Puneet SinghPresident at Encryption Consulting LLC
Welcome & Key note
Encryption Consulting has grown exponentially since its inception and has emerged as a leading global data security consulting company. With the remarkable success of CodeSign Secure and CertSecure Manager, it has now expanded its footprint by foraying into DLP, CASB and HSM-as-a-Service. It is armed with a team of dedicated and deeply committed data protection experts extending their services to nearly 100 customers in the Fortune 500.
Tim PhippsDirector Cloud Alliances, EMEA at Thales
Can You Trust The Cloud With Your Sensitive Data?
- What is currently driving the demand for putting sensitive data into the Cloud?
- Hyperscalers have invested huge sums in cloud security so shouldn’t we just rely on native encryption keys and key management provided by them to protect sensitive data in the cloud?
- Is Schrems II now invalid with the recent commitment to the new Trans-Atlantic Data Privacy Framework?
- What measures can organizations adopt to control their Digital Sovereignty and how to remediate risk once it knows where its sensitive data resides.
Mark BowerVP – Product Management at Anjuna
Data Security and Privacy with Confidential Computing
All major cloud providers now deliver powerful hardware-grade security services every enterprise requires to maintain the highest level of security. Anjuna extends these Confidential Computing technologies to create hardened private environments that protect sensitive applications and data from insiders, bad actors, and malicious processes–even from a physical machine breach. The strong, impenetrable protection of the Anjuna Confidential Computing software automatically extends everywhere workloads and data are processed, stored, and networked. Now, highly regulated organizations and government agencies like Israel’s Ministry of Defense can protect sensitive workloads in secure private environments built on public cloud infrastructure from AWS, Microsoft Azure, Intel, AMD, and others. See how, as we dive deeper into Israel’s Ministry of Defense case study.
Shiran MaorSr Principal Platform Architect at Anaplan
Bring Your Own Key for SaaS
Using SaaS offering increase the risk for businesses, as businesses’ data is managed by others. Most SaaS companies will offer security guards to protect from the outsiders, but are they protected from the inside?
Watch the session on advanced data protection that your business should consider implement to give more protection and control to your customers.
- What is BYOK and should I consider implement BYOK?
- What are the advantages and disadvantage of BYOK?
- Go over some common use cases for BYOK
- BYOK at Anaplan
Govind PalanisamySr. Solutions Architect at Global Payments
Data Loss Prevention
Cloud data loss prevention (DLP) to help organization’s keep their sensitive or critical information safe from cyber attacks, insider threats and accidental exposure.
Sid DuttaVP – Data Privacy & Protection at Activision
Designing & Implementing a Data Protection Framework taking a Risk-based approach
As enterprises are grappling with data breaches and compliance to various local and regional privacy regulations, it has become a daunting task for businesses to develop and implement data protection strategies and frameworks, that are effective, yet practical and scalable.
Given not all data elements are the same, and that they aren’t subject to the same risk exposure and the same level of magnitude in terms of impacts, a one-size-fits-all strategy for protecting data would either over-protect or under-protect data. A blanket approach to address data protection could be either too lengthy, expensive, and complex to implement or leave a big risk exposure for the business to pay for massively at a later time.
Data privacy and protection techniques vary across multiple dimensions and layers – with varying degrees of effectiveness and implementation complexity. Applying optimum techniques for data protection is more art than science, and enterprises often struggle to adopt an appropriate model for developing their data protection strategy.
Watch the session, you will learn how to adopt a risk-based approach to design and implement an effective and practical data privacy and protection framework, as Sid shares his learning and experience while driving cross-functional data privacy and protection programs across various large and complex organizations during his career.
Jeff FarinichChief Information Security Officer at New American Funding
How a Data Classification initiative turned into an organization wide Data Protection Portfolio of Programs
Are you storing PII and PCI data in your environment? If yes, then how strong is your data classification schema? Data classification helps you centralize data management by rapidly.
Identifying, normalizing, and classifying data across on-prem and cloud sources – protecting data that strengthens a business. We will discuss why a data classification initiative is necessary for your organization and how it can be turned into an organization-wide data protection portfolio program.
Lane SullivanChief Information Security Officer at Magellan Health
Data comes first
The crucial first step in privacy and data protection is to know what constitutes sensitive data, where it is stored, and how it is used. If an organization does not have a proper understanding of their sensitive data, it will not be able to efficiently protect data across the enterprise, mitigate the risks associated with it and will remain non-compliant with regulatory mandates and industry best practices.
Anand KashyapCo-founder, CTO at Fortanix
Are you ready for PQC?
