Understanding Cloud Security: Finding the Boundaries

Neira Jones, Head of Payment Security, Barclaycard
With more than 20 years Financial Services experience, I have successfully directed many large change programmes, & been instrumental in the launch of new products/ services (e.g. Mortgages, Debit and Credit Cards, Investments, General Insurance, Business Banking) as well as managing Process Reengineering consultancy teams.
Currently Head of Payment Security at Barclaycard, I am responsible for security compliance of circa 100,000 customers and their third parties. Our sustained dedication resulted in my team scooping up two awards at the Feb. 2012 Merchant Payments Ecosystem conference (MPE, formerly ECAF) for "Data Security" & "Merchants". In April 2011, my team won the Information Security Team of the Year award from SC Magazine & I was inducted to the Infosecurity Europe Hall of Fame. Other awards include the 2010 European Card Acquiring Forum (ECAF) award for Data Security (PCI DSS) and in October 2010, I was voted number 4 of the top 10 most influential people in infosec in the UK by SC Magazine and ISC2. In addition, I have been on the PCI Security Standards Council Board of Advisors since 2009.

Past achievements included:
•Managed the programme to launch of streamlined straight through Mortgage Process Platform for Abbey for Intermediaries. Achieved in 10 months.
•Managed the programme to centralise Mortgage Underwriting from a network of 700 branches to one centralised area. Achieved in 9 months.
•Managed the programme to support the insourcing of the Abbey credit card from MBNA and implementation of the new Santander platform. Also managed the migration of the existing debit card to the new Santander platform.
•Other programmes in my portfolio included all people/ process & technology aspects of the following: Investments, Business Banking, General Insurance, International & Domestic Payments.
May 23 2012
46 mins
Understanding Cloud Security: Finding the Boundaries
More from this community:

Cloud Computing

  • Live and recorded (4175)
  • Upcoming (130)
  • Date
  • Rating
  • Views
  • Join us for a 30-minute live session every Friday, where we’ll tour the RingCentral interface, discuss the latest innovations and features available on the RingCentral platform, and share best practices on leveraging cloud communications for your business. This session features a live demo of RingCentral Office and an open Q&A session led by a Sales Engineer.

    This week tune in and learn about how RingCentral integrates with Google Gmail, Calendar, Docs and more.
  • „16Gb Fibre Channel HBAs - Gleich ist nicht gleich - entscheidende Vorteile mit der Emulex-Technologie“
    Entscheidende Design- und Funktionalitätsvorteile der Emulex 16Gb Fibre Channel HBAs, wie „Dynamic Port Utilization“, Brocade ClearLink-Diagnosemöglichkeiten, Daten-Priorisierung mit Quality of Service-Funktionalität, passives Cooling uvm., geben Ihren Kunden massive Vorteile beim Einsatz von Emulex Gen 5 (16Gb) Fibre Channel HBAs gegenüber anderen auf dem Markt verfügbaren Lösungen.
    Bei Gen 5 (16Gb) FC HBAs gilt wirklich – Gleich ist nicht gleich!
    Überzeugen Sie sich selbst davon, damit Sie Ihren Kunden die beste Gen 5 (16Gb) FC-Lösung anbieten können!
  • En este webcast usted aprenderá sobre cómo transformar la función de su departamento central de TI, y ser proveedor de servicios estratégicos para la empresa.
  • The BYOD trend is a symptom of consumerization in the mobile/cloud era that presents an opportunity for IT to be more relevant to the business. Recent studies show more interest than ever in BYO “anything” programs, however this transformation is hindered by concerns over security and complexity. From MacBooks and laptops to smartphones and tablets, a BYO “Anything” strategy must start with the user, not the device. By attending this webinar and discussion, you will learn:
    - How to take a people-centric approach to BYOD programs
    - Simple tips for navigating through the policy nightmares associated with BYOD
    - Key infrastructure requirement for a successful BYOD program
    - How a successful BYOD program can lead to even greater value for business mobility
  • Mobile is no longer a supplementary channel for the enterprise; It is quickly becoming the primary channel to deliver business critical information and experiences to partners, customers and employees. Join Sarvesh Jagannivas, VP of Product Marketing at MuleSoft, and Uri Sarid, CTO at MuleSoft, as they discuss the mobile enterprise opportunity, and the biggest challenges preventing successful mobile delivery.

