Understanding Cloud Security: Finding the Boundaries
With more than 20 years Financial Services experience, I have successfully directed many large change programmes, & been instrumental in the launch of new products/ services (e.g. Mortgages, Debit and Credit Cards, Investments, General Insurance, Business Banking) as well as managing Process Reengineering consultancy teams.
Currently Head of Payment Security at Barclaycard, I am responsible for security compliance of circa 100,000 customers and their third parties. Our sustained dedication resulted in my team scooping up two awards at the Feb. 2012 Merchant Payments Ecosystem conference (MPE, formerly ECAF) for "Data Security" & "Merchants". In April 2011, my team won the Information Security Team of the Year award from SC Magazine & I was inducted to the Infosecurity Europe Hall of Fame. Other awards include the 2010 European Card Acquiring Forum (ECAF) award for Data Security (PCI DSS) and in October 2010, I was voted number 4 of the top 10 most influential people in infosec in the UK by SC Magazine and ISC2. In addition, I have been on the PCI Security Standards Council Board of Advisors since 2009.
Past achievements included:
•Managed the programme to launch of streamlined straight through Mortgage Process Platform for Abbey for Intermediaries. Achieved in 10 months.
•Managed the programme to centralise Mortgage Underwriting from a network of 700 branches to one centralised area. Achieved in 9 months.
•Managed the programme to support the insourcing of the Abbey credit card from MBNA and implementation of the new Santander platform. Also managed the migration of the existing debit card to the new Santander platform.
•Other programmes in my portfolio included all people/ process & technology aspects of the following: Investments, Business Banking, General Insurance, International & Domestic Payments.
RecordedMay 23 201246 mins
Your place is confirmed, we'll send you email reminders
Tom Brewster, TechWeek; David Willson, Titan Infosecurity Group; Vladimir Jirasek, Cloud Security Alliance; Paul Brettle, HP
How do you respond when your organisation has been breached and law enforcement is unable to help?
More and more companies are turning from a reactive response to breaches to a proactive one: preventing a breach before it happens and hacking back. This panel session will feature 4 experts discuss these topics in-depth, from its technical to legal implications.
Jason Hart, SafeNet; Gargi Mitra Keeling, VMware; Jofre Palau, Vodafone; Patrick McBride, Xceedium, Leonor Martins, SafeNet
As companies migrate to the virtual datacenter, executives must deal with security, audit, and visibility of their environment which has grown beyond their physical datacenter. Because of this, hesitancy remains and many questions are still being asked. What is a next-gen datacenter? What changes as businesses take steps toward a hybrid datacenter? When they move to a virtualized environment, how does their data remain secured and in their control? Will encrypting data in this environment achieve visibility and control of who is accessing it? Plus despite more knowledge on virtual risks, cloud services are still being purchased without authentication, adopting cloud first and then thinking about security second. So how can organisations win the struggle with authentication in the cloud?
Join your fellow professionals for this lively and insightful discussion providing a complete vision on virtual risks in a virtual world. Then understand a way to manage risk, maintain compliance, accelerate and protect business from evolving security threats.
Social business represents a new transformational opportunity for organizations. After initial forays into external social media, many companies are now discovering the value of applying social approaches, internally as well as externally. Social business can create valued customer experiences, increase workforce productivity and effectiveness and accelerate innovation. But many companies still wrestle with the organisational and cultural challenges posed by these new ways of work.
Join this webinar to hear the proven results from easily integrating social into your everyday tools to improve your business.
About the speaker:
Chris Moore is a Social Business Specialist for IBM Collaboration Solutions. He has 7 years experience and knowledge of Collaboration and Exceptional Web Experience technologies; including IBM Notes, Domino, Sametime, Connections, Docs and Web Experience Suites.
Paul Wallace, Director of Product, Stingray, Riverbed Technology
Public cloud providers offer better uptime and business continuity than most organisations can achieve on their own, despite well-publicised outages. But failing to plan for an outage, means you are planning to fail. At the center of this argument is the concept of designing for resilience: organisations should not hide from failure, but rather expose themselves to it early and often, in a way that allows them to learn quickly and build the right infrastructure to build reliability in an unreliable world.
