Virtual Conference: Secure the Hybrid Cloud: Protecting Users, APIs and Devices 


Education Sessions  Agenda  Why Attend  FAQs  |  The Virtual Conference Environment

Earn up to 6 free CPE without the cost of travel!

Attend this free virtual conference on how to facilitate the decision process for IT and business professionals concerning Cloud security.

Archived conference is available until 12 March 2013.
Please note: The badges in the Virtual Conference are not tied to earning CPE. Badges were included in this event to encourage participation. All CPE certificates are issued based on the platform tracking of attendance at the educational sessions.

How to Earn CPE (481K) 

On the go? Participate via your mobile device. Download the free INXPO Android or Apple App now. Event ID = 10530.

In the past few years, cloud security has rapidly evolved from custom coded, loosely interpreted standards applied to a handful of cloud partners, to ready cloud security frameworks/products that deliver true “out of the box security” across many partners. The forefront of cloud security now involves a hybrid cloud approach that combines, secures, and exposes on-prem apps & data with enterprise or partner apps hosted in the cloud.

What are the key enablers to scale this new model? API (Application Program Interface) management that productizes and packages app services for mobile, identity trust frameworks that enable seamless user access, and security as a service providers that broker cloud security on behalf of the enterprise. In this virtual conference we separate fact from fiction, and drill into actionable design patterns that can be applied today for end to end security in the cloud.

You will learn to:

  • Control and manage the API lifecycle across cloud environments
  • Understand portal managed services in the cloud
  • Discover how the Cloud Security Readiness Tool can simplify some of the hard-to-make decisions through its use of the Cloud Security Alliance’s Cloud Control Matrix
  • Utilize ISACA’s toolkit based on COBIT 5 for Information Security to identify the security factors to be considered when evaluating the cloud as a potential solution.
  • Identify data analytics to evaluate cloud adoption and security


Join us on 12 December from 9:00 AM to 4:00 PM CST (UTC–6) to:

  • Connect with thousands of your peers from across the globe
  • Earn 6 FREE CPE hours without the cost of travel
  • Ask questions directly to industry experts and speakers
  • Enhance your professional knowledge


Education Sessions:

Keynote Session: Secure, Expose and Package APIs as Products—Enable the Secure API Economy for the Enterprise

Presented by: Andy Thurai, Chief Architect, Intel Application Security and Identity Products and
Kin Lane, API Evangelist, API Evangelist

Andy ThuraiAndy Thurai is Chief Architect and Group CTO of Application Security and Identity Products with Intel, where he is responsible for architecting SOA, Cloud, Mobile, Big Data, Governance, Security and Identity solutions for their major corporate customers. In his role, he is responsible for helping Intel/McAfee field sales, technical teams and customer executives. Previously, he has held technology architecture leadership and executive positions with L-1 Identity Solutions, IBM (Datapower), BMC, CSC and Nortel. His interests and expertise include Cloud, SOA, identity management, security, governance and SaaS. He holds a degree in Electrical and Electronics engineering and has more than 25 years of IT experience.

Andy blogs regularly on Security, SOA, Identity, Governance and Cloud topics at . You can also find him on LinkedIn.

Kin LaneKin Lane is a programmer and entrepreneur, with a focus on the business of APIs. He studies how APIs are changing the global business landscape, and the rise of API driven developer ecosystems. He shares these insights by blogging on the business of APIs at, and the politics of APIs at


As the Enterprise begins to expose application APIs as packaged products consumed by developer communities, partners, and mobile devices-the enterprise must master two primary disciplines- API integration and API product management. In this webinar, Intel showcases how existing APIs can be packaged, promoted, and monitored as a portal managed service in the cloud. Intel presents how to deploy a proxy enforcement point that securely integrates legacy applications, tokenizes data, and orchestrates composite application packaging as RESTful APIs. See how this composite API platform bridges these two paradigms to manage the entire lifecycle APIs across on-prem and cloud environments. Tune in…enable the API economy for your enterprise.

