Corporate Member Forum Welcome speech (By Invitation only)
For CSA Corporate Members
CSA corporate member introductions
2016 in Summary
Anthony Lim- CSA APAC Market Strategy Director
Tea Break
2017 Strategies and Plans
Open Discussion
Lunch and Networking
Registration
Welcome Speech Aloysius Cheang
Aloysius Cheang
Executive Vice President of Asia Pacific at Cloud Security Alliance
Opening Keynote- The CSA Strategy for Securing IoT Jim Reavis
This presentation covers the key security vulnerabilities of Internet of Things, its relationship to cloud computing and the Cloud Security Alliance's strategy for developing comprehensive best practices and programs for IoT security.
Jim Reavis
Co-founder and CEO of Cloud Security Alliance
Keynote 1- Blockchain Based Cyber Security Narayan Neelakantan
Narayan Neelakantan
Former CISO at National Stock Exchange of India Limited
Keynote 2- Cloudy but not raining (yet) – should you carry an umbrella? Dr. Meng Chow Kang
This session discusses some of the key concerns and challenges relating to cloud adoption in the enterprise, and Cisco’s information security group’s experience in addressing them.
Dr. Meng Chow Kang
Chief Information Security Officer, APJC Region at Cisco Systems, Inc.
Tea Break
Keynote 3- Mobile Application Security and it Vetting Keng Lee
The use of mobile applications has become unavoidable, almost a necessity, in today's world. More people are starting to question the security of mobile applications. With the emergence of cloud computing, organizational transformation is required to address this paradigm shift. Cloud computing accelerates real-time use of applications, which allows for business agility. However, with the proliferation of mobile applications, a new set of security challenges arises. The next journey in mobile application is to embark on developing mobile certification framework that will certify the security of mobile applications. The question is, will you be interested in being part of this?
Keng Lee
COO at Tanosecure
Panel Discussion: State of Cloud Adoption & Security in India Aloysius Cheang•Sandip Kumar Panda•Narayan Neelakantan
Aloysius Cheang
Executive Vice President of Asia Pacific at Cloud Security Alliance
Sandip Kumar Panda
CEO of Instasafe
Narayan Neelakantan
Former CISO at National Stock Exchange of India Limited
Lunch Break
Track Presentations- New Technologies, Mobile, Big Data & Social
Tea Break
Panel Discussion- Secure use of Cloud Services Dr. Meng Chow Kang•Juanita Koilpillai •Sanjay Sharma•Madhav Chablani
A panel of leading vendors and experts of cloud-based tools and services will describe best practices for the secure use of the cloud. Discussion on enterprise security lessons and trends from the Cloud Service Providers perspective.
Dr. Meng Chow Kang
Chief Information Security Officer, APJC Region at Cisco Systems, Inc.
Juanita Koilpillai
Founder & CEO of Waverley Labs
Sanjay Sharma
Founder & Managing Director of CloudAtix
Madhav Chablani
Chairman at CSA NCR Chapter
Closing Keynote- Security and Adoption of Cloud- A Case for Capacity Building Clayton Jones
Cloud adoption is accelerating faster than previously anticipated and at the same time, security concerns still top the list of barriers to cloud adoption. This presentation will talk about what specialized skills are required in cloud security to close the gap between increasing cloud adoption and high levels of security concerns especially in terms of capacity building. Having qualified people lead a thorough evaluation process can help organizations responsibly take advantage of cloud services.
Clayton Jones
Managing Director, Asia-Pacific of (ISC)²
Gala Dinner ( By Invitation)
Registration
Welcome Speech Benildus Nadar
Benildus Nadar
Chair at CSA India Regional Coordinating Body
Opening Keynote Raj Kumar Srivastava
Raj Kumar Srivastava
Managing Director of Karnataka State Electronics, Development Corporation Limited
Keynote 1- Impact of Digital India and Need of Cloud Dr. Amar Prasad Reddy
Dr. Amar Prasad Reddy
Director General of National Cyber Safety & Security Standards
Keynote 2- "Thinking Beyond On Premise" Rajiv R Chetwani
The talk will cover various trends in Cloud in India and internationally. What the IT managers are planning and what is holding them back. Advantages of deploying the appliance based approach towards Cloud and how it is going to help rapidly realize Cloud - whether it's a Private Cloud or a Public Cloud.
Rajiv R Chetwani
Director, Information Systems Programme Office of Indian Space Research Organisation
Tea Break
Keynote 3 Pavan Duggal
Pavan Duggal
President at Cyberlaws.Net
Keynote 4- Cloud Computing and Internet of Things- Key enablers for Digital India & Smart CIties Pamela Kumar
This talk extracts the lessons from the telecom and wireless adoption in India. It identifies the key challenges associated with adoption of these emerging technologies and then provides a framework to address these.
