ABSTRACT. Cloud is the new cool thing; everyone wants to be in cloud but what about security and compliance standards. How do organizations manage safety as well as security in the era of cloud? The concept of everyone inside the network being good or trusted is blown out of the water with cloud deployments. Effectively everyone is a tenant on a big server farm when it comes to cloud.

The only way forward is to not trust anything or what can be called a zero-trust model. This talk will explore the concept of zero trust and will try to demystify zero trust models. The talk will focus on implementation and deployment scenarios of zero trust for organizations. How should the business prepare for the transition, what are the architectural requirements and what policies are required to be implemented?

I will conclude the talk with some recommendations based on my own experience dealing with zero trust deployments across a broad spectrum of clients and market segments.

ABSTRACT. At today’s rapid paced world performance of an application is extremely essential for success of a Digital Business. Continuous testing and monitoring is essential for achieving this goal as, a slowness in application can lead to huge financial loss. So, ensuring satisfactory response time has evolved to be one of the most critical needs in the early stages of development and is a common goal to ensure DevOps success. Problem with monitoring applications today is that, the architecture of applications involves complex collection of distributed software components and cloud services. Malfunction of any of this components can slowdown the entire application. DevOps plays a vital role to ensure the continuous monitoring of an application from the initial stage of the project. In this paper, we will discuss how to use synthetic monitoring to identify whether a application is experiencing slowness before it actually affects the end users

ABSTRACT. Learning Objectives: Understand the best practices in Cloud Security (case studies specific to Industrial Sector): 1. Outline security responsibilities of host company : Patch Management, Access Management 2. Data Classification and ascertaining security policies for critical data • Identify business critical data, example Production Data, Access to Equipment • Allocate resources as top priority for business-critical data 3. Standardized process for code certification, supplier certification etc. 4. Data Encryption • Data in Cloud Encryption e.g. real time production data, real time drilling data, design data for field operations • Data at Rest Encryption e.g. seismic data 5. Mandatory Multi-Factor Authentication (preferably with means other than Text Messages): Should be applied to all Edge devices in the field, Real time drilling center access as well as all devices being accessed remotely 6. Digital Signatures for System to System connectivity e.g. drilling systems accessing exploration data 7. PKI Security to set up roles, responsibilities, procedures and policies to create, store, manage and revoke digital certificates for access to cloud

Expected Outcomes: Practitioners should be able to apply cloud security methods to mitigate cyber risks, in a practicable manner. We will also discuss a Point of View on Zero Trust Network Architecture.

Session Type: Learning module Delivery Method: Lecture, Case Study Tags: #Security #CloudSecurity #HybridCloud

Bio Rima Bose is a cybersecurity consultant at IBM. She has been in the IT industry for more than a decade, as a developer, business analyst and project manager. In her current role, she is a part of the Consulting and Systems Integration practice at IBM, where she advises clients on their security strategy and roadmap.

For additional information, please contact Rima Bose, Consultant (Security Services), IBM Security. +91-967-442-8680 rimbose1@in.ibm.com

ABSTRACT. As software architectures are evolving, there is more attraction towards Self- properties(ie., Self healing, self adaptive, self management, self optimization) which enables the software architectures to modify their own structure and behavior at runtime. Software engineers have turned towards Self adaptivity to deal with complexity and uncertainty of their environments. These softwares constantly run under rapidly fluctuating user load and system resource levels. Hence these system architectures must include Self-Awareness capabilities, such as monitoring and analysing its own current state and adapting itself to ensure the continuous satisfaction of functional and non-functional requirements that change over time.

Performance and scalability are important quality attributes of any software architectures that operate in highly dynamic environments and unpredictable loads. By augmenting software systems with an intelligent control logic, one can detect unpredictable outcomes and correct itself.

The goal of this learning module is to introduce the audience to the foundational concepts like meaning of adaptation and self-adaptation and its properties etc., and reference models involved in architecting self adaptability like feedback control loops in software systems. Furthermore, in this lecture we will see how these reference models can not only be used to derive approaches and strategies to optimize overall application performance but also to achieve self-healing by detecting any failure associated with a service and recovering successfully.

ABSTRACT. This whitepaper is mainly focused on Firmware Analysis and Security Assessment of Web Application associated with Internet of Things (IOT). The objective of this whitepaper to enhance the security of IOT devices.