Name: An Approach to Cloud Services Risk Management for Today’s Enterprises
Start: 2015-02-04T17:00:00Z
End: 2015-02-04T17:39:34.000Z
Location: BrightTALK
Rating: 4.67

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

CSA Data Loss Prevention (DLP) Survey Says:  CISOs Face Challenges & Choices—some obvious, and some not. 

The upsurge in hybrid work and cloud adoption on a global scale is no surprise. Organizations increasingly trust cloud with their data, but sensitive data is still at risk in cloud and requires comprehensive data protection strategies encompassing every organizations’ environments. Join Cloud Security Alliance and Netskope as they demystify the findings gathered from their recent data loss prevention and data security survey. Speakers John Yeoh, Global VP of Research at CSA and Carmine Clementelli, Product Marketing Director at Netskope will cover how organizations are:
• Transferring and sharing data today
• Solving complex multi-cloud and hybrid environments
• Thinking to minimize complexity and creating suitable data protection strategies

CSA Data Loss Prevention (DLP) Survey Says: CISOs Face Challenges & Choices

Data is one of the fastest growing things on the planet and a huge driver of growth for companies. Due to the high value of data, it is the most frequent target in security attacks. With increasing data security and privacy risks, companies are looking at Data Security Posture Management (DSPM), an emerging technique, to protect sensitive data. With DSPM, organizations can gain real-time insights into sensitive data they hold, reduce data system vulnerabilities, and prevent unauthorized access.

A DSPM implementation also presents a unique opportunity for organizations to leverage a common layer of sensitive data intelligence to unify data security, privacy, compliance, and governance controls. With a unified data controls approach, organizations can drive business results while optimizing for costs and risks. Join our panel of security experts as they discuss a wide range of DSPM topics including what it means, mistakes to avoid when choosing a DSPM solution, and the right implementation approach.

In this session, you will learn how to:
-      Build a layer of sensitive data intelligence across multiple clouds and SaaS apps
-      Eliminate security blindspots across Dark and Streaming data
-      Prioritize & remediate misconfigurations based on sensitive data context
-      Monitor data usage and prevent unauthorized access
-      Compare DSPM solutions on criteria such as accuracy, scalability, coverage, and cost
-      Improve collaboration with a unified data security, privacy, and governance approach

DSPM Done Right! Maximize Cloud Data Security While Unifying All Data Controls

Cloud adoption is expanding rapidly, and with that expansion comes new complexities. The speed of growth and change in the cloud creates an ever-changing threat landscape. Wiz Research is at the forefront of the cloud's threat landscape and is behind the discovery of vulnerabilities like ChaosDB, ExtraReplica, AttachMe and OMIGOD. In this session, we will cover the major cloud threats recently seen by the Wiz Research team which includes supply chain risks, data exposure, API security threats, and attack patterns used by groups such as LAP$U$. This session summarizes key insights across customers, Wiz and third-party threat research, and numerous other sources.

Top Cloud Threats in 2023 and Pragmatic Steps to Mitigate Them

Digital transformation projects continue to push more business critical applications, services and workloads to the cloud. While this progress helps foster greater employee production, new customer experiences and increased revenue opportunities, it also presents new cybersecurity challenges. Zero Trust security is the approach every enterprise organization is striving to achieve today. But, are security teams thinking about a complete human and machine identity and access management (IAM) strategy across all cloud environments for Zero Trust?

In this webinar, CSA, AWS and AppViewX will discuss the importance of robust cloud security and the hidden challenges of machine identities. We will detail how achieving Zero Trust requires every person and every “thing” to have a trusted identity. And, why IAM to control and segregate user access is not enough as you must also manage thousands to hundreds of thousands of digital identities for applications, services, machines and devices across the entire enterprise cloud environment. Lastly, we will share a prescriptive course of action for how automation can help establish identity-first security best practices—the foundation for Zero Trust.

Hidden Cloud Security Challenges Are a Barrier to Zero Trust

Just released - the sixth annual Sysdig Cloud-Native Security and Usage Report which focuses on the security concerns keeping everyone up at night: supply chain risk, zero trust readiness, and cost savings in the cloud. What researchers reveal this year is shocking, including an increase in the number of container images running in production with critical or high vulnerabilities from 75% to 87%! Given current economic challenges, organizations are looking for ways to reduce cloud costs so it’s easy to understand why teams struggle to prioritize what matters, . Research shows that organizations of all sizes have unnecessary cost overages. Based on billions of containers scanned, the report is designed to let you compare your environment to your peers and learn best practices.

