring about 300 Cloud Computing stake-holders, gathered for the event that was held during the last week of September, produced By MISTI Europe.csa-sm

The variety of organizations participating demonstrated the array of topics relevant to Cloud Computing adoption. Standards institutions – alongside government bodies, cloud providers and software vendors – demonstrated the challenges facing Cloud Computing. The considerable number of non-EU presenters further demonstrated the globalization process this technology is going through these days, as well as the EU’s role in its advancement.

The Congress’s topics could generally be divided into three major categories: government access to data (inspired by PRISM); the cloud providers’ lack of transparency; and the technological challenges facing Cloud Computing adoption.

The congress began with an excellent keynote presentation from Mikko Hypponen, Chief Research Officer for F-Secure. Circling the stage, Mr. Hypponen listed the new cyber threats facing the world, and predicted that will see be attacks on every device equipped with processor in order to use CPU time for Bitcoins mining, and that malware will start maliciously locking our cloud services for ransom.

Regarding government access to data, the F-Secure CRO mentioned how surprised he was to learn how far the NSA is willing to go in order to weaken the standards we all rely upon, and speculated that direct access to providers was not a result of providers cooperation, but rather due to massive hacking attempts by the NSA. The example given was the recent finding published by “Der Spiegel” about the British Intelligence services’ hacking the Belgian Telecom Company.

Another interesting lecture regarding governments’ access to data was given by Jon Callas, co-founder of PGP and Silent Circle. This top cryptographer reviewed the different sources for surveillance: the various nations’ surveillance levels such as anti-terror, crime prospecting, and economic espionage. Non-national surveillance includes that done by criminals; corporate espionage; and companies such as Google which utilize business models to collect customer data. Callas described the efforts Silent Circle is making in order to help customers avoid different kinds of surveillance, and described the process’s two pathways: technological tools such as encryption and ammonization, and procedures and policies that will define how to safely and confidentially guard the users.

In a later panel regarding PRISM, Mr. Callas revealed the story behind the difficult decision to close Silent Circle’s secure e-mail services, immediately after they had learned that another secure e-mail provider, Lavabit, was served with a federal warrant to reveal data. Current e-mail protocol is just too difficult to secure due to email headers and metadata information saved for each e-mail, he explained.

Government access to data is not the only thing preventing the required trust in Cloud Computing. Cloud provider transparency, or lack of it, is also a major obstacle. Microsoft, Google, HP, Amazon and Adobe all presented and shared their recent efforts to provide transparency to their operation, as well as ways to increase trust. Adriana Hall from Microsoft presented the latest survey regarding Cloud Computing adoption, revealing that although most customers expressed concerns regarding the security and privacy of their data in the cloud, a majority of the companies said that security had actually improved by moving to the cloud.  In her presentation, Ms. Hall exhibited the steps Microsoft is taking in order to increase trust – including complying with different regulations, and advertising their cloud products’ development and operations control to designated Trust centers.

Similar claims came from Adobe and Google, who were very keen to present the measures they are taking in order to protect data. David Lenoe, Director of Product Security at Adobe, described his goals as good architecture, solid code and security in operations. He elaborated on some of the steps Adobe is performing in order to achieve them:  SDLC adoption and security training incorporating the martial arts style, with different colored belts given to each level of security awareness. Eran Feigenbaum, Director of Security for Google apps, said that the question is not whether the data is protected in the cloud, but whether it is protected outside of it. He presented a survey demonstrating that 60% of corporate data is located on unprotected laptops. “Cloud providers are built differently“, he explained, “their software is built for resilience, and homogeneous environments make security more robust“.

In the race for transparency and trust, standardization is a cornerstone. The amount of time dedicated in the Congress for reviewing the topics of cloud standards demonstrates how much progress has been made on this subject in the last year. During the Congress, the Cloud Security Alliance announced the launch of its new STAR certificate for cloud providers. The certification, based on ISO27001, was developed along with BSI, and is the first independent and technology-neutral certification aimed at providing more transparency to the industry.

Certification and standards are also regarded by governments as important in promoting Cloud Computing. According to Tjabbe Bos from the cloud unit of the EU commission, the EU Cloud Computing strategy’s aim is to produce 3.8 million additional jobs, and to add 950 Billion EURO to the GDP by 2020.  The way to implement the strategy, Mr. Bos added, is through three key actions:  building safe and fair contracts; establishing EU partnerships among all cloud stakeholders; and cutting through the chaos of conflicting standards and regulations.  Later on, the ENISA head of secure infrastructure and services explained how ENISA is helping the EU to achieve its cloud strategy, by formalizing standards and certification, and establishing international and national corporations. “In the Japanese tsunami disaster, the only emergency services that were able to continue operating were the cloud-based ones“, Dr. Ouzounis revealed, “and therefore we treat it as critical infrastructure and our future digital life backbone“.

From the technological point of view, the challenges that occupied the crowd were similar to last year, and included new format and use cases for encryptions, challenges for authentication and identity management, API security, and mobile and big data.

encryption

The encryption solutions presented by companies such as Brainloop and Seclore were file level encryption (IRM) tools and services aiming at providing control, access list and audit throughout the document life cycle, and sharing. IRM and file level encryption technology has been around for some time, but failed to move forward at the enterprise level. Perhaps in the cloud era this technology will succeed, due to sharing and the flexible nature of cloud services. Other identity and authentication solutions were presented by PerfectCloud and Nok Nok labs, which presented the FIDO alliance solution for Internet authentication.

It was also agreed – in a panel about the future of Cloud Computing security trends – that API security will be a central component of the security architecture. “In a world of mobile and the Internet of things, everything is API based“, said Mark O’Neill, VP of Innovation at Axway, who demonstrated in his presentation the technology of the API gateway and how they can assist organizations in future API driven attacks.