Join Paul Wallace, Director of Product at Riverbed Technology, as he discusses strategies that will help you design for resilience and security, and learn how to:
* Prepare for unplanned cloud outages
* Build a globally resilient cloud application
* Avoid some of the most common mistakes when faced with a cloud outage
Cyber-risk is one of today’s most high profile business risks. While good cyber-mitigation strategies can reduce this risk, it cannot be eliminated – defences will be breached. The organisation’s ability to respond to and recover from these breaches – its cyber-resilience – is fundamental to its risk management strategy. This session examines cyber risk, the pervasiveness of cyber-incidents and the key steps in building a cyber-resilience strategy.
About the speaker:
Alan Calder is chief executive of IT Governance, the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance.
He is a leading author on information security and IT governance issues. Alan is the co-author (with Steve Watkins) of the definitive compliance guide, ‘IT Governance: An International Guide to Data Security and ISO27001/ISO27002’.
Eoin Keary, OWASP Global Board. CTO BCC Risk Advisory Ltd
The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing.
We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? How can we expect developers to listen to security consultants when the consultant has never written a line of code? Why are we still happy with “Testing security out” rather than the more superior “building security in”?
This talk is sure to challenge the status quo of web security today.
About the speaker:
Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org). During his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, y and the OWASP Cheat Sheet Series.
Eoin Keary is the CTO and founder of BCC Risk Advisory Ltd. (www.bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training.
Eoin has led global security engagements for some of the world’s largest financial services and consumer products companies. He is a well-known technical leader in industry in the area of software security and penetration testing.
Stephan Hadinger, Solutions Architect, Amazon Web Services
Understand how to create an elastic data center and connect existing networks and application assets to resources in the cloud. AWS will discuss technologies such as VPC and Direct Connect and common use cases from Enterprise customers.
Ryan Shuttleworth, Technical Specialist, Amazon Web Services
In this presentation AWS will talk about some of the transformations that Cloud computing brings to the delivery of IT infrastructure and how enterprises can leverage these changes to create cost efficient, agile and customer focused systems.
Peter Wood, First Base Technologies; Giles Hogben, CSA; Christian Papathanasiou, OWASP; Jason Steer, FireEye
How prepared are you to detect a breach? Advanced malware, persistent threats and zero-day targeted attacks are causing problems for organisations of all sizes, as traditional security measures have become ineffective in keeping them secure.
This panel will explore how organisations can benefit from advanced techniques to defend themselves against APTs. These include big data analytics, real-time threat monitoring and direct exposure. There will be a case study on the recent APT1 report discovered by Mandiant.
Is your service desk only good for a quick peck on the cheek, is it a lifetime commitment, or do you avoid it at all costs?
How can you ensure that your customers see the service desk as a long term and enriching business relationship and not just a basic commodity, or only the last port of call with their Technology issues?
This session looks at key elements of IT Services and front line Service Desk features that are needed to ensure that technology is delivered and appreciated as a value-add and not just seen as a necessary but unwanted cost. This will include all the elements you need for a Service desk makeover to attract new admirers.
Steve Durbin, Vice President, Information Security Forum
Recently highlighted as being one of the top 5 threats for 2013 by the ISF, this webinar maps out how you can respond to the ‘consumerisation’ challenge today – whatever stage you are at – based on current efforts to formulate good practice at leading ISF Member organisations around the world. It offers independent guidance on how to plan your security response not only in terms of how your people use mobile devices, but also in terms of protection solutions, provisioning and support, and meeting statutory requirements.
About the speaker:
Steve Durbin is Global Vice President of the Information Security Forum (ISF). He is a regular speaker and chair at global events and is quoted in the Financial Times, Wall Street Journal, Forbes, Deutsche Presse, Süddeutsche Zeitlung, CIO Forum, ZD Net, and Information Week.
Steve has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. He is also currently chairman of the Digiworld Institute senior executive forum in the UK, a think tank comprised of Telecoms, Media and IT leaders and regulators.
BYOD is no longer a consideration, it’s a reality. Every day over 2 million new wireless devices are being activated and these devices will show up on you network. And while most wireless vendors are talking about the potential security risks, which are considerable, almost no one is discussing the impact the sheer numbers of devices will have on your networks performance.
A recent Gartner study did and stated that ‘By 2015, 80% of newly installed wireless networks will be obsolete because of a lack of proper planning’. Many administrators still designing for coverage, when capacity limits are the true Achilles heel of wireless deployments. This session will discuss the varied client types and their capabilities, best practices to address growing device densities and how both impact overall network performance. IT administrator looking at a BYOD deployment or even just a wireless upgrade will gain valuable insight from this presentation.