Pamela Kumar
Vice President & Founding Chair at Cloud Computing Innovation Council of India
Lunch Break
Track- New Technologies, Mobile, Big Data & Social
This panel will draw on experts from three different spheres of experience: academia, business leadership and practicing CSO/ CISO, to debate the current challenges around advancing security leaders to build future resilience.
• What are the skills required for next generation technology and security leaders? • How are organisations approaching recruitment and maintenance of the best? • Where will the next generation of technology thinkers and doers come from?
Vishal Salvi
Chief Information Security Officer and SVP at Infosys
Benildus Nadar
Chair at CSA India Regional Coordinating Body
Vijay Rangyyan
CTO at Instasafe Technologies
Dr. Sanjeev Singh
Associate Professor at Delhi University
Closing Keynote
Presentation 1- Software Defined Perimeter and a demonstration Juanita Koilpillai
Juanita Koilpillai
Founder & CEO of Waverley Labs
Presentation 2- Quantum Solutions to a Quantum Challenge Dr. Vikram Sharma
The conversation around quantum technologies has focused for a large part on quantum computers and their capabilities, as well as on the threat they pose to our current cyber-security models. However, quantum technologies are also a big part of the security solution, with exciting promise to protect our most sensitive data.
This presentation will provide participants with an understanding of the quantum security risk and discuss the different technologies that are being developed to tackle the quantum computer security threat. It will address how these technologies can complement each other to address these challenges. Special focus will be given to quantum key distribution approaches and the place of this technology in a quantum-safe architecture.
Dr. Vikram Sharma
Founding Director & Chief Executive Officer of QuintessenceLabs
Presentation 3- Emerging Technologies in Cloud Salil Aroskar
Incorporating security while we adopt the emerging technologies in Cloud like Hybrid Cloud, Software Defined Data Center (SDDC) and Security in DevOps.
Enterprises are becoming digital businesses and Cloud is driving the transformation. The speed and flexibility of the Cloud brings complexity. The use of cloud-based platforms in the technology industry continues to evolve into more complex arrangements as the business world now demands a mix of many best-of-breed cloud services to form the optimal solution. This includes traditional Hybrid Cloud, which is typically a paired private and public cloud or multi-cloud. The software-defined data center (SDDC) has been crucial to the long-term evolution of an agile digital business. This enables increased levels of automation and flexibility that will underpin business agility through the increased adoption of cloud services and enable modern IT approaches such as DevOps. SDDC simplifies the security management of the data center technologies by 'push of a button' Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. With the rise of DevOps, most security teams tried to minimize risk by limiting the speed of change. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
Salil Aroskar
Senior Manager - Information Security Risk Management at VMware
Presentation 4- Say No to Ransomware Biswajit De
Biswajit De
Sr. Technical Consultant at Trend Micro
Presentation 1- Emerging Trends in Security- Cloud Based Operations and Security Management Mandar Kulkarni
With most of the organizations adopting cloud, enterprise security perimeter has got expanded. There are newer ways of managing enterprise IT Operations and Security, based on cloud are fast becoming popular. Here is a quick look at what new capabilities these SaaS platforms offer for managing and protecting traditional and cloud based IT environment
Mandar Kulkarni
Director - Cloud and Datacenter Programs of Microsoft
Presentation 2- Advanced Threats & Case Studies Monnappa K A
Monnappa K A
Information security investigator at Cisco Systems
Presentation 3- Cloud-HIDS: Hybrid Intrusion Detection Security Architecture in Cloud Environment Dr. Emmanuel Shubhakar Pilli
Cloud Environment consists of three types of servers: Cloud Controller Server (CCS), Cloud Compute Server (CCoS) and Cloud Network Server (CNS). CCS deals with the management services of the whole cloud. CCoS is responsible for hosting various Virtual Machines (VMs). CNS is responsible for providing networking facility to individual cloud components. Security solution cannot deploy one particular technique at all these servers in the cloud environment. Hence a hybrid solution is to be built to handle various components with specific vulnerabilities.
Traditional intrusion detection approaches have been applied by researchers in the cloud. These approaches fail to detect VM attacks targeted from one tenant VM to another on the same physical server as the traffic never passes through the physical network. They do not employ the introspection features and hence are limited in their capability to detect attacks in a virtualized environment.
We propose a traffic monitoring functionality to detect network attacks at CNS as the first level of defense. We incorporate a lightweight run-time behavior analysis technique with traffic analysis functionality to detect both malware and network attacks on VMs on CCoS as the second level of defense. At the top layer, we add introspection features to detect modern malware attacks at VMM or hypervisor level of CCoS as the final check. Attacks at the network server, hypervisor level, and virtual machine level can be addressed. However ensuring that the detection engine will not be compromised is still a major challenge!