In this webinar, we will chat about:
• The latest and year-over-year trends in container and Kubernetes adoption
• How to prioritize your cloud and container vulnerabilities
• Why threat detection designed for cloud environments is so important

Dig Deeper! Prioritize Cloud Vulnerabilities and Reduce Container Spending

As organizations in the market continue to shift to cloud environments, it is suggested that if you aren’t already cloud-first at this point you are already behind your competitors… and there is a significant portion of organizations who are taking on a hybrid approach, employing both public cloud providers and on-premise private data infrastructure. In this webinar, we will look at the benefits, challenges and best practices of secure hybrid cloud adoption, its components. We will walk through the 3 pillars that are key to securing your hybrid environment: people, processes, and tools.

3 Key Pillars to Securing Your Hybrid Environment

Cloud adoption has left security teams struggling to balance enabling the business with securing it. This blurred line comes into sharp relief when applying the controls required to comply with security standards. Should a team prioritize compensating controls - to overcome shortcomings in existing controls - or mitigating controls - to reduce the likelihood of an exposure altogether?  Join veteran CISO Emily Heath and Cyera's VP of Product and GTM Strategy Ari Weil as they discuss this, and the case for automation and machine learning to enable modern security teams to gain control over their data in the cloud era.

Cloud Data Controls - From Compensation to Mitigation

The evolving cyber threat landscape has security teams scrambling to respond to an onslaught of attacks from all angles. Between sophisticated phishing kits, to vulnerabilities across the global supply chain, and the sheer volume of emerging attack vectors, the CISO’s job now includes much more than just securing an organization’s internal network. Enter external cyber defense. By combining the most comprehensive digital risk protection (DRP) solution with cutting-edge supply chain defense, you can extend visibility outside your perimeter to identify, validate, and shut down cyber threats as they emerge in the darkest corners of the internet and across your vendor ecosystem.

Join this webinar to learn how a packaged DRP and SCD solution can help your security team:
● Advance from a reactive to proactive security posture to thwart attacks at the source
● Identify and remediate risks across the entire third-party vendor and partner ecosystem
● Scale threat response regardless of organization size and improve patch time for identified vulnerabilities

External Cyber Defense for When Your Attack Surface is Everywhere

Infrastructure as code (IaC) is the key to embedding cloud security earlier in the development lifecycle. In practice, adopting and implementing an IaC security program is a complex and iterative process – especially for large organizations. Your IaC security program path will depend on your current tooling and workflows, security and compliance requirements, and resources. And your IaC security rollout strategy should be deliberate, iterative, and measurable.

If you’re ready to get started with IaC security but aren’t sure where to start or if you’re in the process of adopting IaC security and need a strategy customized to meet your needs, this webinar is for you.

Join us as we walk you through how to roll out and operationalize an IaC security program based on your end goals and scale. You’ll also get best practices and milestones for each phase of your program rollout so you can optimize your IaC security program for efficiency and help your organization adopt a secure-by-default culture.

Secure-by-default: Scaling your IaC Security Program

Today, thousands of services are available to pay a bank loan, accept a credit card payment, confirm a deposit, exchange cryptocurrency and countless other activities with your financial data from a SaaS solution. But how do you demonstrate your third-party is secure and adhering to the same regulatory obligations you attest to? This webinar will discuss common oversights when managing third-party relationships for financial services as well as recommendations and best practices for how to use the Shared Security Responsibility Model to improve understanding and transparency for all organizations involved.

The Quickly Evolving Landscape and Need for Third-party Assurance

Financial institutions face many major challenges across all IT services as their cloud journey progresses. Cyber security governance, risk management, compliance, third-party vendor management, and assurance and accountability are just a few that scratch the surface. An essential component to solving these challenges is a standardized and mature security control framework.

 

CSA’s Cloud Control Matrix (CCM) has been adopted by several financial institutions and is recognized and appreciated by regulators. In 2022, CSA established a partnership with the Cyber Risk Institute (CRI), that lead to the creation of the “Cloud Profile,” an extension of the CCM and of the CRI Profile. The goal of this collaboration is to support financial institutions in navigating the complexity of cloud security compliance and assurance. CSA is also working alongside organizations such as the European Cloud User Council, the European and UK Cloud Pooled Audits groups, and IBM Financial Services, to further extend the CCM, the Financial Service Addendum, and ultimately improve its relevance for Financial Institutions and their Regulators. 

