Agenda
| Wednesday, 05.05.2010 | ||
| 07:30-10:00 |
Check-in & Registration |
|
| 08:30-09:00 |
The Role as a Role Model Niels von der Hude, Beta Systems Software
In many enterprises, modeling the permissions for a new employee on those of a member of staff whose job description involves similar tasks is still the established practice. Our presentation not only points out the dangers of working in this way, but also describes the procedural method that is to be aimed for, especially with regard to compliance considerations. This method combines the functions involved in the creation of roles (role mining), the use of roles in provisioning, and the authorization of changes by means of workflow components, thus providing a homogeneous whole that describes the entire life cycles of roles. The presentation demonstrates how this procedural model takes the functional view of an employee's role and translates it into concrete technical permissions that are immediately usable in the day-to-day work environment, and whose logic is clear to all concerned. Based on our practical experience in role management projects, we will also present solutions for working with dynamic roles and handling the numerous dependencies that exist between roles. |
|
| 09:00-09:30 |
Extending the Principles of Service-Oriented Security to Cloud Computing John Aisien, Oracle Corporation
Cloud computing adoption is adversely affected by security and privacy concerns. Enterprises are often perplexed by the many challenges of cloud security and how to maintain compliance and governance in this new IT paradigm. This session will outline how to leverage existing identity and access management infrastructure, and how to extend Service-Oriented Security and standards-based interactions to successfully secure assets in the cloud; and will include customer examples. |
|
| 09:30-10:00 |
On Cloud 9 or Lost In (that) Space Prof. Dr. Eberhard von Faber, T-Systems
Cloud Computing has a variety of terrific characteristics. Some are really new. Some other are well known for years and just come in different form or flavour. Best situation to discover and learn from long-term trends, point at today’s critical issues or smoothly direct the discussion back on track. What processes do user organizations need to manage cloud security risks? Do our experts come across with issues which are considered fundamental five years from now? What impact have all-round cloud self-service for enterprise security management and consistency? The cloud scales. Will security and even identities scale, or do we get stuck in identity silos? Those are the type of questions which guide to new insides, point to discussions in other track sessions and maybe induce others. |
|
| 10:00-10:30 |
Coffee Break, Expo Area |
|
|
Enterprise Cloud Strategies Moderator: Tim Cole, KuppingerCole
|
|
| 10:30-11:30 |
Cloud 2010 Opening Session: How to do Business in the Cloud – the Service Provider Perspective Peter Arbitter, T-Systems International GmbH
Keith Grayson, SAP
Jordan Janeczko, Siemens IT Solutions and Services
The Review of Cloud Business Models and Demonstrations in Finance and Health CloudsVictor Chang, National Health Service and University of Southampton
Prof. Dr. Dave De Roure, University of Southampton
Dr Gary Wills, University of Southampton
This talk reviews current cloud computing business models and presents proposals on how organisations can achieve sustainability by adopting appropriate models. Using the Jericho Forum’s "Cloud Cube Model" (CCM), we classify cloud computing business models into eight types:
The Hexagon Model is newly proposed based on Sun Tzu’s Art of War (STAW) and literature reviews in economics and finance. Six key elements are identified for sustainability and the sixth factor is rated based on case studies and peer reviews. Areas occupied in the Hexagon can represent strength and weakness of cloud business, and several cases are presented with rationale explained. Apart from qualitative approach, the quantitative approach we use is the Capital Asset Pricing Model, which aims computing organisational sustainability and predicts how well an organisation can perform. We also use Modern Portfolio Theory (MPT), which models an asset’s return as a normally distributed random variable and define risk as the standard deviation of return. Other business models are reviewed and our proposal of using both quantitative and qualitative approaches provides more added values, which are explained in the talk. Some examples in finance and healthcare clouds are demonstrated. Some experiments are completed in the domains of private and public clouds. Several examples in Monte Carlo and Black Scholes are used in modelling of assets, such as calculation of assets for the best to buy/to sell, risk analysis and so on. Black Scholes have the same objective but with different focus. Selected healthcare clouds are used to demonstrate cloud storage & initial phase in bioinformatics. We hope adopting an appropriate cloud computing business model will help organisations investing in this technology to stand firm in the economic downturn. |
|
| 11:30-12:30 |
Pairing Unpredictable Opportunities with Unknown Risk: Cloud Governance for Enterprise IT Werner Braun, Siemens AG
Martin Kuppinger, KuppingerCole
Thomas C Stewart, SecureAuth
Panel: Private, Hybrid, Public – Which Cloud for What?Pamela Dingle, Ping Identity
Mathias Kaldenhoff, Oracle
Dale Olds, Novell
