Roundtable 1: Michailas Ornovskis, Senior Security Architect at Sunrise
Hybrid Multicloud Security Challenges
It is common to start cloudification and digital journey towards new tools and services that are only available in the cloud for classic companies that have legacy / on-premises environments. Some repetitive mistakes are made and similar challenges are being faced, such as the lack of a sound cloud strategy, choosing the best option for migration, suitable cloud model etc.
Most commonly, the lack of planning and understanding results in building one of the hardest environments there is hybrid multicloud. Hybrid multicloud poses a challenge for security professionals since it requires to understand and manage multiple different environments at once. In addition, these are connected to each other.
Topic to address include: which security standards and policies to apply? Which security management tools to use? How to effectively be aware of and manage risks in such environment? Which new tools, techniques and competencies need to be developed in the company? Should we focus on using cloud-native or hybrid tooling?
Let’s meet and discuss these challenges and ways to address them.
Roundtable 2: Louis Duruflé-Seta, Senior Engineering Manager Security at Niantic Inc.
Cloud security: The Fast Moving Polymorphic Target
Cloud is building on a moving ground. How do you secure an infrastructure in constant evolution?
What are the cloud invariants, what are the challenges and the tools to address them?
The pace is accelerating, how do we secure organisations and infrastructures growing exponentially?
Roundtable 3: Rolf A. Becker, Co-Chair Cloud Security Alliance CH-Chapter
Third Party / Supply Chain Cyber Risk Management: Practical Experience
We all use many services of external providers. Most of them today are directly or indirectly themselves using other underlying services, and most are cloud based. Key to an effective cloud risk governance are the controls over information security risks. You need to make sure that your third party service provider not only understands them, but has also implemented them, and will maintain and improve them. This also applies to sub-providers, and to you as client.
I will share experience from having successfully implemented a third party service provider cloud and cyber risk assessment and control governance framework at one of the largest Swiss financial institutions. I will also give you insight into lessons learned, a reality check and practical way forward for large and small institutions – and why you should look for more than the ISO 27001 / 27017, SOC1 or SOC2 Type II reports. We will discuss what you are currently doing and what steps you can take in order to fortify your governance approach over 3rd party risks, including a new assessment and certification service the Cloud Security Alliance is developing which could support you by reducing cost and effort.
Roundtable 4: Gion Manetsch, Enterprise Architect at PostFinance AG
(details will follow)