Last week I was in Berlin attending the Cloud Security Alliance (CSA) Congress EMEA 2015, where I had the opportunity to meet some very interesting security specialists in visualization, cloud, telecom and networking sectors.
My full notes are a bit too long for the post but you are welcome to download the CSA Congress EMEA Notes in PDF format.
- “If you put software on a donkey, you can hack the donkey
- “Attesting to software security is the same as attesting that you won’t die in the next five years
- “Secure by Design” — This statement is designed to silence people who want real answers. Vendors don’t want you to know that they have no bulletproof solution to the security problem.
- DDoS attacks are on the rise and are now starting to be seen as a smokescreen for the “real” or “secondary” attack and ultimate exfiltration of data.
- Can’t tell difference between APT (advanced persistent threat) i.e., Government or State vs an individual hacker — they all use the same tactics —
- Time from Theft of data to Monetization is very short — days, rather than months
- People matter during response to a threat. You can automate most of the things about security, but not during the response phase — you can’t outsource decision making, how to respond, or what you should do next. During security response there is a change in who is in charge — from technology to –> people.
- Software Defined Perimeter and Single Packet Authorization – aims to be able to withstand at least 1 TB traffic and significantly blacken the server (server does not respond at all — zero scanning footprint)
- IPfication of devices — “the most profound technologies are those that disappear” — zero-gateway architecture
It was a real treat rubbing shoulders with researchers in a place responsible for many breakthroughs over the years — Fraunhofer FOKUS
- CSA Working Group and Research Workshops (at Fraunhofer FOKUS)
- Among the topics which were presented:
- Cloud Computing Security Innovation
- Cloud Service Level Agreement
- Risk Management
- Cloud and Critical Sectors
- Compliance and Certification
- New Privacy Regulation
- Internet of Things Security
- Mobile and Social Network Security
- Security Operation and SIEM in the Cloud
- Forensics and Law Enforcement Access to Data
- Quantum Safe Cryptography and;
- Software Defined Perimeter
Download the notes: CSA-Congress-EMEA-2015-Notes.pdf