Cloud Focus Group: Cloud Security Alliance, Seattle Chapter Meeting

We have two exciting presentations on Cloud Security:

• Boeing in the Cloud: An Enterprise Perspective
• Can encryption help alleviate concerns about moving to the Cloud?

Additional Details, including Abstracts and Speaker Bios:

Cloud Security Alliance, Seattle Chapter, January 24th

Meeting Agenda:
6:00 – 6:15 Networking, Pizza, Sodas
6:15 – 6:30 Chapter Business
6:30 – 7:10 Boeing in the Cloud: An Enterprise Perspective
7:10 – 7:50 Can encryption help alleviate concerns about moving to the Cloud?
8:00 - ?? Networking

Presentation #1: Boeing in the Cloud: An Enterprise Perspective.

Abstract: Many more organizations are considering adoption of Cloud and are optimistic about it. Even the Federal CIO’s Office has mandated 25% of the IT budget for migration to the cloud. With ability to dynamically increase or decrease capacity, being scalable and elastic, Cloud does provide a compelling business model for enterprises and thus enables them to leverage the economies of scale. Though the main focus right now is for customer facing business needs, there is a strong value to be gained from moving mission critical enterprise applications to the cloud, while some challenges still remain viz. Data Security and Governance, Manageability, Reliability and availability, Interoperability and portability, Compliance and Audit and others.

We will talk about some of the issues relating to cloud deployments and explore use cases which are deployed in the Cloud for our commercial airline customers, consciously adopting a Hybrid Cloud model in order to support data security and compliance needs.

Presenters: Aradhna Chetal and Rajesh Ahuja, Cybersecurity Team, Boeing

Aradhna Chetal is a Security Architect at The Boeing Company, in the Authentication, Authorization and Cyber security services team. In this role she is responsible for building strategies and solutions for authentication, authorization, single sign on for internal/external customers, suppliers and integrating them with other enterprise services. She is also part of the Boeing’s Cloud Strategy team and is also developing Cloud Patterns and Cloud vendor evaluation criteria.
She has a wide variety of security experience and has been working in Information Technology for over 25 years. Prior to her assignment at Boeing, she worked at Microsoft and managed programs like VIA, Microsoft Security Response Alliance, Security Co-operation Program and worked closely with Microsoft Security Response Center and the product groups to get security vulnerabilities addressed. She also worked with SQL security team for developing threat models and evaluating SQL Azure services following a Secure development lifecycle for the new services.

Aradhna is a member of Cloud Security Alliance and CSA Seattle Chapter. She has contributed content to the CSA version 2 , 3 and SecaaS Implementation guidance. She is an active participant in other security forums like Microsoft Special Identity Group and Jericho Forum.

Rajesh Ahuja – Information Security Manager

Rajesh Ahuja is an Information Security Manager at the Boeing Company, responsible for the Authorization & Federation Controls Team. Rajesh manages a team of people responsible for providing mission critical solutions for Web Single Sign-On, Web Access Management, and SAML Federation. He is also involved any various initiatives at Boeing, including Supplier Identity Management, Cloud Security, and Network Segmentation.

Rajesh has been in the Information Security field for over 15 years. Prior to Boeing, Rajesh was a senior Identity Management Architect/Consultant at Sun Microsystems, working various high profile accounts, such as AT&T Wireless and Bank of America. Before that, Rajesh worked at Motorola, leading their Directory and Messaging implementations.

Rajesh has an MBA in Global Management from Thunderbird School of Global Management, and is a CISSP.

Presentation #2: Can encryption help alleviate concerns about moving to the cloud?

Abstract: Encryption is still typically poorly implemented and as Bruce Schneier has said, "Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system." But we've solved the network encryption problem. We all use encryption every time we shop online. Why does encryption continue to be such a headache?

In this talk, we will explore the various encryption options available and explore how individuals, organizations and cloud services providers can implement encryption solutions to enable them to securely manage data in today's multi-tenant cloud environments.

Presenter: Steve Pate, CTO of HighCloud Security

Steve Pate is the co-founder and CTO of HighCloud Security, a company formed in 2009 to help companies securely move to virtualized and cloud environments. Through the use of strong encryption and enterprise key management, HighCloud allows companies to make that secure transition to the cloud while staying in control of their data.

Before HighCloud, Steve was the CTO of encryption vendor Vormetric and one of the founders of virtualization security company HyTrust. Steve has a long time background in operating systems and storage having worked for ICL, the Santa Cruz Operation, VERITAS and a number of storage startups.

He is the author of two books on UNIX internals and Filesystem internals.