Seattle Technical Forum

Name: Cloud Focus Group: Cloud Security Alliance, Seattle Chapter Meeting
Start: 2013-01-25T02:00:00Z
Location: Bellevue City Hall

Cloud Focus Group: Cloud Security Alliance, Seattle Chapter Meeting

Jan 24, 2013 · 6:00 PM
Bellevue City Hall

We have two exciting presentations on Cloud Security:
- Boeing in the Cloud: An Enterprise Perspective
- Can encryption help alleviate concerns about moving to the Cloud?

Additional Details, including Abstracts and Speaker Bios:

Cloud Security Alliance, Seattle Chapter, January 24th

Meeting Agenda:
6:00 – 6:15 Networking, Pizza, Sodas
6:15 – 6:30 Chapter Business
6:30 – 7:10 Boeing in the Cloud: An Enterprise Perspective
7:10 – 7:50 Can encryption help alleviate concerns about moving to the Cloud?
8:00 - ?? Networking

Presentation #1: Boeing in the Cloud: An Enterprise Perspective.

Abstract: Many more organizations are considering adoption of Cloud and are optimistic about it. Even the Federal CIO’s Office has mandated 25% of the IT budget for migration to the cloud. With ability to dynamically increase or decrease capacity, being scalable and elastic, Cloud does provide a compelling business model for enterprises and thus enables them to leverage the economies of scale. Though the main focus right now is for customer facing business needs, there is a strong value to be gained from moving mission critical enterprise applications to the cloud, while some challenges still remain viz. Data Security and Governance, Manageability, Reliability and availability, Interoperability and portability, Compliance and Audit and others.

We will talk about some of the issues relating to cloud deployments and explore use cases which are deployed in the Cloud for our commercial airline customers, consciously adopting a Hybrid Cloud model in order to support data security and compliance needs.

Presenters: Aradhna Chetal and Rajesh Ahuja, Cybersecurity Team, Boeing

Aradhna Chetal is a Security Architect at The Boeing Company, in the Authentication, Authorization and Cyber security services team. In this role she is responsible for building strategies and solutions for authentication, authorization, single sign on for internal/external customers, suppliers and integrating them with other enterprise services. She is also part of the Boeing’s Cloud Strategy team and is also developing Cloud Patterns and Cloud vendor evaluation criteria.
She has a wide variety of security experience and has been working in Information Technology for over 25 years. Prior to her assignment at Boeing, she worked at Microsoft and managed programs like VIA, Microsoft Security Response Alliance, Security Co-operation Program and worked closely with Microsoft Security Response Center and the product groups to get security vulnerabilities addressed. She also worked with SQL security team for developing threat models and evaluating SQL Azure services following a Secure development lifecycle for the new services.

Aradhna is a member of Cloud Security Alliance and CSA Seattle Chapter. She has contributed content to the CSA version 2 , 3 and SecaaS Implementation guidance. She is an active participant in other security forums like Microsoft Special Identity Group and Jericho Forum.

Rajesh Ahuja – Information Security Manager

Rajesh Ahuja is an Information Security Manager at the Boeing Company, responsible for the Authorization & Federation Controls Team. Rajesh manages a team of people responsible for providing mission critical solutions for Web Single Sign-On, Web Access Management, and SAML Federation. He is also involved any various initiatives at Boeing, including Supplier Identity Management, Cloud Security, and Network Segmentation.

Rajesh has been in the Information Security field for over 15 years. Prior to Boeing, Rajesh was a senior Identity Management Architect/Consultant at Sun Microsystems, working various high profile accounts, such as AT&T Wireless and Bank of America. Before that, Rajesh worked at Motorola, leading their Directory and Messaging implementations.

Rajesh has an MBA in Global Management from Thunderbird School of Global Management, and is a CISSP.

Presentation #2: Can encryption help alleviate concerns about moving to the cloud?

Abstract: Encryption is still typically poorly implemented and as Bruce Schneier has said, "Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system." But we've solved the network encryption problem. We all use encryption every time we shop online. Why does encryption continue to be such a headache?

In this talk, we will explore the various encryption options available and explore how individuals, organizations and cloud services providers can implement encryption solutions to enable them to securely manage data in today's multi-tenant cloud environments.

Presenter: Steve Pate, CTO of HighCloud Security

Steve Pate is the co-founder and CTO of HighCloud Security, a company formed in 2009 to help companies securely move to virtualized and cloud environments. Through the use of strong encryption and enterprise key management, HighCloud allows companies to make that secure transition to the cloud while staying in control of their data.

Before HighCloud, Steve was the CTO of encryption vendor Vormetric and one of the founders of virtualization security company HyTrust. Steve has a long time background in operating systems and storage having worked for ICL, the Santa Cruz Operation, VERITAS and a number of storage startups.

He is the author of two books on UNIX internals and Filesystem internals.

Join or login to comment.

Hit enter to add your reply

Marc P.

Aradhna Chetal and Rajesh Ahuja presented on three of Boeing’s pilot projects using Cloud Computing, one of which has moved into production. Lessons learned included recognizing that not all requirements are likely to be met by one vendor, and that every application should be evaluated across many parameters, such as security, compliance, etc. Boeing also suggested that the initial ROI for moving to the cloud may be lower than vendors suggest, as many of their corporate applications are built to use several services, which means more work is required to migrate them to the cloud.

Steve Pate of High Cloud Security reviewed three encryption architectures available and discussed the pros and cons of each solution. The critical challenge with encryption is key management. Steve reviewed how solutions available today enable individuals, organizations and cloud service providers to securely manage data in today's multi-tenant cloud environments.

0 · February 5, 2013
Marc P.

We had 76 members join us for the January meeting, featuring presentations from Boeing, ‘Boeing in the Cloud: An Enterprise Perspective’ and from High Cloud Security on ‘Can encryption help alleviate concerns about moving to the cloud?’ Both presentations were followed by lively and extensive Q&A sessions.

Barbara Endicott-Popovsky presented on the Records in the Cloud (RiC) research project, http://www.recordsinthecloud.org/, and asked for volunteers. RiC is a research project designed to study the legal and ethical challenges facing organizations and individuals who adopt storage and services available in “the cloud”. RiC is looking to schedule interviews either in person, by phone or online. Our team of researchers will be in the Seattle area the week of February 18 to meet with you/interested parties in your organization.

0 · February 5, 2013
Marc P.

I asked Steve and we will be able to get a copy of his presentation on Encryption, so once we have it we will post on Cloud Security Site.

1 · January 24, 2013
Marc P.

Standing room only with 76 attendees. Lots of Q&A and great networking.

0 · January 24, 2013
A former member

Great turn out . Room is too small. Can we have a copy of the deck online?

0 · January 24, 2013
- Henry P.
  
  Good Evening John, Bad news, I'd asked Rajesh Ahuja the same question & I was told that the copy of the presentation deck did not get approved.
  
  0 · January 24, 2013
Henry P.

Great event

0 · January 24, 2013