 

This session will provide an overview of:

The Cloud Control Matrix
The Cloud Profile: what it is, key stakeholders involved, goal and objectives
The CCM Financial Service Addendum

The CRI-CSA Cloud Profile Has Arrived!

In order to scale your business using new and innovative technologies, harnessing cloud infrastructure is pretty much inevitable. As your organization finds themselves moving to the cloud faster than ever, maintaining security and compliance at the speed of development is often overlooked in the process.



Securing applications, the underlying infrastructure and the data, all while meeting compliance and governance requirements, in the cloud is a major undertaking. This requires organizational-wide collaboration, updated policies and processes, and the implementation of new, cloud-focused security solutions.



Join us in this session as we discuss:

Key challenges faced on your cloud journey, and how to overcome them
The importance of posture, risk, and vulnerability management in the cloud
Embracing the use of micro-services to achieve security objectives
How to enable partnership between development and security teams in order to secure applications

Navigating Cloud Security

With the accelerated journey to the cloud, companies often find themselves with hybrid and multi-cloud architectures, which amplify their information security risks. In this session we will discuss some of the biggest security threats and the criticality of applying consistent security policies and controls across your entire organization as well as securing the application journey.

Cloud Security Trends

Join Troy Leach, Chief Strategy Officer with CSA, and Craig Balding, Director for Resilient Security, as they unveil and discuss the results from CSA's State of Financial Institutions survey. 

Conducted in late 2022, the survey analyzes the level of adoption of cloud solutions and requirements from financial institutions’ perspectives. The goal was to better understand the current state of cloud computing in the financial sector and identify opportunities to create guidance on protecting financial data and related assets within secure cloud services.

CSA Initial Survey Results and Report on Financial Services

Financial services is moving quickly to embrace more critical infrastructure residing in cloud architecture. By 2027, an anticipated majority of all financial assets will likely be operated by cloud services. Protecting financial data in cloud can be complex, with the ability to misconfigure but it also has opportunities to hyperscale security efforts and improve response to threats. Chief Information Security Officers from financial services will discuss their vision for the future of securing financial data and assets in cloud architecture as well as what is required in the future to continue to build trust and assurance.

CISO Perspective

Pooled audits are helpful for both the Cloud Service Provider (CSP) and the Cloud Service User as they reduce the costs to any one outsourcing institution and help avoid duplication with third-party audits by establishing a scope and methodology agreed upon by the outsourcing institutions and the cloud service provider.

Pooled audits ensure that a consistent method is used to assess the provider’s data and system protection practices as well as the processes and internal control systems of the CSP to adequately support the mitigation of the participants’ risks.

By agreeing on a scope and methodology for audits, as well as a compensation structure that reflects the collective audit effort, participating companies can pool their auditing resources to help reduce costs and avoid unnecessary duplication on an individual level as well.

Join us as we have a fireside chat with our panel of experts from members of Commerzbank AG who take part in the Collaborative Cloud Audit Group (CCAG) conducting pooled audits on Cloud Service Providers. The CCAG provides an umbrella over the common cloud relevant topics in need of auditing based on the CSA Cloud Control Matrix.

Topics to be covered:
·     Usage of the shared responsibility model in context of pooled audits
·     Regulatory framework on pooled audits
·     Benefits of pooled audits

Pooled audits – A cost-effective way of auditing Third-Party Risk

The National Institute of Standards and Technology will discuss the update to the NIST Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape, including changes associated with the development and use of cloud computing.

Evaluating and Improving the NIST Cybersecurity Framework

Cyber criminals don't need to place malware on your system to get in. The vast majority of malware proliferates through online social engineering schemes that manipulate unsuspecting users to open the door wide for hackers. So, how do we stay vigilant in securing FSI infrastructure? Join Mastercard’s Deputy Chief Security Officer, Alissa ‘Dr. Jay’ Abdullah, for a discussion on her unique insights and experience.

Best Practices in Securing FSI Infrastructure

This session provides a methodology and a Business Risk Framework  for assessing the risk of an ever-increasing number of cloud services.  It builds upon the Cloud Security Alliance Cloud Controls Matrix by enabling users to add new controls and address risk vectors such as the financial viability of a cloud service provider, traffic data, and business criticality.

An Approach to Cloud Services Risk Management for Today’s Enterprises

cloud

computing

security

risk

management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

An Approach to Cloud Services Risk Management for Today’s Enterprises

Presented by

About this talk

More from this channel