Untitled

With RSA right around the corner, we’ve put together a checklist of six “must attend” sessions for those interested in cloud security related topics.

  Also, we’re giving away a Chromecast every 6 minutes!

Come visit Skyhigh at RSA, Booth #133, watch a two-minute video and enter to win one of 200 Google Chromecasts. Increase your odds to 100% by booking a private meeting and demo and pickup a Chromecast at the meeting. Email [email protected] to schedule a meeting.

P.S. Get a $10 Starbucks card just for viewing the video.

  Monday, February 24 – CSA Summit

Managing Cloud Risks and Trusting the Cloud Continuously

11:35 AM – 12:35 PM | West | Room: 2014

Whether through IT, business units or individual employees, the decision has been made to move to the cloud. How do we make the determination that we can trust any given cloud application? What types of independent verification are needed, and what trust marks and certification are most appropriate? Panelists will discuss state-of-the-art innovations helping enterprises manage risks and monitor activities in realtime. We will also explore governance and compliance initiatives such as CSA STAR that encourage industry transparency and independent certification. This panel will provide enterprises with practical advice to manage risks with their own cloud adoption strategy and protect their sensitive information from all comers.

Erik Peterson, Director of Product Strategy, Veracode

Sol Cates, Chief Security Officer, Voremetric

John Hawley, VP, Business Unit Strategy, CA Technologies

David Miller, Chief Security Officer, Covisint

Kaushik Narayan, Co-Founder and Chief Architect, Skyhigh Networks

  Tuesday, February 25

Now That You’re In, How Do You Get Out? Terminating Cloud Services

1:20 PM – 2:20 PM | West | Room: 2015

Out of the box Cloud contracts don’t allow for easy exit for the customer. In addition, there’s no legal requirement for cloud vendors to provide you with data export or assist you in the migration to another cloud provider. Everything depends on your contractual agreement & technical proficiency. An exit plan is critical to ensuring you don’t get locked-into the vendor or locked-out of your data.

Ben Rothke Manager – Information Security, Wyndham Worldwide Corp

  Storm Advancing: Security Weathermen Forecast the Advanced Threat Landscape

2:40 PM – 3:40 PM | West | Room: 3009

In a post-prevention world, security professionals are blind to targeted attacks and advanced malware, and now realize that what used to protect them doesn’t work. Join this panel of CISOs who are leveraging big data security analytics and advanced threat protection to prepare for the inevitability of APTs and zero-day attacks, with faster time-to-detection and greater ability to minimize impact.

Neil MacDonald, VP, Distinguished Analyst and Gartner Fellow Emeritus, Gartner, Inc.

Carter Lee, CISO, Overstock.com

Golan Ben-Oni, CSO, IDT Corporation

Ramin Safai, CIS0, Jefferies & Company, Inc.

  Survey of the Operating Landscape Investigating Incidents in the Cloud

Tuesday, February 25, 2014 | 4:00 PM – 5:00 PM | West | Room: 2002

You’re moving data and operations to the cloud. Sooner or later you WILL have an incident. The only question is whether you’ll be ready to respond. In this session, Paul and Jake will share their experience investigating incidents on private and public cloud architectures. You’ll learn what works, what doesn’t and which traditional forensics techniques can be adapted to the fluffy environment.

Jacob Williams, Chief Scientist, CSRgroup Security Consultants

Paul Henry, Security and Forensic Analyst, Lumension

  Wednesday, February 26

Why Cyber Incident Response Teams Get No Respect

9:20 AM – 10:20 AM | West | Room: 3009

As security breaches continue to plague companies, a great cyber incident response team is essential. Management is often in the dark about CSIRT effectiveness because metrics are not in place to gauge if incidents are detected and resolved in a timely manner. Our panel of data security experts will share their insights on how to build a great CSIRT with the executive support and respect it needs.

Larry Ponemon, Chairman and Founder, Ponemon Institute

Christopher Pierson, Executive VP, Chief Security & Compliance Officer, Viewpost

Jill Phillips, Chief Privacy Officer, General Motors

Mark Weatherford, Principal, The Chertoff Group

Thomas Cross, Director of Security Research, Lancope

  Is the Cloud Really More Secure Than On-Premise?

Wednesday, February 26, 2014 | 10:40 AM – 11:40 AM | West | Room: 2002

Scalability, low cost and fast deployment are attracting organizations to adopt cloud services. But some prefer to keep data on-premise. Panelists will discuss the security issues related to the cloud.

John Pescatore, Director, SANS

Bret Arsenault, Chief Information Security Officer, Microsoft Corporation

Bruce Schneier, Top Rated Speaker CTO, Co3 Systems, Inc.

Eran Feigenbaum, Director of Security, Google Apps, Google

Diebold, Incorporated (NYSE:DBD), a global leader in providing innovative self-service technology, security systems and related services, selected Skyhigh Networks to accelerate the adoption of cloud services while ensuring the appropriate levels of security, compliance, and governance. Diebold chose Skyhigh because it was the only solution that demonstrated value within hours and addressed the entire cloud adoption lifecycle from discovery of all cloud services to analysis of use of cloud services to protection of corporation data in the cloud.