  • Controlling the API economy with security
  • Security interoperability with IaaS, PaaS, and Saas providers
  • Designing a secure Mobile First application strategy
  • Controlling the identity of and security for data in flight to the cloud
  • State of federated standards and trust frameworks


Session 2: Learn How the Cloud Security Readiness Tool Can Simplify Cloud Adoption

Presented by: Frank Simorjay, CISSP, ISSA Distinguished Fellow, Senior Product Marketing Manager at Microsoft Trustworthy Computing

Frank Simorjay Frank Simorjay heads up the Cloud Trust effort to promote the security, privacy, and reliability of Microsoft cloud offerings, and he was instrumental in creating the Cloud Security Readiness Tool. Prior to his involvement with the Cloud Trust effort, Frank was responsible for producing the Security Intelligence Report. Frank is the founder and a long-standing member of ISSA Puget Sound, the Seattle-area branch of the Information Systems Security Association, and he has been recognized as a distinguished fellow with the Association. In addition, Frank represents a leadership role with the Cloud Security Alliance (CSA). Before joining the Microsoft Trustworthy Computing Group, Frank was a security product and program manager as well as a compliance subject matter expert (SME) for the Microsoft Solutions Accelerators team. Prior to joining Microsoft Frank was a senior engineer for NetIQ and for NFR Security, where he designed security solutions for enterprise networks in banking and telecommunications for more than 10 years.

In a very real way, cloud computing continues the trend to outsource. Organizations can realize rapid deployment through cloud computing and gain the flexibility to grow and contract as their business needs change. Organizations can then focus on core competencies and address critical business needs, rather than on upkeep and maintenance of an ever-aging hardware and software base. This agility is seldom possible with traditional rack/server deployments.

Come discover how the Cloud Security Readiness Tool can simplify some of the hard-to-make decisions through its use of the Cloud Security Alliance’s Cloud Control Matrix. A short survey seeks information about the maturity level of the customer’s current IT infrastructure and their organization's industry. The Readiness Tool uses this information to provide relevant guidance to help plan cloud adoption and understand business benefits, realize the organization’s cloud potential, and understand relevant control standards and organizations such as the International Organization for Standardization (ISO 27001), Payment Card Industry (PCI), the Health Insurance Portability and Accountability Act (HIPAA), and the National Institute of Standards and Technology (NIST).

  • How to assess technologies and decide which mobile devices best suit your enterprise.
  • Best practices for establishing monitoring and management of mobile devices for security, reliability, and compliance
  • Ways to better align BYOD initiatives with business requirements to bolster innovation and maximize ROI.


Session 3: Managing Identity in the Cloud—the Who, What, Where, Why and How

Presented by: Robert Craig, Sr. Product Marketing Manager, McAfee, Inc.

Robert CraigRobert Craig is Sr. Product Marketing Manager for Identity at McAfee. Prior to joining McAfee, he had more than fifteen years of enterprise software marketing experience at Intel, Courion, Novell (now NetIQ), Onyx Software and Viador. Previously, he as an industry analyst at Hurwitz Group, program manager at SAIC, and software developer at Digital Equipment Corp.

Craig holds a Bachelor’s degree from New York University.


If you’re using the cloud, you also need to manage your user’s identity and access rights to cloud applications. In this session, McAfee will provide an overview of the three major delivery models for managing identity in the cloud: on-premise, on-demand and hybrid. The discussion will cover the benefits and challenges associated with each model; review the current state of the technology, such as authentication, provisioning and single sign-on (SSO); and highlight some of the decision criteria you should be evaluating when you select a vendor.


Session 4: Security Considerations in the Cloud: Tools for Decision Making

Presented by: Yves LeRoux, CISM, CISSP, Principal Consultant, CA Technologies

Yves LeRouxAfter his graduation from Paris University in 1970, Yves Le Roux worked in the Rothschild Group where, among other tasks, he was in charge of the network security and other security related issues. In 1981, he joined the French Ministry of Industry where he led the Open Systems Standardization programs. In 1986, he took the position of European Information Security Manager at Digital Equipment. Then, he joined the security research and development team. In 1999, he went to Entrust Technologies, PKI software editor. In 2003, Yves joined Computer Associates Int. as a Technology Strategist.

