Gartner Blog Network

Attending Gartner Security & Risk Management Summit 2014 Next Week ?

by Erik T. Heidt  |  June 18, 2014  |  Comments Off on Attending Gartner Security & Risk Management Summit 2014 Next Week ?

I am speaking at the Gartner Security & Risk Management Summit next week and there are a few talks that I believe will be of particular interests to folks who follow my blog.

But first…
Please be aware that I am now also using Twitter as @CyberHeidt — my schedule next week is very booked, but if I get any down time for random and opportunistic meet ups I will tweet my location!

Details on these sessions, as well as other Security Architecture track sessions, can be found here

On to the sessions I would like to highlight for you…

Boeing Case Study: How We Secure 300 Key Applications
John Martin, Information Security Program Manager, Boeing

In this session, John will:

  • Outline the steps Boeing took to implement a structured approach to addressing third-party security that holds vendor-supplied software to the same security standards as internally developed applications.
  • Discuss how the global manufacturer worked with their vendors to create a successful vendor application security testing program and how the program continues to evolve.

I had the pleasure of meeting John yesterday and getting a pre-view of what he and his team at Boeing have accomplished, and believe this is a must-see session. In fact, if you are planning on attending my session “How to Assess Cloud Service Provider Security”, I would strongly recommend attending one of John’s session as much of this content can be leveraged to support evaluating the application security practices of SaaS providers.

Two opportunities to attend:
TUESDAY JULY 1 11:00 AM EDT (3:00 PM GMT) OR 2:00 PM EDT (6:00 PM GMT)

The Security, Privacy and Ethics of Big Data
Ramon Krikken

Security for big data is an up-and-coming concern for many organizations. These organizations don’t necessarily have a handle on “traditional” data security, so big data seems all the more troublesome. But given the fuzzy dividing line between big data and not-so-big data, are these concerns overblown? Cutting through the industry and vendor hype around security for big data, this session will dig into what really is net-new and where old concepts and technologies can be applied with success.

Key Issues:

  • What changes in security and privacy when going from big to bigger data?
  • How should organizations include security and privacy in their big data initiatives?
  • Which existing concepts and technologies translate from small to big data, and which are new?

Security in a DevOps World
Ben Tomhave

DevOps has become a hot topic over the past couple years, but many technical security professionals wonder if there is a place for them in this world. The answer is not only a resounding “yes,” but also the revelation that security and risk management practices can be vastly improved in conjunction with these changes. This talk will discuss how security and risk management can get involved with DevOps practices to achieve meaningful, mutually beneficial outcomes.

Key Issues:

  • Does security have a role in DevOps?
  • How can security and risk management practices be improved with DevOps?
  • Is DevOps a benefit or a risk to security?

Security Incident Response in the Age of the APT
Anton Chuvankin

Increased complexity and frequency of attacks, combined with reduced effectiveness of preventative controls, elevate the need for enterprise-scale security incident response. This presentation covers ways of executing incident response in the modern era of cybercrime, APT and evolving IT environments.

Key Issues:

  • How to prepare for enterprise security incident response?
  • What tools, skills and practices are needed for APT IR?
  • How to evolve security IR into “continuous IR” or hunting for incidents?

Securing Cloud Services
Erik T. Heidt

Here we will focus on understanding what risk and security controls are necessary for a successful CSP deployments. Software, Platform and Infrastructure as a Service will be examined and contrasted with one another as a set of operational and security risks are explored. A range of IT Risks will be examined, including information security (such as, network, host, application security), operational (such as, availability and quality of services), and strategic (such as, data residence issues, exit strategies) risks will be examined.

Key Issues:

  •  From 10,000 feet, what would a CSP risk model look like?
  • How can each of these risks be addressed?
  • Do these controls align to defend against known and active threats?

How to Assess Cloud Service Provider Security
Erik T. Heidt

Enterprises are under increasing pressure to consider the adoption of a wide range of Cloud services, while also increasing their governance and oversight of existing supplier relationships. This presentation will examine general practices for dealing supplier governance in general, and discuss the nuances and particulars cloud services have.

Key Issues:

  • How can I improve the efficiency and effeteness of my IT governance of suppliers?
  • How can I model and understand the risks associated with CSP engagements?
  • What gotchas and pitfalls need to be considered and avoided?

To the Point: When Encryption Won’t Work: Implementing Practical Information Protection
Erik T. Heidt

Enterprise data breaches are occurring all too often. Many enterprises have overestimated or misunderstood the protection provided by current, or planned, encryption deployments. This presentation focuses on the attacks that are resulting in these expensive and embarrassing data disclosures, and provides prioritized actions for you to consider for addressing these threats. (Portable media and data outside the data center are not discussed.) We explore the limitations of database, bulk storage and application encryption approaches. Recommendations include a solid mix of controls — sometimes including encryption — that complement and strengthen each other.

Key Issues:

  • Is my encryption strategy poised to address likely threats?
  • Have I invested properly in database, bulk storage, or application encryption?
  • How do I leverage other preventative controls to complement or replace encryption?

Hope to see you at the summit!


Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Erik T. Heidt
IoT Agenda Manager, Research VP
5 years at Gartner
26 years IT Industry

Erik Heidt is the IoT Research Agenda Manager for Gartner for Technical Professionals (GTP). Mr. Heidt covers Internet of Things (IoT) architecture, strategy and execution as well as security and risk management within the IoT context. Mr. Heidt focuses on developing and delivering research related to the architecture, development and operation of IoT for both users and suppliers. Mr. Heidt has more than 26 years of industry experience, with a significant focus on information security and risk management. Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.