In the interest of preserving the flow of the presentation and the 45-minute timeframe, questions & answers have been removed from this recording. Answers to the questions asked during the presentation can be found in the OpenPMF FAQ(more)and the Model-Driven Security blog (more).
The audio ends halfway through the last slide (recommendations). This was due to excessive unrelated discussions and a sunsequent time cut-off by the moderator. Please contact us if you would like to discuss the recommendations slide.
You have to plan ahead in terms of security when moving parts of your organization’s IT into the Cloud. Compromises and mistakes done early on when things are small and less critical will come back and haunt you later. In this session, you will learn why security automation is important to meet both regulatory compliance requirements and the financial rationale behind Cloud adoption. The financial ROI of Cloud security and compliance is judged by decision makers in end-user organizations by the same measures as is done for Cloud computing in general, i.e. by how much it cuts up-front capital expenditure and in-house manual maintenance cost. However, manually translating security policy into technical implementation is difficult, expensive, and error-prone (esp. for the application layer). In order to reduce security related manual maintenance cost at the end-user organization, security tools need to become more automated. This session explains how automated tools can be used to translate security policy into technical security implementation for Cloud applications (using an approach known as “model-driven security”), so that security practitioners can better support financial rationale behind Cloud computing, and also influence Cloud providers to provide better security tools. The session will also cover how this approach helps achieve regulatory compliance for cloud.
Dr. Ulrich Lang is the co-founder and CEO of ObjectSecurity®, “The Security Policy Automation Company™”. ObjectSecurity’s OpenPMF™ product makes application security manageable through automation. Ulrich is a renowned thought leader, author and speaker on model-driven security, security policy, Cloud/SOA/middleware/application security, and has over 15 years of experience in information security. He received a PhD from the University of Cambridge Computer Laboratory (Security Group) on conceptual aspects of middleware security in 2003, after having completed a Master's Degree in Information Security with distinction from Royal Holloway College (University of London) in 1997.
DATE & LOCATION:
08 February 2011, Cloud Security Alliance Silicon Valley Chapter meeting, Ariba, Sunnyvale, CA, USA, and WebEx dial-in.