    Join this webinar to learn:
    - Why mobile applications are the new imperative for the enterprise
    - The top challenges preventing rapid, scalable and secure mobile application development
    - Three case studies of industry leaders who are building mobile enterprises
  • Pass-the-hash and similar credential theft and reuse attacks are among the greatest security threats facing organizations today. With an impact that extends well beyond Microsoft Windows and Active Directory environments — and with no definitive means of remediation — it should come as no surprise that these types of attacks have been an underlying component of just about every targeted attack disclosed in the past several years, including those perpetrated against Saudi Aramco, Target, and The Wall Street Journal — just to name few.

    Join us Thursday, February 26th at 1 pm to learn:

    - How this highly popular and devastatingly effective class of attacks works
    - The basics of the pass-the-hash kill chain
    - An approach, based on design and administrative best practices, for mitigating attacks
    - The role privileged identity management solutions, like Xsuite, can play in implementing these practices

    Presenters:

    - Mark Bouchard, Co-Founder and VP of Research, CyberEdge Group, LLC
    - Dale Gardner, Senior Director, Product Marketing, Xceedium, Inc.
  • As a business, concerns over RTO, RPO, costs, security, and data privacy have historically made the decision for cloud backup a complicated one. However, cloud technologies continue to evolve, and can now provide substantial cost benefits while overcoming the most stringent security, data privacy, storage and performance hurdles. This makes it a perfect fit for many backup needs — especially remote office server backup.

    In this session we’ll cover:

    * The state of the cloud and the latest advancements for D2C server backup
    * How security and data storage advancements are addressing key enterprise data privacy concerns
    * How to leverage the cloud for remote office server backup and archiving, while significantly lowering storage and administration expenses
  • In the age of the customer, companies don’t decide how customer-centric their organizations need to be, customers decide on that. Providing great customer engagement and experience is a win-win for customers and companies and will drive customer loyalty and satisfaction. In order to become leaders in this connected and digital world companies need to leverage the right technologies and solutions, connect and engage with their customers, partners and employees in new ways. This will help them to become customer-centric organizations.

    Join us to learn about the next generation customer service and engagement trends and how you can leverage Salesforce to drive business value, achieve great success and become customer-centric organizations. Salesforce customer Pearson will also share their next generation customer service & engagement success story and on how they leveraged Community Cloud to meet their goals and objectives.
  • In the age of the customer, companies don’t decide how customer-centric their organizations need to be, customers decide on that. Providing great customer engagement and experience is a win-win for customers and companies and will drive customer loyalty and satisfaction. In order to become leaders in this connected and digital world companies need to leverage the right technologies and solutions, connect and engage with their customers, partners and employees in new ways. This will help them to become customer-centric organizations.

    Join us to learn about the next generation customer service and engagement trends and how you can leverage Salesforce to drive business value, achieve great success and become customer-centric organizations. Salesforce customer Pearson will also share their next generation customer service & engagement success story and on how they leveraged Community Cloud to meet their goals and objectives.
  • Scaling multiple databases with a single legacy storage system works well from a cost perspective, but workload conflicts and hardware contention make these solutions an unattractive choice for anything but low-performance applications.

    Attend the webinar to learn about:
    - How SolidFire’s all-flash storage system provides high performance at massive scale for mixed workload processing while simultaneously controlling costs and guaranteeing performance
    - How to deploy four or more database copies using SolidFire’s Oracle Validated Configuration, at a price point at or below the cost of traditional storage systems
    - SolidFire’s Quality of Service (QoS) guarantee; every copy receives dedicated all-flash performance, so IT admins can deliver solutions with confidence and maximize business efficiency
  • Channel
  • Channel profile
  • Reducing the Risk of Targeted Attacks with Intelligence Mar 17 2015 3:00 pm UTC 45 mins
    If your intuitive response to the risk of targeted attacks is to run and get some Advanced Threat

    Protection, do yourself a favour and take a step back. The reality is that, while the number of advanced

    attacks has been increasing, the vast majority of cases still use fairly simple techniques and exploit

    publically known vulnerabilities that can be solved by regular patching or other mitigation actions.

    In this webinar we will talk about how you should use vulnerability intelligence to reduce the attack

    surface for hackers and strengthen resilience before you think of implementing ATP solutions.

