Infrastructure as a Service

Until now, SaaS has represented the most mature category of cloud adoption in the enterprise. The next wave of cloud growth, however, will come from infrastructure-as-a-service (IaaS), which Gartner pegs at nearly twice the growth rate of SaaS. Learning strategies to secure applications on IaaS platforms should be a critical goal for RSA attendees.

Hardening the Cloud: Assuring Agile Security in High-Growth Environments

February 17, 2017 | 9:00 AM – 9:45 AM | Moscone South | 301

Cloud Security & Virtualization | Classroom

Modern businesses recognize one of the greatest challenges they face on a day-to-day basis is meeting the demand for security at speed without jeopardizing protection; this is especially true in high-growth environments. This session will deliver IT and security professionals actionable, real-world insights aimed to improve AWS security strategies at minimal cost while delivering high value.

Speaker: Aaron McKeown, Lead Security Architect, Xero

Securely Moving Data to the Cloud with Confidence and Customer Focus

February 16, 2017 | 1:30 PM – 2:15 PM | Moscone South | 301

Cloud Security & Virtualization | Security Strategy | Classroom

This session will provide a deep dive of best practices to securely move customer data to the cloud through AWS, while keeping the customers’ interest top of mind. Nat Natarajan, CISO at Intuit, will illustrate how companies can successfully and securely harness the power of the cloud to ensure the speed of innovation.

Speaker: Michele Iacovone, SVP, Chief Information Security and Fraud Officer, Intuit

Rethinking Product Security: Cloud Demands a New Way

February 16, 2017 | 2:45 PM – 3:30 PM | Moscone South | 301

Application Security & DevOps | Cloud Security & Virtualization | C-Suite View | Classroom

Software providers that are in the business of running their software in the cloud have unique challenges when it comes to building and ensuring security in their products and the deployment of their products. This talk will cover the challenges that exist and a new paradigm on what product security means for a company moving from a shrink-wrap world to a software-as-a-service cloud services provider.

Speaker: Tony Arous, Head of Application Security, Autodesk, Inc.

Speaker: Reeny Sondhi, Chief of Product Security, Autodesk, Inc.

Dedicated Cloud Security Events

Each year, the Cloud Security Alliance hosts a summit before the RSA Conference officially begins entirely focused on cloud security. This year’s summit will feature a presentation from FinServ giant TIAA’s CISO, Steven Ward, along with Skyhigh CEO Rajiv Gupta. The event is a unique opportunity to learn about the future of cloud security technology from those who have worked on the cutting edge for years.

During show floor hours, Skyhigh will present a unique lecture series from security executives who have successfully deployed a CASB – Gartner’s top security technology. The Cloud Innovators Series provides practical knowledge from practitioners with hands-on experience spearheading organization-wide cloud security projects.

Audit and Compliance

Cloud governance calls for a cross-departmental coalition. Risk and compliance managers are responsible for consistently enforcing policies across their companies’ cloud portfolios. The regulatory environment is creating the need for additional focus on security when outsourcing data to cloud providers, especially with the EU GDPR little more than a year away from enforcement.

EU Data Privacy: What US Orgs Need to Do Now to Prepare for GDPR

February 14, 2017 | 3:45 PM – 4:30 PM | Moscone West | 2020

C-Suite View | Governance, Risk & Compliance | Privacy | Classroom

The European General Data Protection Regulation is the most significant development in data protection in the last 20 years. With a May 2018 compliance deadline looming, and more privacy and security requirements than ever, this presentation will help US companies understand their privacy and security compliance obligations and the steps they must take now to prepare for GDPR.

Speaker: Chris Zoladz, Founder, Navigate LLC

Auditors in the Cloud: Audit Risk and SaaS Applications

February 15, 2017 | 8:00 AM – 8:45 AM | Moscone West | 3018

Cloud Security & Virtualization | Governance, Risk & Compliance | Classroom

With the proliferation of cloud apps, some key mission critical applications are no longer on-premises. As a result, they are starting to come to the attention and priority of auditors. This session will focus on what you need to do to vet, implement and distribute cloud apps across your business in an audit-friendly way.