An interesting and unique new technology was presented by SkyHigh security. According to Gartner, by 2015 35% of an organization’s IT spending will not be made by the IT department (called Shadow IT), mainly due to the ease of use and ease of purchase of Cloud Computing services. This information encapsulates a great threat to the status of the CIO. SkyHigh enables the IT department to track and analyze the different cloud services used by the organization – formally and informally – and understand the potential risk associated with those services. An example of the importance of discovering and managing such services was given by Michael Mattmiller from Microsoft, who shared a story about hospital personnel using a cloud knowledge sharing service to increase productivity among them. However, when the CIO found out and examined the data uploaded to the cloud and the provider service agreement, the hospital had to report a security breach to the authorities, and suffer the consequences.

In conclusion, when comparing the 2013 Congress to the previous one last year, the feeling is that cloud services have matured considerably, although there were some minor disruptions such as PRISM. While last year the debate revolved around the advantages and reasons to move to the cloud, this year the discussions were about when and how. A great contribution was made to this process by the governments and the different standardization institutes – which understood their role in the cloud adoption process; by the providers, who generally try to listen to customers and adopt more transparent offering; and by the Cloud Security Alliance, which exhibited a quick understanding of the different crossroads ahead and invested in the right tools for enabling safer cloud adoption.

moshe-ferberBy Moshe Ferber,

Moshe is an security entrepreneur and investor. With over 20 years’ experience in information security at various industry positions.  Currently focused on Cloud Computing as board member for Cloud  alliance Israeli Chapter, public speaker on various cloud aspects and investor at Clarisite and FortyCloud – Startup companies with innovative security solutions. More information can be found at: www.onlinecloudsec.com
Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

What is the 12/12 Program?

This program is designed to better handle the thousands of requests we receive from people looking to submit articles. The 12/12 program is the commitment of 12 articles delivered over a 12-month period.  

Wait! What if I just want to submit one article?

Our popular pay as you go sponsorship program provides the flexibility to submit as you wish and is designed for all budgets.

Contributors

Ten Tips For Successful Business Intelligence Implementation

Ten Tips For Successful Business Intelligence Implementation

Ten Tips for Successful Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, and maintaining your BI investment can snowball quickly and mistakes are often expensive. Your time is valuable – save it by learning from other businesses’ experiences. We’ve compiled the top ten

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into

What Ever Happened To Google Glass?

What Ever Happened To Google Glass?

What Ever Happened to Google Glass? It was supposed to be the next big thing in tech so where did it go? Last year you could not go anywhere without hearing about some insane new use for the product and now it seems to have vanished in a plume of smoke. A Lackluster Rollout Back

Posted on by

Big Data

To Have and Have Not: Big Data Initiatives In Developing Countries

To Have and Have Not: Big Data Initiatives In Developing Countries

Big Data Initiatives In Developing Countries The poor of the developing countries are becoming increasingly connected, to the point where they too are part of the Big Data revolution that’s happening across the globe. It didn’t come with laptops, though, as some supposed it would. Whereas it costs a fortune to connect broadband to a

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data in Your Garden Big Data and IoT initiatives are springing up all across the globe, making cities, protesters–and just about everything else–smarter. However, thus far there’s been little attention paid to the interactions between these bizarre technologies and living things other than humans. Biology, that is, human biology is one field where Big

Who Holds the Key to the City: Big Data and City Management

Who Holds the Key to the City: Big Data and City Management

Big Data and City Management Cities like New York, Madrid, and especially Rio de Janeiro are augmented with Big Data-powered initiatives that range from combating crime with predictive analytics (New York & Madrid) to providing real-time data for improved management. Although Big Data is no panacea and is mainly used in conjunction with a greater

Internet of Things

Where’s the Capital of the Internet of Things?

Where’s the Capital of the Internet of Things?

Where’s the Capital? We all know the capitals of fashion are London, New York and Paris, while the capital of film is Hollywood (or Bollywood!) – but what’s the new capital of the internet? Specifically, the internet of things? The answer – according to new research by Ozy – might surprise you. It’s not Tokyo, Seoul,

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities And Big Data As Anthony Townsend argues in his SMART CITIES, even though the communications industry has changed beyond recognition since its inception, the way we consume power has remained stubbornly anachronistic. The rules of physics are, of course, partially to blame, for making grid networks harder to decentralize, as opposed to communication

Aggregated News

Popular News Sources

Q&A: Intel’s Take on Chinese Startups, Innovation

Q&A: Intel’s Take on Chinese Startups, Innovation

Intel’s venture-capital arm on Tuesday said it would be investing $28 million in five Chinese startups that work on new technologies ranging from wearable devices to iris detection. It is Intel Capital’s first infusion from a $100 million China fund launched in April … Read the source article at WSJ Blogs About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized

Smart glasses: Prototypes ‘look to rival Google Glass’

Smart glasses: Prototypes ‘look to rival Google Glass’

With an increasing number of firms looking to enter the wearable technology market, smart glasses were in abundance at this year’s Ceatec electronics show in Japan. New designs featured fitness trackers and technology that could act as a speedometer … Read the source article at BBC – Homepage About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as

Microsoft to enter the STRUGGLE of the Human Wrist

Microsoft to enter the STRUGGLE of the Human Wrist

It’s not just a thumb war, it’s total digit war The battle for the future of the human wrist entered a new phase on Monday after it was claimed that tech goliath Microsoft is planning to release its own wearable computer in the coming weeks.…Read the source article at The Register About Latest Posts Follow