Keynote Speakers

9:00AM

Mark White (view bio)
Principal & CTO of Deloitte Consulting LLP's Technology Service Area
Lead IT Principal on the DHS Account Team

Title: Cloud Is What You Make of It: Capturing the Real Value of Cloud Computing

Abstract: For a term that was introduced by researchers at MIT nearly 15 years ago, there's an awful lot of hype around cloud today. And for good reason. Cloud is a powerful new approach to solving business problems in different, better, and potentially radical ways. Though the technology itself is evolutionary, its business applications are nothing short of revolutionary.

10:10AM

Michael L. Levy (view bio)
United States Attorney for the Eastern District of Pennsylvania

Title: Cloud in the Courtrooms: Implications of the Stored
Communications Act for Cloud Computing

Abstract: As we move more data offsite, what are the privacy considerations? If we keep records in house, the government can get them by subpoena or by search warrant. How are the rules different when we store this information remotely? In civil litigation, what are the authentication issues when we want to present a “document” that only exists in digital format in some remote location?

1:45PM

Lt. General Harry D. Raduege (USAF, Ret) (view bio)
Chairman, Deloitte Center for Cyber Innovation, Director, Deloitte LLP and former director of Defense Information Systems Agency (DISA)

Title: Cloud Security: Realistically Handling the Risk of the New

Abstract: The benefits of cloud computing are clear -- increased IT agility, decreased costs, and improved IT service delivery. The challenges are also clear - protecting information, keeping balance between control and efficiency, and addressing security risks.

Morning Breakout Sessions: 11:30 AM - 12:20 PM

Session Title & Presenter

Session Summary

Cloud Computing: Is ITIL Still Relevant?
Nicholas Clarke, Deloitte Consulting LLP

Explore why Cloud-Computing heightens the need for IT Service Management and how the ITIL framework provides a solid foundation for operational control.

Let's Debate the Trade-offs of Protecting Information in the Cloud, be it Public or Private
Rosanna Pellegrino, Clearswift

Cloud computing is all the rage but is your most sensitive information truly secure in a public cloud, and are you able to track content as it flows in and out of your organization?

The Value of Cyber Threat Intelligence
Rich Baich, Deloitte & Touche LLP

The Value of Cyber Threat Intelligence will present compelling reasons why organizations should be adapting their existing information security programs to leverage new sources of intelligence data that focus on exposing activities occurring within the underground economy.

The Accountable Cloud
Andreas Haeberlen, University of Pennsylvania

I will present a new technique that allows cloud customers to verify whether contracted cloud services were actually provided. I will also discuss reliability and privacy challenges that arise from the ongoing trend towards distributed systems that span multiple organizations.

Security and Privacy Challenges with Hybrid Cloud
Vijay Vedanabhatla, Deloitte & Touche LLP
Ash Raghavan, Deloitte & Touche LLP

As the cloud adoption increases, companies are moving important applications to the cloud. However, they continue to have majority of their application in-premise. Currently, these applications are not integrated or they have minimal point to point integration. Companies will have to strategies on holistic integration strategy to provide seamless experience to the users as well as reduce the TCO for managing the hybrid cloud environment. This presentation explores the potential security and privacy challenges with the point to point as well as holistic integration strategy.

Cloud Computing in State and Federal agencies – a Reality Check
Roberto Cota, Deloitte Consulting LLP
John Houseal, Deloitte Consulting LLP

In 2010, cloud computing is positioned to radically change how Federal and State government agencies plan and implement their infrastructure and technology platforms. We examine the reality of what it means to implement “cloud” services in a government environment.

Afternoon Breakout Sessions: 3:20 PM - 4:10 PM

Session Title & Presenter

Session Summary

Cloud Computing with Amazon's EC2
Anthony Hernandez, Smart and Associates

At this point, most everyone in the IT industry has heard about “cloud computing” and the amazing ways it can improve the way people interact with and manage computers, applications and data. In this presentation we will discuss our experiences helping customers to implement Amazon’s EC2 cloud computing service to solve business problems, some of the specific security risks present in Amazon’s offerings and how the Cloud Security Alliance’s framework for standardizing cloud computing security applies to EC2.

Leveraging existing Identity and Access Management systems in a new cloud environment
Kiran Mantha, Deloitte & Touche LLP

If a company is considering moving a portion of their IT systems/operations to the cloud, how will this impact their existing IAM system and how could the existing IAM system be leveraged to provide security to users that need to access the data in the cloud? We have many clients who, in the last 5 years or so, have implemented enterprise IAM/provisioning solutions. As these companies begin to consider the benefits of cloud-based services/systems, they’ll want to know how those services and systems can be integrated into their existing IAM/provisioning solutions.

Cloud Computing in the Public Sector Landscape
Jeremy Zeh, Deloitte Consulting LLP
Babu Narayan, Deloitte Consulting LLP
Alok Yardi, Deloitte Consulting LLP

Cloud going Public? Panel to discuss and evaluate the effectiveness of Cloud Computing in the public sector space.

Performing security assessments on virtualized environments
Andrew Murren, Deloitte & Touche LLP

A discussion on the current state of known virtualization security vulnerabilities including examples of struggles experienced (e.g. segregation of networks, segregation of duties, auditing & logging, change management) by organizations and how they are overcome. Discussion includes:
- The use of virtual security hardware, offline guests, encryption, hypervisor access, and the movement of workloads.
- A sampling of the controls to verify during an assessment including traffic segmentation, scope of IDS/IPS, security between hosts & guests, and operational issues along with methods to mitigate the risk and satisfy regulatory controls (e.g. PCI).
- Penetration testing challenges in a cloud environment

To Cloud or Not To Cloud: Managing Expectations and Requirements for a New Infrastructure
Nicholas B. Takacs, CISSP, CSSLP, Penn Treaty Network America

This session examines the common and no-so-common justifications for cloud computing implementations, and presents strategies for gaining management support to implement these projects.

SIM in the Cloud
Tracy Hulver, netForensics

Protecting critical data and assets is getting tougher, as attacks and breaches are becoming increasingly subtle and sophisticated. So today, you need an even deeper understanding of your security status than in the past.

Managing the Risks of Unethical Behavior
Timothy T. Lupfer, Deloitte Consulting LLP