Dr. Emmanuel Shubhakar Pilli
Assistant Professor at Dept. of Computer Science and Engineering,MNIT, Jaipur
Presentation 4- Approach to Threat & Vulnerability Management for the Hybrid Cloud Vishal Salvi
Vishal Salvi
Chief Information Security Officer and SVP at Infosys
Presentation 2- Effects of DDoS Attacks in Cloud Computing and Mitigation Techniques Gaurav Somani
The effects of distributed denial-of-service (DDoS) attacks on cloud computing are not very similar to those in traditional “fixed” on-premise infrastructure. In the context of DDoS attacks in multi-tenant clouds, we argue that, instead of just the victim server, multiple other stakeholders are also involved. Some of these important stakeholders are co-hosted virtual servers, physical servers, network resources, and cloud service providers. In this talk, we show through system analysis, experiments, and simulations that these stakeholders are collaterally a effected, even though they are not the real targets of the attack. Damages/effects to these stakeholders include performance interference, web service performance, resource race, indirect EDoS (economic denial of sustainability), service downtime, and business losses. Additionally, we also focus on few important research questions and solutions:
1. Do DDoS mitigation methods used by non-cloud infrastructures help in cloud?
2. What are the additional effects of DDoS attacks in Cloud Computing Environment?
3. What factors are responsible for rise and success of DDoS attacks to Cloud services?
4. What techniques are useful in mitigating and minimizing the effects of DDoS attacks in Cloud?
Gaurav Somani
Assistant Professor Department of Computer Science and Engineering at Central University of Rajasthan
Presentation 3- Trustworthy Engineering of Software Products Mohan Jayaramappa
With the increasing shift to software product development, it is important to keep in mind that product development is quite different from project development. Requirements have to be well elicited for a product. Many other characteristics of the software such as security, privacy become critical and need to be adequately taken into account so that the product addresses its market well.
The presentation talks about Trustworthy Engineering and speak about the various non-functional characteristics such as Security, Privacy, Performance, Reliability that comprise Trustworthiness and which need to be engineered and then verified that they are met.
Considering security for instance, just testing a software for security is not enough to have a secure application, Security has to be considered right from the Requirements through Architecture, Design and Development and then finally Testing. This applies to the other non-functional characteristics as well. After giving flavour of various NFR requirements, I show have we have adopted Trustworthiness Engineering successfully in our unit through appropriate artifacts, processes, technology. This includes how we made the Requirements elicitation faster and more exhaustive which then leads to the downstream activities.
Key Takeaways:
1. Concept of Trustworthy Engineering 2. How to secure applications throughout the phases of SDLC.
Mohan Jayaramappa
Senior Consultant at Tata Consultancy Services
Presentation 4- Identity of the Cloud Benildus Nadar
Benildus Nadar
Chair at CSA India Regional Coordinating Body
Presentation 1- The New First Line of Defence • Building an Organizational Security Culture Hitesh Sharma
While investment in technology is necessary to secure one’s enterprise, the most critical factor towards the same is ensuring that people controlling information take responsibility for securing the same. This presentation would take you through HPE’s perspective and experience with workforce transformation that equips individuals with the right set of skills, tools and behaviours required to ensure a secure future for their organizations.
Hitesh Sharma
Lead – Education Consulting, Technology Services at Hewlett-Packard Enterprise India Pvt. Ltd.
Presentation 2- Management of SaaS-specific risks Jeffrey Lau
SaaS providers have exploded in numbers in recent years. Practically every organization today has adopted SaaS services in one way or another. However, given the ease of adoption, coupled with a consumer-driven and instant gratification mindset, organizations often onboard SaaS services without necessary precaution and scrutiny.
By nature of the cloud, SaaS services are subject to much greater threats than traditional IT. Without proper management of SaaS risks, SaaS services can easily become the weakest link in your organization, potentially endangering organization survival. In this session, we will enumerate risks and mitigation measures of adopting SaaS services from the cloud customer's perspective to help protect your organization from SaaS-specific threats.
Presented by Jeffrey Lau, co-lead of the privacy practice at Ribose and member of CSA's SaaS Governance workgroup, this session explains the notion of SaaS-specific risks and best practices in managing them in this age of uncertainty.
Jeffrey Lau
Platform Lead at Ribose
Presentation 3- Future of Apps and Apps of the Future: Roadmap for App Security Ecosystem Dr. Sanjeev Singh
Dr. Sanjeev Singh
Associate Professor at Delhi University
Presentation 4- How Digital, Analytics and Cloud are becoming the boardroom agenda? Jaspreet Singh
Jaspreet Singh
Partner – Cyber Security at Ernst & Young
This is a past event
Cloud Security Alliance might have other events you're interested in.
