feeding my own misguided insanity

Notes from the Cloud Security Alliance (CSA) Congress EMEA 2015

Last week I was in Berlin attending the Cloud Security Alliance (CSA) Congress EMEA 2015, where I had the opportunity to meet some very interesting security specialists in visualization, cloud, telecom and networking sectors.

My full notes are a bit too long for the post but you are welcome to download the CSA Congress EMEA Notes in PDF format.

Memorable quotes:

  • “If you put software on a donkey, you can hack the donkey
  • “Attesting to software security is the same as attesting that you won’t die in the next five years”
  • Secure by Design” – This statement is designed to silence people who want real answers. Vendors don’t want you to know that they have no bulletproof solution to the security problem.
  • DDoS attacks are on the rise and are now starting to be seen as a smokescreen for the “real” or “secondary” attack and ultimate exfiltration of data.
  • Can’t tell difference between APT (advanced persistent threat) i.e., Government or State vs an individual hacker – they all use the same tactics –
  • Time from Theft of data to Monetization is very short — days, rather than months
  • People matter during response to a threat. You can automate most of the things about security, but not during the response phase — you can’t outsource decision making, how to respond, or what you should do next. During security response there is a change in who is in charge – from technology to –> people.
  • Software Defined Perimeter and Single Packet Authorization – aims to be able to withstand at least 1 TB traffic and significantly blacken the server (server does not respond at all – zero scanning footprint)
  • IPfication of devices – “the most profound technologies are those that disappear” – zero-gateway architecture
Fraunhofer FOKUS

It was a real treat rubbing shoulders with researchers in a place responsible for many breakthroughs over the years — Fraunhofer FOKUS

Topics Covered

  • CSA Working Group and Research Workshops (at Fraunhofer FOKUS)
  • Among the topics which were presented:
    • Cloud Computing Security Innovation
    • Cloud Service Level Agreement
    • Risk Management
    • Cloud and Critical Sectors
    • Compliance and Certification
    • New Privacy Regulation
    • Internet of Things Security
    • Mobile and Social Network Security
    • Security Operation and SIEM in the Cloud
    • Forensics and Law Enforcement Access to Data
    • Quantum Safe Cryptography and;
    • Software Defined Perimeter

Download the notes: CSA-Congress-EMEA-2015-Notes.pdf

GD Star Rating
a WordPress rating system
Notes from the Cloud Security Alliance (CSA) Congress EMEA 2015, 10.0 out of 10 based on 2 ratings

, , , , , , , , Europe, Security

Leave a Reply