    Key takeaways:

    - An overview of a multi-layered security approach

    - How to leverage vulnerability intelligence to reduce risk
  • Catch me if you can: The Hunt for Hidden Botnets Mar 17 2015 2:00 pm UTC 45 mins
    Botnet sophistication is increasing at an astonishing speed. Malicious actors continually use new resources and develop new methods for attacking organisations for a myriad of reasons but with a simple purpose; to look for vulnerabilities in the whole operating environment and compromise an organisation’s security.

    It is estimated that about 16% to 25% of Internet traffic in the world comes from communication between various types of malware. Without an adaptive security approach it becomes challenging for any organisation to process and analyse the sheer volume of data being generated, which is why a different approach is critical. It should involve identifying botnet activity using new methods, leveraged on automation and machine learning techniques, which are best suited to help tackle this challenge.

    Join João Gouveia, CTO of AnubisNetworks for a discussion focused on the most common botnet evasion techniques and how to fight them. This webinar will highlight Cyberfeed’s (AnubisNetworks threat intelligence solution) capabilities, to present a cutting edge approach on botnet activity identification, related traffic and risk level.

    In this webinar you will learn:

    •The main challenges and the current Malware landscape

    •Botnet invasion techniques

    •A holistic approach to detecting botnet activity, correlating different attack vectors and techniques
  • Addressing the Combined Human and Cyber Threat Mar 17 2015 11:00 am UTC 45 mins
    One of the most pressing concerns in today’s ever-changing threatscape is how to address the human factor; with an estimated 14% of all breaches are linked to an insider.

    New forms of attack combined with a lack of experience has left many organisations vulnerable and as more and more companies consume more and more sensitive data, there is an increasingly important requirement for today's Information Security Professional to understand the threats and the mitigation techniques available to them.

    Andrew Rice, Director of Cyber, Security and Influence will be drawing upon QinetiQ’s extensive experience within cyber security to highlight vulnerabilities in your cyber defence and your workforce. Key takeaways will include:

    ** How to train your staff to deal with insider threats

    ** Case study into APT 1 using real-world examples

    ** Methods to combat ATPs including the AIW approach

    ** How best to measure your ATP protection

    ** How to integrate physical and cyber security

    Andrew will also be on hand at the end of the session for 15 minutes of Q&A for you to ask your pressing ATP questions.
  • 'Reeling in the Year' – Looking Ahead to 2015 Mar 17 2015 10:00 am UTC 45 mins
    2014 is in the bag and what a year it was - for the hacker and cybercriminal community that is.

    2014 was full of high profile data breaches and significant new vulnerabilities, some of which affected the very core of the online world. This session will combine looking back at 2014’s key events and a good dose of Fortinet’s cyber crystal ball to come up with some predictions for what we can expect during the upcoming 12 months.
  • Data-centric Security Key to Digital Business Success Mar 11 2015 5:00 pm UTC 45 mins
    With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
  • Securing Office 365 Mar 11 2015 5:00 pm UTC 45 mins
    As much as Silicon Valley startup execs love to portray Microsoft as a dinosaur, the fact is that Office 365 adoption is accelerating in the enterprise. Office 365 offers a promising compromise for enterprises deciding, “to cloud or not to cloud": Bring cloud-based productivity tools under the company’s security umbrella so that people can work the way they want to, without sending sensitive company data astray. The idea that you can simply shift responsibility for your company’s data security to Microsoft, however, couldn’t be further from the truth. You can achieve Office 365 data security... but only through a partnership that involves, at its core, a comprehensive in-house security plan, together with Office 365’s built-in security functionality.

    In this webinar, Rich Campagna, VP Products at Bitglass, and Chris Hines, Product Marketing Manager, will help you understand where Microsoft’s security responsibility ends, and where yours begins, highlighting key gaps to keep in mind as you make the move to Office 365, and how to solve them.
  • Get Complete IT Compliance: Reduce Risk and Cost Mar 10 2015 3:00 pm UTC 60 mins
    Reacting to threats and remediating breaches can’t wait. Your compliance plan may be in place – but can you execute fast?

    Join BMC Software and Qualys to see how to get complete IT compliance and reduce the risk and cost in your organization. In this webinar, you will learn to:

    ·Easily detect security issues with new automated, online technology
    ·Quickly analyze operational dependencies and the potential impact of proposed fixes
    ·Enforce governance policies and change approval requirements
    ·Execute validated remediation actions rapidly
    ·Document actions and results in real time


    Plus, learn how to improve communications between security and operations to ensure a speedy resolution to compliance issues.
  • Avoiding the Headlines: 5 Critical Security Practices to Implement Now Mar 5 2015 6:00 pm UTC 45 mins
    2014 could have easily been called, “The year of the biggest security breaches since the beginning of forever.” But given current security practices and technologies, many of the breaches could have been prevented. So why weren’t they?

