The Practical Cloud — Getting Past The Fear Mongering

As the global economy begins to recover, Security & Risk professionals must transform from a reactive silo of technical security expertise to a true partner of the business and an enabler of forward-thinking business strategies.

Forrester’s Security Forum 2010, coming up in September, focuses on the theme is “Building a high performance IT security organization.” I will be running three sessions at the forum this year:

• The Practical Cloud — Getting Past The Fear Mongering
• The Role Of Security In An Empowered Enterprise
• How To Build A Mature Application Security Program

My keynote panel, which I will be moderating, is called: “The Practical Cloud — Getting Past The Fear Mongering.” On this panel, we’ll bring together a cloud user, a cloud vendor, and a legal expert, to talk about how real enterprises leverage the cloud to deliver real business benefits, and how user organizations and cloud operators manage the responsibility to protect users, their data, and their privacy. I’m especially excited about this panel, because we will have one of the biggest cloud vendor companies, the Director of Security from a sophisticated cloud user company, and a legal expert specializing in the legal ramifications of cloud computing.

In “Security For Empowered Organization,” I will be co-presenting with Ted Schadler, our resident expert on “Empowered Organizations” and co-author of the upcoming Forrester book, Empowered. We will explore why businesses want to empower their employees with social, mobile, multimedia, and cloud technologies. More importantly, we will discuss how IT professionals can help businesses achieve these objectives without compromising the organization’s security and privacy requirements.

In “How To Build A Mature Application Security Program,” I will explore the concept of an organizational application security program, comprised of intelligent, useful tools and technologies, good accountability and incentive structure, and most of all, meaningful processes to realize software security across development, InfoSec, and operations departments. A typical organization today has a plethora of security applications, from in-house developed to outsourced, from open source to off-the-shelf software. Different applications need different sets of processes and technologies to ensure software security. I will present an application security maturity model, with specific steps required to go from one maturity level to the next, and discuss the different types of application security measures for different application types.

This is shaping up to be a very exciting forum. I look forward to seeing all of you in Boston September 16 -17th.