Management

November – Michael Gold

November 21, 2019 By Technology Director

Topic: California Consumer Privacy Act (CCPA)

MAG-CCPA-Slides-November-2019 Download

The California Consumer Privacy Act of 2018 is the most comprehensive law of its kind ever enacted in the United States, setting forth rules for companies that buy, collect, transfer or sell consumers’ personal information. Because of the size and reach of the California economy – the 6th largest in the world – and the number of companies that may need to comply – estimated at about 500,000 worldwide – the CCPA is effectively a national, if not international, law. This program will address the salient features of the CCPA, who must comply, the new rights consumers have under the CCPA, legal exposures for violations, likely impacts of the law, and what companies should do to comply with the law.

Speaker: Michael Gold

Michael Gold is co-chair of JMBM’s Cybersecurity and Privacy Group and counsels businesses in a wide variety of matters, including data breach responses and investigations, crisis management, development of computer-based information retention systems, forensic investigations of computer systems, and computer and internet privacy matters.

Michael assists clients in developing and implementing information management and governance best practices and developing policies and compliance structures for protecting personal and company information. He counsels clients on information security and privacy law compliance issues; assists clients in developing policies and processes to comply with information security and privacy laws (including the E.U.’s General Data Protection Regulation, the California Consumer Privacy Act of 2018, and other state and industry-sectoral privacy laws in the U.S.); negotiates technology agreements relating to information security and privacy; and defends litigation and arbitrations, including class actions, arising from data breach and privacy claims.

Michael was named one of California’s “Top 20 Cyber – Artificial Intelligence Lawyers” by the Daily Journal (2018), one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, and has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell. He is the author of the upcoming Bloomberg BNA portfolio Enterprise Cybersecurity Governance, and co-author of the Bloomberg BNA Portfolio Records Retention for Enterprise Knowledge Management.

September – By Stephen Berk

September 21, 2019 By Technology Director

NIST Ushers In a New Era of IT Risk Management

July – Gary Asplund

September 2, 2019 By Technology Director

Topic: My CEO Told Me We Have To Move Our Datacenter to the Public Cloud…So, What’s the Big Deal?

Abstract:

Consider the following:

– You don’t own any of it but, it is your responsibility to control and secure everything in it

– You don’t own any of it, but you critically depend on what’s in it

– You don’t maintain any of it, but you trust all of it is properly maintained at all times

– You can’t touch any of it, but it’s up to you to completely orchestrate, control and secure what’s in it

– You can’t physically walk in anywhere but you (and anyone else on the planet with the right access) can virtually access from everywhere

At first blush, a seasoned and experienced network / security director may not fully appreciate the significant differences and challenges his/her staff will experience in trying to fulfill their job duties when their datacenter is in the public cloud. The old strategy of ‘lift and shift’ – creating VM’s of all of your current/existing hardware and ‘shifting’ it to the cloud – will fail. Further evidence of the urgent need for purpose-built tools to secure public cloud infrastructures can be seen in the multiple and repeated data leaks and misconfiguration compromises we have seen in the last year – According to Gartner, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.”

And in a world which is rapidly becoming completely ‘software defined’ new skills and tools are required.

In this session, we will discuss why today’s IT organizations require mature and complete native tools – built in the cloud for the cloud – which provide:

– Complete visibility
– Configuration management – Identity protection
– Secure DevOps
– Compliance Automation
– Governance Enforcement
– Environment Lockdown

We will discuss the subtle yet profound differences in operating your datacenter in the public cloud vs operating your own datacenter. We will discuss the ’Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases, and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ’speaking the same language’ as the public cloud infrastructures and built to leverage the extensive API’s they provide.