Perry Correll is a Senior Technologist as well as the Director of Product Marketing at Xirrus. His extensive networking background extends from original Ethernet Thicknet technology, through the switching revolution and now is involved in pushing advancements in Wi-Fi technology to displace wired solutions. Previous roles included technologist and management roles at Cabletron, Xylan and Alcatel.
David Cuthbertson, Managing Director, Square Mile Systems
As networks, servers and applications all increase in complexity, how do you make it simpler and less costly to manage changes and improve performance? We’ll cover practical steps needed to develop the knowledge sets needed to support major transformation projects, as well as improving end to end IT management processes. Ideal for anyone who has found that mapping their IT infrastructure dependencies needs more than one white board!
Security is only as good as the response it generates. This talk will highlight how organisations need to redevelop their incident response strategies and move away from reactive responses to proactive ones. This includes detecting potential attacks as early as possible and ideally before they happen. The webinar will cover strategies, tools and techniques that those responsible for incident response can implement to better improve their security posture.
About the speaker:
Brian Honan is an independent security consultant based in Dublin, Ireland. Brian founded and heads IRISSCERT which is Ireland's first CERT. He also lectures on information security in University College and sits on the Technical Advisory Board for a number of innovative information security companies. Brian is author of the books "ISO 27001 in a Windows Environment" and "The Cloud Security Rules", is regularly published in a number of industry recognised publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites, a semi-weekly electronic newsletter.
Peter Wood, Partner & CEO, First Base Technologies
We love technology. You can buy solutions that will stop intruders, prevent malware and make data loss a thing of the past. Or can you? Why, despite spending millions on hardware and software, do we continue to be at the mercy of criminals? Because we ignore the real purpose of computers: to help people share and use information. We complain about the insecurity of BYOD, cloud and social networking, but fail to exploit our best defence. Let's change the paradigm and focus on people as the solution, not the problem.
About the Speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.
Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.
Peter Judge, NetMedia Europe; Marvin Wheeler, ODCA; Lawrence Lamers, DMTF; Josh Townsend, VMUG
Virtualization has created obvious benefits for organizations deploying it. But why stop there? Taking your virtualization projects and expanding them to include a private cloud deployment will result in even greater benefits: scalability, security, agility and more. Join this panel of experts as they discuss common obstacles in moving to a private cloud, how it affects the services you provide and how you can get there in your own infrastructure.
In this live webinar, Riverbed Technology's Paul Wallace will discuss how you can integrate your ADC platform with automated provisioning and capacity management, using new tools for software-defined application delivery which can:
- Unbox your application delivery network, and extend your application stack
- Cut the cost of application delivery in virtual and cloud environments
- Simplify your application lifecycle through automation and application integration
- Enable access to application-level ADC capabilities and Layer 7 services
John Keppler, Computer Society; Peter Wood, First Base Technologies; Jagdeep Singh, Financial Times; Will Bechtel, Qualys
Threats from hackers and cyber-terrorists are increasing at a phenomenal rate. Consequently, private and public organizations are now in a heightened state of alert with concern about protecting their system infrastructure integrity and data security. In recent years, government agencies and customers have dramatically increased their requirements and scrutiny of corporate security process and procedures.
It is important for all IT professionals to develop a comprehensive understanding of the underlying principles for designing, engineering, and managing secure applications.
Attend this session and learn from industry experts how to know better your threats, efficiently secure the network, host and applications and incorporate security into your software development process.
Will Bechtel, Director of Product Management, Qualys
This presentation will review some of the reasons why web application security is so important. Citing data from the Verizon Data Breach Investigations Report which identified web applications as one of the primary attack and data loss vectors.
Next, an overview of a conventional scanning program will be outlined as well as how a cloud based service can enable organizations to develop a best practice program that moves the scanning into the software development life cycle (SDLC). We’ll show how this helps organizations find and fix web application vulnerabilities earlier in the life cycle, which lowers both the risk as well as the cost associated with addressing the security issues.
Monthly Webinars around the evolving world of Technology
Watch free webinars and videos in the Webrecruit IT Channel for the latest news, best practices and analysis from the IT world. From cloud computing to data centres, information security to IT service management, these webinars will be presented by industry experts from leading organisations. Tune in live to participate in polls and ask your questions to the speakers, or watch immediately afterwards on demand.