Cybersecurity@EMCworld 2013: Transforming the Trusted Cloud

In my earlier blogs on Transforming Security Analytics and Transforming Trust, I wrote about the strong focus we have on cybersecurity at this year’s EMCworld, previewing several of the sessions that will highlight security topics. In addition to those presentations, we’ll also once again have a Birds-of-a-Feather session, focused on Building your Trusted Cloud. It’ll provide a great chance for you to interact with experts from RSA and EMC and wrestle with the critical security issues for private, public and hybrid cloud deployments.

I’ll be moderating the BoF, drawing on the recent Cloud Security Alliance meeting at RSA Conference US in February, the review of OECD Security Guidelines in Paris in early April and my presentation at the Cloud Security Summit last week in Orlando to frame the most critical security questions that enterprises need to consider when establishing private clouds or engaging with cloud service providers. The presenters that I mentioned in earlier blogs (John McDonald, Jason Rader, Matthew Gardiner, Matthew Coles and Yael Villa, who will be presenting instead of Michal) will join me to explore these questions. We’ll be joined by other cybersecurity experts from RSA and EMC, including Davi Ottenheimer, Rob Sadowski and Ash Devata. And there will be lots of opportunity for folks in the audience to pose questions, respond to points made by the panelists and introduce issues that are top-of-mind for them.

You never know where the conversation will go in a BoF! But I’m expecting that we’ll focus on four major topics. The first is the threat landscape for the cloud, especially for the public cloud. What threats do you need to need to consider when thinking about cloud deployments? How do you assess the risk implied by those threats? What do you do about mitigating, transferring or insuring against those risks?

The second topic is security capabilities in and for the cloud. We’ll explore questions such as what should you expect from a cloud service provider in terms of controls and visibility? Where are we in terms of embedded security in cloud infrastructure and where are the big gaps?  We’ll then turn to the third topic: best practices when you entrust data and/or workloads to the cloud. How do you decide what data you can entrust to the cloud? What can you do to enhance the security of mobile devices accessing apps in the cloud, such as in terms of multi-factor authentication?  Finally, we’ll look at the security issues in managing the relationship with the cloud service provider. How do you decide what level of trust you can realistically have with a CSP? What kind of visibility can you have, really, into their infrastructure?

Please join us for this great BoF! And I hope you’ll follow my blogs and tweets @robtwesgriffin throughout EMCworld.