Events Calendar
1
CALENDAR 20 Network Security November 2013 EVENTS CALENDAR ...Continued from page 19 storage, if it’s infrastructure in the cloud, you can encrypt the data, whether it be on the ground first, and then you ship it up, if it’s a pure storage play, or you put the encryption up into the cloud. Basically, that’s the way we work – we can encrypt wherever the data is in the cloud, but our servers are then away from that, they’re held elsewhere, so it really doesn’t matter where that is. Clients can do it themselves. There are lots of encryption solutions that again you could put up into the cloud that would encrypt the data, but the keys would be held by the client, or whoever’s creating the key management program for it.” Other benefits NS: Are there any other benefits of separating out who does the security, and who does the storage? CT: “I think there are, insofar as a lot of organisations don’t understand what they’re doing, and so they can leverage off of an organisation that has that expertise. A lot of organisations don’t do good back-ups, whereas if they go into a cloud service provider, they will have all their data backed up, so I think there’s a lot of that advantage in there. “To one company, five bad log-ons, one after the other, is a huge issue; for another company, 500 bad log-ons, one after the other, might not be an issue at all” “I think, if you’re starting to use an organisation that is a specialist in a certain area, then you’re going to get some other benefits in terms of their expertise. Some organisations might not be able to recognise a persistent attack on their data over a longish period of time, because they’re not really looking at the logs, they don’t understand what they’re saying. A specialist organisation would be able to look at that, and analyse it, and maybe alert the organisation to it. Another thing might be that, to one company, five bad log-ons, one after the other, is a huge issue; for another company, 500 bad log-ons, one after the other, might not be an issue at all. It depends on your type of business. So again, working with a company that has some expertise in that area can help smooth over those concerns, because a lot of companies now, all they hear in the press is about the bad stuff that’s going on, and how do they work their way through all of this? You switch on every rule on your firewall, and nothing’s going to get through. You’re never going to have a web conversation, or be able to go onto any websites. You can go to one extreme and then the other, and I think that’s where talking to an organisation that has some expertise can help you fine-tune what you need to do. “It’s the same as buying infrastructure – you might think you need a four- core machine, but you talk to some of these organisations, and they say, no – you can get away with two-cores. You might think you need massive amounts of memory, well maybe you don’t need it. You’re talking to the experts, and I think that’s the whole issue of cloud – as an organisation, you’ve got so many people and expertise you can call on, and I think that’s where people can leverage that type of technology. And whether that’s security, storage or applications, I think that’s really where the benefits are.” About the author Steve Mansfield-Devine is a freelance journalist specialising in information security and the editor of Network Security and its sister publication Computer Fraud & Security. He also blogs and podcasts on security issues at ContraRisk.com. Resources digpath.co.uk. References 1. Cloud Security Alliance, home page. https://cloudsecurityalliance.org/. 2. Ballabio, Gary. ‘Security and availability techniques for cloud- based applications’. Computer Fraud & Security, Oct 2013, pp.5-7. www. sciencedirect.com/science/article/pii/ S1361372313700915. 4–5 December 2013 Cloud Security Alliance Congress 2013 Orlando, US www.cloudsecuritycongress.com/us.html 15 January 2014 Securi-Tay 3 Abertay Dundee University, UK http://securi-tay.co.uk/ 21–22 January 2014 FIC 2014 – 6ème Forum International de la Cybersécurité Lille Grand Palais, France www.forum-fic.com/2014/fr/ 28–31 January 2014 Cyber Defence and Network Security 2014 London, UK www.cdans.org 24–28 February 2014 RSA Conference 2014 San Francisco, US www.rsaconference.com 17–21 March 2014 Troopers Heidelberg, Germany www.troopers.de 24–25 March 2014 International Conference on Cyber Warfare and Security (ICCWS) West Lafayette, Indiana, USA http://academic-conferences.org/iciw/ iciw-home.htm 25–28 March 2014 Black Hat Asia Singapore www.blackhat.com 7–9 April 2014 InfoSec World Conference & Expo Orlando, Florida, US http://bit.ly/infosecworld
Transcript of Events Calendar
CALENDAR
20Network Security November 2013
EVENTS CALENDAR
...Continued from page 19storage, if it’s infrastructure in the cloud, you can encrypt the data, whether it be on the ground first, and then you ship it up, if it’s a pure storage play, or you put the encryption up into the cloud. Basically, that’s the way we work – we can encrypt wherever the data is in the cloud, but our servers are then away from that, they’re held elsewhere, so it really doesn’t matter where that is. Clients can do it themselves. There are lots of encryption solutions that again you could put up into the cloud that would encrypt the data, but the keys would be held by the client, or whoever’s creating the key management program for it.”