  • Frequent presenter (e.g., SecureCloud 2012, European ID management Conference 2012, EUROSEC/ISRM 2012)
  • Member of the ISACA Guidance and Practices Committee and the ISACA Cloud Computing Task Force
  • Board Member of AFAI (ISACA French Chapter)
  • Member of the Cloud Standards Customer Council Security Working Group
  • Member of the Cloud Security Alliance CAIQ Working Group

“Security Considerations for Cloud Computing”, a publication in the ISACA Cloud Computing Vision Series, presents practical guidance to facilitate the decision process for IT and business professionals concerning the decision to move to the cloud.

In this presentation, a short theoretical description of cloud concepts will be provided, followed by a discussion of the most common risk areas, threats and mitigating actions related to operating in the cloud, structured by service and deployment models. Join us for practical guidance on how to assist prospective cloud users to decide whether they should move assets to the cloud and, if so, which service and deployment models are best for their enterprise.

The following approach will be explained:

  1. Preparation of the internal environment
  2. Selection of the cloud service model
  3. Selection of the cloud deployment model
  4. Selection of the cloud provider


Spotlight Session 1: Cloud Computing: How Green is Your Grass?

Presented by: Ron Speed, CISA, CRISC, CA, CCSK, Principal Consultant, TrustedImpact

Ron SpeedRon is an executive with 20+ years of broad experience in information technology, security, risk management, consulting, transformation, compliance and assurance. He has held leadership roles in banking and consulting firms in the USA and Australia, and currently is a principal consultant with TrustedImpact, an IT security and risk consultancy, based in Australia.

 In addition to consulting to clients on cloud computing, Ron has presented at numerous seminars on cloud computing, and has authored several articles and papers on the topic. Ron was also a key contributor to ISACA’s recent white paper, Calculating Cloud ROI: From the Customer Perspective.

So your organization is thinking about a move to the cloud – but will you be any better off than you are today? Cloud computing can offer many benefits, but it is often hard to get an apples-to-apples comparison with existing on-premise IT. Before leaping to the greener pastures of the cloud, for many organizations, a successful cloud strategy starts in their own back yard: How would operations be impacted and would it be for the better? How can a "baseline view" be established to compare and measure the options? This session will look to answer to these and other key questions at this critical decision point by discussing principles and providing practical guidance.


Spotlight Session 2: Myths and Realities: Cloud Services Maturity and What it Means to Users

Presented by: Ron Hale, Ph.D., CISM, Chief Knowledge Officer, ISACA

Ron HaleRon Hale is a Certified Information Security Manager with more than twenty years security experience that touches almost every aspect of the security profession. He was the manager of security services for Northrop Corporation Defense Systems Division responsible for developing and managing the security program for classified and unclassified systems as well as corporate investigations, crisis management, technical surveillance countermeasures, executive protection and security awareness. As a research manager for Bank Administration Institute Ron published research reports on bank security and fraud, and worked on the first study of ATM Security and Fraud. Ron has also provided consulting services to many leading organizations as a Practice Director in the Enterprise Risk Management practice within Deloitte & Touche. As part of the ISACA management team Ron has been responsible for directing the Certified Information Security Manager certification program and for serving the needs of the security profession through research projects and publications. He currently is responsible for leading the research and knowledge product development efforts at ISACA. Ron has a masters degree in Criminal Justice from the University of Illinois and a doctorate in Public Policy from the Walden University School of Public Policy & Administration.

Cloud computing seems to be everywhere. It is on the top of trend forecasts. It is highly visible in the trade and business press. It is the subject of conferences and webinars. Yet for all of the information about cloud computing do we really know what cloud is, what it can provide, and what issues need to be addressed in implementing cloud services. This session will explore cloud maturity and draw conclusions from the 2012 CSA / ISACA Cloud Market Maturity Study that need to be considered as organizations adopt cloud solutions.