In recent years, the research in quantum computers has accelerated, and what seemed possible in a distant future is now predicted to be only a few years ahead. If quantum computers become real, then they will have the ability to break many of the widely used cryptographic algorithms currently in use, such as RSA, and elliptic curve cryptography. This problem will be exacerbated for machines and IoT devices which are in use currently and are expected to be in the field for several years, but have firmware and other software using conventional cryptography.
Post quantum cryptography deals with this problem by creating cryptographic algorithms which are safe from both quantum and classical computers. This has been an active area of research as well as standardization efforts from NIST in the last few years. In this talk, we will present the state of affairs with the PQC algorithms, their state of development, as well as adoption and usage in industry.
Anthony CammaranoVP, Principal Security Architect at Protegrity
Achieving Cross Border Data Privacy Compliance in the Enterprise With a Secure Data Service
At the enterprise level operating a multi-national business sensitive data is sourced, moved, and consumed across complex legal, privacy, geo-political, and regulatory data flows in all kinds of software stacks. This adds risk and prevents business growth. The scale and complexity of this problem cannot be satisfied by traditional protection patterns and requires a simple solution that empowers business with secure data.
Einat ShimoniDirector, Data security at Anaplan
POV on PKI and Certificate Lifecycle Management
The Right PKI infrastructure and Certificate Management is necessary for enterprise-level security posture. It is important you understand the need for it for your environment. Digital certificates provide power, and PKI-based security enables the creation of trusted device identities. However, the lifespan of these certificates is shrinking, which helps enterprises stay more secure but also means that they must be renewed more frequently. Without the right management solutions, this administrative aspect of managing hundreds or thousands of digital certificates can be daunting for organizations and may even lead to a breach. This session will discuss why PKI and Certificate management is necessary, the drawbacks and benefits, the architecture, the certificate management lifecycle, etc.
Tomas GustavssonChief PKI Officer at Keyfactor
Operating PKI in the new zero trust, multi-cloud era
Cybersecurity is a fast evolving area. Moving from traditional enterprise boundaries to zero trust, multi cloud environments have many technical challenges. PKI as concept see some changes but the large changes is in how PKI is deployed and operated in the new era. With the move to zero trust the volume of identities are growing fast, migration to cloud requires new hybrid deployment models, automation is needed to keep up with DevOps and, and new HSMs offerings are appearing quickly, not to mention what to transition to post quantum cryptography algorithms means.
Watch the session on these topics, showing real examples how organizations are able to leverage new technology in a traditional security field, and show technical details on what changes under the hood.
Adam CasonVice President at Futurex
Encryption Is Easy, Key Management Is… Also Easy?
Deploying a robust cryptographic key management infrastructure is widely regarded as a difficult challenge with complexities that can stump even experienced technical architects. But is this actually the case in reality? Not necessarily.
This session dispels common myths around key management and details a range of best practices built over many years in the “crypto trenches.” In particular, the session focuses on how end-users can architect their ecosystem to make key management less challenging, how application developers can natively integrate FIPS-validated key management into their own products, and how security technologists can maintain a forward-looking stance on the needs of their organizations.
With topics ranging from “Help! I manage keys on an Excel spreadsheet. Where do I start?” to “as an application developer, how do I design my own products for easy integration“, to “how do I decide whether my application should use PKCS #11, KMIP, or something else entirely to interface with HSMs?” and more, this session will cover a broad set of topics with cross-industry applications.
Dr. Sonny KleinowSr. Enterprise Solution Architect at Comforte
Data Protection: Identifying Risks, Implementing Methodologies, and Unlocking Value in Business Analytics
The importance of data protection is reflected in the unprecedented growth of the amount of data being created and stored. To meet this trend, privacy regulations are finally being passed and enforced, as organizations have also been exposed to increased threats of data breaches and cyberattacks. Therefore, it’s crucial for organizations to proactively protect their data and continuously update their protective measures. The key principle of data protection is safeguarding the data from bad actors and adverse circumstances. However, data protection technologies have also evolved to unlock new business value with otherwise dormant copies of data for reporting, test/dev enablement, and more. We will discuss how data protection methodologies like encryption and tokenization help companies comply with regulations, avoid costly fines, and play a key role in unlocking the value of business analytics.
Riley DickensCyber Security Consultant at Encryption Consulting LLC
Code Signing is one of the most important things an organization can do to protect their software. Attackers are well known for masquerading software as a well-known organization to infect victims. In this session, you will learn about the importance of code signing, how code signing works, and the strengths and weaknesses behind code signing.