Tim Brown is a Vice President and the Chief Architect for Security Management at CA, Inc. He is responsible for overall technical direction and oversight responsibilities for CA security management products ranging from identity and access management, server security, data loss prevention, and Web access management.

With more than 20 years of information security expertise, Brown has been involved in many areas of security including compliance, threat research, vulnerability management, consumer and enterprise identity and access management, network security, encryption and managed security services. Brown has worked with many companies and government agencies to implement sound and practical security policies and solutions.

Prior to joining CA, he spent 12 years at Symantec where in the CTO office, he was responsible for company-wide technical architecture, integration, gap analysis and technical strategy. Prior to joining the Symantec CTO office, Brown focused on Symantec’s enterprise security architecture and the collection, correlation and prioritization of security data. Brown joined Symantec through the company’s acquisition of Axent Technologies. At Axent he was responsible for the Identity Management, SSO and multifactor authentication products.

Brown is also an avid inventor with 14 filed patents in the security field. He is active in promoting cross industry initiatives and has participated on a number of standards boards.

Brown earned a Bachelor of Science degree in computer science from MCLA, and he is continuing his education through the Wharton School of Business Executive Education Program.

Presentation

Cloud Computing Privacy and Security Issues

The business drivers for cloud computing are compelling: opportunities for businesses and government agencies to focus greater resources and energy on their core competencies, efficiency and cost reduction, improved customer service, and flexibility in managing business system configurations. But with the increased reliance on outsourced services available in the cloud computing paradigm, comes a growing obligation to adequately assess new business interdependency and trust-related risks.

Even in the enterprise, data privacy and security risks have represented increasingly serious business management issues. But these risks become more complex and challenging in the move to outsourced services. Cloud computing means that personal and business-confidential data and information are now communicated, stored and processed on systems external to the enterprise, in organizations having their own security risk management policies and controls. These service providers may in turn rely on third parties for their critical support services, such as their IT computing systems, communications and security services. In this new trust environment, confidentiality, data integrity and availability – the core components of information security – must now be managed with great care by multiple organizations, even as the company whose services are outsourced still bears primary visibility and responsibility for ensuring the privacy and security of sensitive information.

Executives must therefore understand that in the migration to cloud computing, the implementation and audit of security and privacy risk management policies and controls, once solely an enterprise function, are now distributed across the 'cloud' environment, imposing novel requirements for assessing and managing risk, as well as enhanced governance and more finely calibrated security management policies and practices.

return to Security Practitioners Conference program

return to Enterprise Architecture Practitioners Conference program