Other benefitsNS: Are there any other benefits of separating out who does the security, and who does the storage?
CT: “I think there are, insofar as a lot of organisations don’t understand what they’re doing, and so they can leverage off of an organisation that has that expertise. A lot of organisations don’t do good back-ups, whereas if they go into a cloud service provider, they will have all their data backed up, so I think there’s a lot of that advantage in there.
“To one company, five bad log-ons, one after the other, is a huge issue; for another company, 500 bad log-ons, one after the other, might not be an issue at all”
“I think, if you’re starting to use an organisation that is a specialist in a certain area, then you’re going to get some other benefits in terms of their expertise. Some organisations might not be able to recognise a persistent attack on their data over a longish period of time, because they’re not really looking at the logs, they don’t understand what they’re saying. A specialist organisation would be able to look at that, and analyse it, and maybe alert the organisation to it. Another thing might be that, to one company, five bad log-ons, one after the other, is a huge issue; for another company, 500
bad log-ons, one after the other, might not be an issue at all. It depends on your type of business. So again, working with a company that has some expertise in that area can help smooth over those concerns, because a lot of companies now, all they hear in the press is about the bad stuff that’s going on, and how do they work their way through all of this? You switch on every rule on your firewall, and nothing’s going to get through. You’re never going to have a web conversation, or be able to go onto any websites. You can go to one extreme and then the other, and I think that’s where talking to an organisation that has some expertise can help you fine-tune what you need to do.
“It’s the same as buying infrastructure – you might think you need a four-core machine, but you talk to some of these organisations, and they say, no – you can get away with two-cores. You might think you need massive amounts of memory, well maybe you don’t need it. You’re talking to the experts, and I think that’s the whole issue of cloud – as an organisation, you’ve got so many people and expertise you can call on, and I think that’s where people can leverage that type of technology. And whether that’s security, storage or applications, I think that’s really where the benefits are.”
About the authorSteve Mansfield-Devine is a freelance journalist specialising in information security and the editor of Network Security and its sister publication Computer Fraud & Security. He also blogs and podcasts on security issues at ContraRisk.com.
Resources
digpath.co.uk.
References1. Cloud Security Alliance, home page.
https://cloudsecurityalliance.org/.2. Ballabio, Gary. ‘Security and
availability techniques for cloud-based applications’. Computer Fraud & Security, Oct 2013, pp.5-7. www.sciencedirect.com/science/article/pii/S1361372313700915.
4–5 December 2013Cloud Security Alliance Congress 2013Orlando, USwww.cloudsecuritycongress.com/us.html
15 January 2014Securi-Tay 3Abertay Dundee University, UKhttp://securi-tay.co.uk/
21–22 January 2014FIC 2014 – 6ème Forum International de la CybersécuritéLille Grand Palais, Francewww.forum-fic.com/2014/fr/
28–31 January 2014Cyber Defence and Network Security 2014London, UKwww.cdans.org
24–28 February 2014RSA Conference 2014San Francisco, USwww.rsaconference.com
17–21 March 2014TroopersHeidelberg, Germanywww.troopers.de
24–25 March 2014International Conference on Cyber Warfare and Security (ICCWS)West Lafayette, Indiana, USAhttp://academic-conferences.org/iciw/iciw-home.htm
25–28 March 2014Black Hat AsiaSingaporewww.blackhat.com
7–9 April 2014InfoSec World Conference & ExpoOrlando, Florida, UShttp://bit.ly/infosecworld
