Notes from the Cloud Security Alliance (CSA) Congress EMEA 2015

Last week I was in Berlin attending the Cloud Security Alliance (CSA) Congress EMEA 2015, where I had the opportunity to meet some very interesting security specialists in visualization, cloud, telecom and networking sectors.

My full notes are a bit too long for the post but you are welcome to download the CSA Congress EMEA Notes in PDF format.

Memorable quotes:

• “If you put software on a donkey, you can hack the donkey”
• “Attesting to software security is the same as attesting that you won’t die in the next five years”
• “Secure by Design” — This statement is designed to silence people who want real answers. Vendors don’t want you to know that they have no bulletproof solution to the security problem.
• DDoS attacks are on the rise and are now starting to be seen as a smokescreen for the “real” or “secondary” attack and ultimate exfiltration of data.
• Can’t tell difference between APT (advanced persistent threat) i.e., Government or State vs an individual hacker — they all use the same tactics —
• Time from Theft of data to Monetization is very short — days, rather than months
• People matter during response to a threat. You can automate most of the things about security, but not during the response phase — you can’t outsource decision making, how to respond, or what you should do next. During security response there is a change in who is in charge — from technology to –> people.
• Software Defined Perimeter and Single Packet Authorization – aims to be able to withstand at least 1 TB traffic and significantly blacken the server (server does not respond at all — zero scanning footprint)
• IPfication of devices — “the most profound technologies are those that disappear” — zero-gateway architecture

It was a real treat rubbing shoulders with researchers in a place responsible for many breakthroughs over the years — Fraunhofer FOKUS

Topics Covered

• CSA Working Group and Research Workshops (at Fraunhofer FOKUS)
• Among the topics which were presented:
  • Cloud Computing Security Innovation
  • Cloud Service Level Agreement
  • Risk Management
  • Cloud and Critical Sectors
  • Compliance and Certification
  • New Privacy Regulation
  • Internet of Things Security
  • Mobile and Social Network Security
  • Security Operation and SIEM in the Cloud
  • Forensics and Law Enforcement Access to Data
  • Quantum Safe Cryptography and;
  • Software Defined Perimeter

Download the notes: CSA-Congress-EMEA-2015-Notes.pdf

APT, Cloud, Cloud Security Alliance, CSA, DDoS, Hack, Security, Software Defined Perimeter, Virtualization Europe, Security