|
|
| 12:30-14:00 |
Lunch Break, Expo Area |
|
|
Cloud Computing: Compliance & Security Moderator: Mike Small, KuppingerCole
|
|
| 14:00-15:00 |
Cloud Computing – Identity and Security Smog? Mike Small, KuppingerCole
Cloud computing is an alternative model for acquiring and delivering IT-related services. The benefits of this approach are that the users of services do not need to own and manage the capital equipment involved. However does the cloud hype in fact conceal the security issues of the identity of users and the security of data. By the very nature of cloud computing, the data belonging to the organization using a cloud service will be held in a shared environment. A shared environment is implicitly less secure than a non shared one. Furthermore delegating the storage and processing of data does not relieve the organization of its legal and regulatory obligations around this data. This presentation sets out the risks and best practices to avoid the cloud smog. Ronny Bjones, Microsoft
Matthew Gardiner, CA Director, Kantara Initiative President
Nishant Kaushik, Oracle
Dr. Barbara Mandl, Daimler AG
Alberto Pricoli, Arcot GmbH
Historically every new wave of IT architecture from the mainframe, to client-server, to the Web, left security and related standards as an afterthought. Had appropriate security architectures been baked in from the start, the seemingly constant need for security catch-up would have been significantly reduced. Are we going to repeat these mistakes in the movement to the Cloud? This panel will leverage the combined expertise of software and cloud vendors as well as cloud consumers to help drive necessary change. |
|
| 15:00-16:00 |
Good Clouds and Bad Clouds Liam Lynch, eBay Inc.
Malware guarantees that identities area at risk and there's a need, more than ever before, to ensure that identities are safe. I will introduce ideas and research that protects identities on enterprise platforms, home platforms, and mobile/consumer platforms (such as Televisions). Joe Baguley, Quest Software
Martin Geier, BMC Software
Martin Kuppinger, KuppingerCole
Dr. Michael Pauly, T-Systems
|
|
| 16:00-16:30 |
Coffee Break, Expo Area |
|
| 16:30-17:30 |
The Fundaments of Effective Identity in the Cloud Pamela Dingle, Ping Identity
Just how should enterprise identity management and outsource SaaS applications integrate securely? In this session Ping Identity’s Pam Dingle discusses ways to avoid the nightmare of maintaining multiple directories in the cloud by leveraging four basic areas of identity integration with SaaS: provisioning, authentication, Internet Single Sign-On and authorization. Shlomi Dinoor, Cyber-Ark Software
Peter Heintzen, Oracle
Philip Lieberman, Lieberman Software
Nimrod Vax, CA
|
|
| 17:30-18:00 |
Identity in the Cloud – Finding Calm in the Storm André Durand, Ping Identity
|
|
| 18:00-18:30 |
Follow the Money: How Cloud Providers' Business Needs Drive Enterprise Identity & Security Dale Olds, Novell
Cloud computing has enabled new business models, and these business models, not cloud computing directly, are driving an upheaval in identity and security needs into the enterprise. A handful of new and old technologies have combined to produce cloud computing, which has enabled a seismic shift in the business models of services and applications. This shift in turn is driving new security and identity needs back to the enterprise. It is imperative that enterprises understand how hosters, MSPs, Iaas/PaaS vendors, and SaaS providers make their money -- and how this works with or against enterprise security needs. In this session we will identify types of cloud-based services, the monetary incentives for the service providers, and the resulting impacts on the enterprise security. We will detail steps enterprises can take to maximize effective identity and security policies in cloud services, as well as what to look for in service providers. We will also look at it from the perspective of the service provider -- how they can maximize their value and the loyalty of their enterprise customers. |
|
| 18:30-19:00 |
An Information Society Perspective on Electronic Identity Management Dr. Dirk van Rooy, European Commission, DG Information Society and Media
With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressures on trust, security and privacy as we know it. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. The Future Internet will bring about a world that combines physical and digital elements. Technologies for pattern analysis and superpositioning, data linking, mining and collection will unleash unseen capabilities of access to personal data in a wide sense, and provide mechanisms for undesired privacy intrusion. In this context, the creation and management of identity related data and means to control their long-term use have emerged as some of the central challenges of digital life. In order to preserve trust in digital life, the European Commission recognizes that appropriate measures need to combine technology development with legal means, with user awareness and tools that support data controllers to comply with law in an accountable and transparent manner and that empower users with a controlling stake in managing their identity data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, electronic identity management technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. |
|
| 19:00-22:00 |
European Identity Awards Ceremony & Buffet Dinner |
|