    Many of the affected companies fell into a very common trap, thinking that if a company goes to the trouble to be legally compliant then it will be effectively “secure.” Unfortunately, as with many kinds of regulations, legal compliance really represents the absolute least amount of effort required. If companies want to give themselves the best chance to avoid the very severe consequences that come with a major breach, there are five practices they need to put in place now.

    Join Adrian Sanabria, Senior Security Analyst at 451 Research, and Amrit Williams, CTO of CloudPassage, on this webinar to learn
    · Possible gaps left by the compliance-first approach to security
    · How to limit vulnerabilities across traditional, virtual and cloud infrastructures
    · Five best practices to avoid a major security breach in 2015
  • Top 7 File Sync & Share Features For Businesses Mar 5 2015 6:00 pm UTC 45 mins
    The bring-your-own-device (BYOD) movement has been a huge boon for businesses that put a premium on productivity. File sync and share solutions have emerged to help employees work from anywhere, at any time, on any device. In this BrightTALK exclusive, eFolder explores the top seven features that business should consider when adopting a file sync and share solution. Learn what is required for a file sync and share solution to improve collaboration, maximize productivity, and ensure security.
  • The coming Cyber-Storm and The Internet of Things Mar 5 2015 5:00 pm UTC 45 mins
    The Internet of Things (the new buzzword for the tech industry) is increasing the connectedness of people and things on a scale that was once beyond imagination. Connected devices outnumber the world's population by 1.5 to 1.It is expected to eventually touch some 200 billion cars, appliances, machinery and devices globally, handling things like remote operation, monitoring and interaction among Internet-connected products.

    In combination with the fact that there are almost as many cell-phone subscriptions (6.8 billion) as there are people on this earth (seven billion), we have all the ingredients for a Perfect Cyber Storm.

    Join me for an informal discussion of the challenges for our profession, and some possible solutions.
  • The One-Man SOC: Habits of Highly Effective Security Practitioners Mar 5 2015 5:00 pm UTC 60 mins
    Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key. Join Joe Schreiber, Solutions Architect for AlienVault for this practical session outlining habits to get the most out of your limited resources.

    In this session, you'll learn how to develop routines to efficiently manage your environment, avoid time-sucks, and determine what you can do by yourself and where you need help.

    In this practical session, Joe will cover:
    - How to work around the limitations of a small (or one person) team
    - Tips for establishing a daily routine
    - Strategies to effectively prioritize daily tasks
    - Benefits of threat intelligence sharing
    - Critical investigation & response steps when the inevitable incident occurs
  • Endpoint Security Just Got Simpler Mar 4 2015 6:00 pm UTC 60 mins
    From unobtrusive advanced malware detection technologies to automated threat response and actionable mobile-friendly dashboard – manage security from any device, any time, ESET will present new solutions for securing your endpoints and new ways to manage them.
  • Maintaining Security in a Mobile World Mar 4 2015 6:00 pm UTC 45 mins
    The game has changed. Due to cost savings, and the privacy and mobility needs of employees, in just a few short years companies have loosened the mobile device leash. Enterprises are now shifting from traditional “company owned” devices, to allowing “Bring Your Own Device” in the workplace. According to Gartner, by 2017 fifty percent of companies will actually force employee to bring their own device to work.

    But if you’re tasked with securing devices, how do you accommodate BYOD? Where do you start and what kinds of security solutions should you be looking for?

    In this webinar, Chris Hines, Product Manager at Bitglass will teach you how to balance the needs of IT admins and employees when it comes to securing your mobile world.
  • The Profitable MSSP Series –Sandbox-as-a-Service for MSSPs Mar 3 2015 5:00 pm UTC 45 mins
    This webinar will outline methods of deploying Fortinet Sandbox solution as a hardware inclusive service and creating a compelling offering that will help build value in your portfolio and lead to high margin revenue. We will discuss the reasons for the renewed demand for Sandboxing, the deliverables of FortiSandbox, compare it to competitive solutions and discuss sizing, productizing and pricing models.
  • Security Rivals? The Value of Measuring & Comparing Network Security Performance Recorded: Feb 27 2015 50 mins
    Who has earned the bragging rights as the most secure college athletic conference?

