Cloud Security Alliance’s Virtual EU Summit

In 2019, the Cybersecurity Act became law in Europe, establishing a European Certification Framework. In November 2019, the European Commission tasked ENISA with designing a candidate scheme for cloud services. This work is currently underway. This presentation will first describe the Cybersecurity Act’s Certification Framework, and then provide a high-level status on…

This talk will look at the Cybersecurity Certification Framework under the EU Cybersecurity Act (2019), give an overview of the new European cybersecurity certification schemes under development and offer an outlook on the implementation and use of such schemes for 2021 and beyond.

Certifications or attestations championed through the CSA STAR program, ISO/IEC, or AICPA, have been a critical driver in the adoption of cloud service across the globe. However, for some cloud customers insensitive or highly-regulated industries such as banking or healthcare, these certifications or attestations are not sufficient because they do not provide…

Cloud Computing is entering a mature phase from both the market share and technical evolution standpoint. However, one area that could achieve better results is security and privacy governance. Modernizing the risk management approach, improving the organizational accountability program and streamlining compliance are to be considered key goals for companies that want…

An effective governance, risk and compliance program should enable all stakeholders across business units to break down traditionally siloed risk areas and replace them with a connected, holistic view of risk that spans their organization and relationships. However, the data sprawl and scope of GRC initiatives can make this seem like a…

Alexandra will share insights on the multi-level work of the European Banking Federation (EBF) to facilitate the adoption of cloud computing in the European banking sector. The EBF supports the efforts of European institutions and agencies to promote security for cloud usage, contributing the banking industry’s input in shaping processes and standards.…

Join Chris Hertz, VP, and Jeremy Snyder, Sr. Director, DivvyCloud by Rapid7 to learn how to achieve full lifecycle cloud security. They will discuss how cloud security challenges manifest in DevOps and how cloud security and developer misalignment creates friction and makes security a four-letter word. Additionally, they will provide guidance on…

GDPR Fundamentals & CSA Code of Conduct: Objectives, Scope and Methodology.

This session hosted by the CSA EMEA Privacy Center of Excellence will address accountability under GDPR and how Codes of Conduct and certifications are being leveraged by organizations to drive transparency, compliance, and trust.

Ten years after the formation of the Cloud Security Alliance, cloud computing is a proven and globally accepted enterprise delivery and operational technology model. According to a January 2019 IDC report, the spending on Cloud IT infrastructure may have reached a tipping point in the third quarter of 2018 by surpassing traditional…

How to avoid letting supply chain attack compromise your most sensitive machines. Supply-chain attacks affecting software development when a malicious code is introduced into legitimate software through supply chain poisoning is an effective tool for cybercriminals. It has been used many times in the wild, successful attacks generating hundreds of thousands of…

Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to Cloud native services without having to manage infrastructure – including container clusters or virtual machines. This presentation covers security for the serverless applications, focusing on best practices and recommendations for security professionals. We will also talk…