Speaker: Conrad Smith, Chief Information Security Officer, Bitium

War Stories

There is no substitute for experience, and any company planning a move to the cloud should pay attention to the advice of those who have gone before.

The Wild West Cloud Security Shootout

February 15, 2017 | 10:30 AM – 11:15 AM | Marriott Marquis | Nob Hill A

Application Security & DevOps | Cloud Security & Virtualization | Peer2Peer

CISOs evaluating cloud migration of ERP applications struggle with security approaches. A “lift and shift” of existing on-premise controls to PaaS/IaaS is a path to failure. Cloud security for SAP, Oracle and similar applications is unchartered territory. Gather with peers to discuss cloud migrations, architectures, security models, application controls and secure operations.

Facilitator: Adrian Lane, Analyst and CTO, Securosis

Learnings from the Cloud: What to Watch When Watching for Breach

February 15, 2017 | 2:45 PM – 3:30 PM | Moscone West | 2006

Analytics, Intelligence, & Response | Cloud Security & Virtualization | Security Strategy | Classroom

Protecting against account breach and misuse when using a cloud service can be challenging, as the cloud service decides what tooling is available, and control may be limited. This session will share learnings and best practices from the Office 365 engineering team: from the patterns observed, what are best practices to protect against account breach? less…

Speaker: Sara Manning Dawson, Principal Group Program Manager, Microsoft

War Stories: Corporate Cyberespionage Tales from the Trenches

February 15, 2017 | 9:15 AM – 10:00 AM | Marriott Marquis | Yerba Buena 9

C-Suite View | Security Strategy | Panel Discussion

How do the FBI and some of the world’s largest companies integrate their cyber-risk and business-risk practices? Learn from real case studies of how fraud, employee espionage and physical security threats were all enabled by cybercrime, and how those threats were discovered and stopped. The panel will also provide a checklist to begin integrating cyber into the broader business-risk discussion.

Moderator: Dr. Edward Amoroso, CEO, previously SVP and CSO of AT&T, TAG Cyber

Panelist: Chris Camacho, Chief Strategy Officer, Flashpoint

Panelist: Luis Guzman, Manager, Security Response, Uber

Panelist: Milan Patel, Managing Director of Cyber Investigations and Incident Response, K2 Intelligence

The C-Suite View

If the CEO has not yet asked what IT security is doing about cloud, the question is not far off. Cloud offers IT the opportunity to help the business be more productive, collaborative, cost-effective, and secure. CISOs should research how companies in even the most regulated sectors have securely embraced the cloud.

Pitching Infosec in the Boardroom When Your Customers Don’t Care

February 17, 2017 | 9:00 AM – 9:45 AM | Moscone West | 2006

C-Suite View | Security Strategy | Classroom

The CISO’s Lament: “I’m tired of banging my head against the boardroom door.” Even with a renewed sense of urgency around security, corporate leaders develop amnesia to bad times when the good times are aplenty. Consumer spending research at breached companies agrees with this notion. So how do you protect the enterprise when the board treats breaches like a Black Swan?

Speaker: Branden Williams, Director, Special Projects, Union Bank

The Finance Sector and Countering Cyberthreats: Lessons from the Front Lines

February 16, 2017 | 2:45 PM – 3:30 PM | Marriott Marquis | Yerba Buena 9

C-Suite View | Governance, Risk & Compliance | Panel Discussion

How do CISOs defend the integrity of financial networks? What technological and strategic tools are available to cyber-defenders? How should critical infrastructure defenses be prepared for a cyber-crisis? This panel of veteran security leaders will share lessons learned from countering the most advanced cyberthreats targeting financial services to inform cybersecurity strategies across sectors.

Moderator: Frank Cilluffo, Director, Center for Cyber and Homeland Security, George Washington University

Panelist: Valerie Abend, Managing Director & Lead for North America Financial Services Security, Accenture

Panelist: Cheri McGuire, Group Chief Information Security Officer, Standard Chartered PLC

Panelist: Troels Oerting, Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO), Barclays

Panelist: Rob Wainwright, Director, Europol