“We selected Skyhigh Networks so that we could arm our employees with the best possible cloud services to get their job done efficiently and without interruption,” said Adam Williams, Chief Security Officer of Diebold, Incorporated.

Skyhigh allows us to accelerate cloud adoption in a manageable way while meeting our security, compliance, and governance standards.

Skyhigh shines a light on Shadow IT by giving the organization a comprehensive view into its use of all cloud services (in general eight to ten times more cloud services are used than approved or anticipated by IT). For each cloud service in use, Skyhigh delivers an objective risk assessment (derived from over 35+ attributes for each service) to quickly identify data, business, and legal risks of these services.

Skyhigh analyzes the use of all cloud services to identify opportunities for IT to enable employees by subscribing to specific services, to reduce risk and costs by consolidating and better managing subscriptions, and to highlight anomalous behavior that may indicate a security breach, data leak, or compliance violation.

Skyhigh enforces the organization’s policies on the use of specific cloud services by controlling access, encrypting data with customer managed keys, preventing sensitive data from being disclosed (e.g., PII, PHI), and providing a live log of all accesses to specific cloud services. Finally, Skyhigh enables secure mobile access to approved cloud services without requiring any agent, footprint, or other friction to the end user.

“Leading organizations like Diebold are embracing the cloud revolution head-on and this proactive approach allows IT departments to partner with lines of business and create a secure environment for the productive use of cloud services,” said Rajiv Gupta, founder and CEO of Skyhigh Networks. “Our customers safely unlock massive cloud returns by finding and eliminating risk while preserving the native user experience that employees prefer.”

Skyhigh Networks, the cloud visibility and enablement company, today announced Skyhigh Secure for Box, the only cloud-based data loss prevention (DLP) solution on the market for organizations using Box. Skyhigh Secure for Box enables customers to extend their existing on-premise DLP capabilities to Box, protecting sensitive data, such as personally identifiable information (PII), personal health information (PHI), as well as customer, financial, and proprietary data. Now, users can unlock the benefits of cloud-based content sharing and collaboration from Box, while ensuring compliance with both internal policies and external regulatory requirements, such as PCI, HIPAA and HITECH.

"At Box, we’re redefining the standards for content security in the cloud for our customers through ongoing investments in product technology, infrastructure and strategic partnerships," said Justin Somaini, Chief Trust Officer at Box. "Skyhigh Box Security is a comprehensive DLP solution for our customers because it protects data from loss and provides IT teams with unparalleled visibility into how sensitive content is shared in the cloud."

Skyhigh Secure for Box scans documents as soon as they are uploaded to Box. If a document contains information that violates an organization's data governance policy, then Skyhigh automatically triggers appropriate actions, such as alerting, blocking and quarantining. Skyhigh Secure for Box can also enable content inspection by an on-premise DLP solution, including McAfee DLP, RSA DLP and Symantec DLP. By integrating with on-premise DLP solutions, Skyhigh Secure for Box allows customers to leverage their existing investments in those technologies, while also aligning with their existing remediation processes.

For the first time ever, Box customers will be able to use Skyhigh's cloud DLP solution to extend the capabilities of their enterprise DLP solutions, such as Symantec DLP and RSA DLP, to their Box deployments. Previously, customers had to push all their Box data to their on-premise technologies, negating the benefits of using cloud SaaS solutions such as scalability, cost savings and bandwidth. Now, Skyhigh flags potential data policy violations in the cloud and sends only a select amount of data to the on-premise enterprise DLP solution for further inspection. This significantly decreases the amount of data that an organization needs to manage. Alternatively, Skyhigh Secure for Box will also trigger a range of DLP actions including alerting, blocking and quarantining, without sending any data back to on-premise DLP solutions.

"Box is the most enterprise-ready file sharing and collaboration service on the market today. However, companies still need to make sure that employees' use of cloud services complies with international, federal, and state regulations," said Rajiv Gupta, founder and CEO of Skyhigh Networks. "Skyhigh Secure enables organizations to seamlessly enforce their privacy, security and compliance policies without requiring any change to the service provider or any friction to the end-user."

Skyhigh Secure for Box provides the following capabilities:

Enforce data loss prevention policies and ensure compliance: Skyhigh CloudDLP™ provides the only cloud-based data loss prevention solution that can be deployed inline or offline. A range of remediation actions are supported, including alerting, blocking, and quarantining.

Extend existing on-premise data loss prevention policies to Box: Skyhigh integrates with on-premise DLP solutions such as Symantec Data Loss Prevention and EMC RSA Data Loss Prevention, enabling organizations to extend their existing DLP policies to content in Box.

Respond to incidents and protect data from unauthorized access: Skyhigh Application Auditing provides a comprehensive audit trail of all actions in Box, including all uploads and downloads of documents as well as view, edit, delete and move actions, all within the unified Skyhigh dashboard.

Receive alerts based on anomalous activity: Skyhigh automatically develops behavioral baselines and identifies anomalous activity. Administrators can set policy thresholds and instantaneous or scheduled alerts.

Support BYOD and enable secure mobile-to-cloud access to Box: Skyhigh enforces access control policies without requiring a device agent or VPN connection. Skyhigh also integrates with your SAML v2 compatible single sign-on services.

Skyhigh Secure for Box is generally available to customers today.