Further Insight: Participants may submit questions during the live Q&A sessions that follow each presentation.



Live Show:
Date: 12 December 2012
Title: Secure the Hybrid Cloud: Protecting Users, APIs and Devices
Show hours: 9:00–16:00 CST (UTC-6)

Virtual Seminar Agenda

9:00 Doors open
9:15 Keynote Session: Secure, Expose and Package APIs as Products—Enable the Secure API Economy for the Enterprise
10:00 Live Q&A
10:15 Dedicated networking time in the Exhibit Hall
10:30 Session 2: Learn How the Cloud Security Readiness Tool Can Simplify Cloud Adoption
11:15 Live Q&A
11:30 Dedicated networking time in the Exhibit Hall
11:45 Spotlight Session 1: Cloud Computing: How Green is Your Grass?
12:45 Dedicated networking time in the Exhibit Hall
13:00 Session 3: Managing Identity in the Cloud—the Who, What, Where, Why and How
13:45 Live Q&A
14:00 Dedicated networking time in the Exhibit Hall
14:15 Session 4: Security Considerations in the Cloud: Tools for Decision Making
15:00 Live Q&A
15:15 Spotlight Session 2: Myths and Realities: Cloud Services Maturity and What it Means to Users 
15:45 Dedicated networking time in the Exhibit Hall and Prize Giveaway
16:00 Doors Close


Why Attend?

Gain exposure to new thoughts and ideas to discover, implement and deliver results. The Virtual Conference provides a convenient and open forum where you can:

  • Participate in educational sessions presented by knowledgeable speakers and industry experts
  • Earn up to 6 CPE hours with no travel cost
  • Connect with peers around the world
  • Explore the exhibit hall in between sessions, and interact with sponsors, speakers, experts and peers

A resource center, complete with additional information and materials such as white papers, ISACA Journal articles and speaker materials, will also be available.


FAQs and Tips for an Enriching, Educational Virtual Experience

  How to Earn CPE (481K)

Describe the virtual conference experience.
You (and several hundred of your peers) will enter a vibrant interface to experience expert informational sessions, peer interaction and the sharing of technology solution insights. Attend sessions with security and compliance experts, visit vendor booths for product information and speak with representatives to answer your questions, download background information on enterprise risk management best practices, and interact with your peers.

How will I be reminded of the seminar?
We don't want you to miss this live interactive broadcast. We will send you email reminders with a link to the environment the day before and the morning of the event, and an Outlook calendar invitation to block out the time on your schedule.

What will I get from this virtual seminar?
Walk away with proven techniques from top experts on managing enterprise risk for improved results. This is a great venue to network with hundreds of peers and leading information systems experts, as well as ISACA staff.

PC Requirements
Click Here to Run System Check

For Technical Support, please email

To attend this event you will need a Windows PC with Internet Explorer 7.0 (minimum), Firefox 10 or 11, or Google Chrome 18. Mac users will need Firefox 10 or 11, Safari 4.5 or higher, or Google Chrome 18. We support Windows XP, Windows Vista and Windows 7 on PCs;. Leopard, Lion and Snow Leopard on Macs. Red Hat Enterprise Linux Server Release 6.2 (64 bit) is also supported. Adobe Flash Player 10 or higher is required. Access to the internet using high-speed access (Cable, DSL, Network) is highly recommended for the overall environment and required for all presentations. Pop-up blockers must be disabled; cookies and JavaScript must be enabled. On entering the seminar, a system check is run to identify computer requirements essential to interact with the virtual conference. It is recommended to view the environment with the display resolution of 1024 x 768.


The Virtual Conference Environment

  • Exhibit Hall—Stop by vendor booths to learn more about products and services important to you and your organization.
  • Resource Center—Browse content by subject in this digital library. Select content for immediate viewing or save it for future reference.
  • Conference Hall—Make yourself comfortable in a virtual auditorium where speakers and presentations take place.
  • Networking Lounge—Connect with attendees from across the globe. Start a discussion, meet new people or capture the latest information from your peers in this live, dynamic environment.