    Colleges have rivals both on the football field and in the classrooms, but how do they fare in security performance? Watch this webinar featuring Stephen Boyer, CTO and Co-Founder of BitSight Technologies, and Rebecca Sandlin, CIO of Roanoke College, to learn how the major athletic conferences compared in key security performance metrics. There is also a discussion about why security benchmarking is so significant in education.

    Watch this webinar to discover:

    - The unique challenges higher education faces in securing their networks and how benchmarking can help
    - Why performance varies across the industry, and how that translates into actionable intelligence for security teams
    - How Security Ratings are enabling Roanoke College to gain tremendous insights about security strategy and performance issues that they can share with their board.
  • Actionable Intelligence: A Threat Intelligence Buyer’s Guide Recorded: Feb 26 2015 48 mins
    Today’s threat actors are more sophisticated than ever, and organizations need live attack intelligence that alerts them to emerging threats long before they become full-blown attacks that lead to sensitive data loss. Furthermore, organizations need the most current threat data available in order to protect their networks from incursions – they need real-time actionable intelligence.

    Join us for the upcoming webinar, “Actionable Intelligence: A Threat Intelligence Buyer’s Guide” featuring Rick Holland, Principal Analyst at Forrester Research, and Jeff Harrell, Senior Director, Product Marketing at Norse, to learn how to evaluate the various threat intelligence offerings in the marketplace, and how to utilize them to prevent today’s advanced attacks.

    In this webinar you will learn about:
    * The criteria needed to effectively evaluate threat intelligence solutions that meet your organization's needs
    * The value of the different types and sources of internal and external threat intelligence
    * How best to utilize threat intelligence to realize a greater return on security investments and better protect your organization
  • Assessing Risks & Solutions for Social Engineering Recorded: Feb 26 2015 32 mins
    Social engineering targets our most challenging assets - people! We'll share a case study on how a regulated, mid-sized company prioritized risks, developed a mitigation strategy, and delivered an innovative awareness campaign.

    What's unique about this example is the program we helped build to incorporate active control testing, user feedback, and metrics to improve employee training alongside traditional technical controls.
  • Attack Intelligence: The More You Know, The Less Damage They Can Do Recorded: Feb 26 2015 48 mins
    Attack Intelligence to Power Tomorrow’s Cyber Response.

    Preparing to combat every threat and vulnerability is a war that no cybersecurity professional can win today. Speed, accuracy and visibility of threats and active attacks is critical to defending against APTs and other sophisticated attacks responsible for today’s headline-grabbing data breaches. The next generation of advanced threat prevention solutions will require a significant shift in how we incorporate threat and attack visibility into everyday security operations, enabling incident responders to identify and stop campaigns as they happen.

    Join us as IDC’s Research Vice President for Security Products Services Charles Kolodgy shares his view of the threat landscape, including how threats are evolving, how cybercriminals are becoming more sophisticated and what new solutions are necessary to combat APTs.
  • Six Steps To a High-Performing IT Department Recorded: Feb 26 2015 53 mins
    What sets high-functioning IT organizations apart from the rest? That’s something every IT leader wants to know. After all, we live in a highly competitive business climate and IT performance can be the difference between success and failure. To conquer the challenge, we need to be informed and collaborative and we need to do this in a cost-effective manner.

    In this webcast, you will hear from two experts on some of the technology that’s driving today’s high-functioning IT organizations. Find out how your company can be aligned, agile and ready to respond to ever-changing business requirements and competitive pressures.
  • Applied Security Analytics Recorded: Feb 26 2015 45 mins
    Many organizations are looking at using big data to detect more advanced adversaries. We are collecting more information than ever before, but what are we doing with it? In this talk, we will look at some ways you can use data science and visualization tools to get more out of the data you collect. Visualizations will let you see what is happening at a high level: A picture is worth a thousand log entries. There are data science techniques that other industries, such as advertising, have used successfully. We can apply these techniques to find patterns of behavior that are out of the ordinary, and ultimately catch more bad guys.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Understanding Cloud Security: Finding the Boundaries
  • Live at: May 23 2012 12:00 pm
  • Presented by: Neira Jones, Head of Payment Security, Barclaycard
  • From:
Your email has been sent.
or close
You must be logged in to email this