Hi [[ session.user.profile.firstName ]]

Cloud CISC Virtual Summit

The Cloud Security Alliance (CSA) has chosen to specifically focus on the problem of cyber incident information sharing and find innovative approaches that break down the barriers inhibiting sharing. CSA has selected a partner, TruSTAR Technology, to create what we are calling the industry’s first Cloud CISC (Cyber Incident Sharing Center). We believe it is very important that we educate the government as to our information sharing capabilities to assure that any new legislation is appropriate, proportionate, and synergistic to the private sector.

Cloud CISC will have a role for both cloud providers and other cloud security experts. Cloud providers will be able to directly access the Cloud CISC information sharing system. The larger community of cloud security experts will have an important role in the governance of Cloud CISC, the development of vendor neutral best practices and technical standards, and the development of policies aligning Cloud CISC to industry and governmental mandates on an international basis. As always, CSA believes it will be important to leverage existing standards and communities as much as possible, and operate with the greatest transparency possible.

The initiative homepage is https://www.cloudsecurityalliance.org/cloudcisc/
Recorded Feb 5 2015 66 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Paul Kurtz, Dave Cullinane
Presentation preview: Cloud CISC Virtual Summit

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Making Compliance Count Mar 7 2018 5:00 pm UTC 60 mins
    Dave Lenoe and Molly Junck at Adobe
    It’s a brave new world, with bug bounties and crowd-sourced penetration tests now an up-and-coming way to augment security programs. But can you do the same with your compliance and certification programs? At Adobe, our security team has been working with our internal audit team and outside vendors to see if it’s possible – and the early returns are very encouraging!

    In this webinar you'll find out more about how you can leverage both internal and external security researchers to help with compliance efforts, while measuring your real-world security risk.
  • Are Your Containers Compliant? Feb 28 2018 5:00 pm UTC 60 mins
    Cliff Turner, Cloud Security Evangelist, CloudPassage
    If we could call out two things that are growing in importance in 2018, it’s containers and compliance. Penalties for data breaches are on the rise, all the while organizations are under increasing pressure to expand their DevOps practices and increase their agility, which leads teams to turn to containers. And while containers usher in plenty of opportunities, they can lead to compliance headaches if they aren’t properly configured.

    Join us for this webinar for helpful tips and best practices on how to create a containerized environment that works with your compliance needs.
  • Defining the cloud-enabled branch: How cloud apps drive network transformation Recorded: Feb 13 2018 62 mins
    Dan Shelton of Zscaler
    Amazon, Azure and SaaS are already on everyone's mind. When your data center workloads move to cloud, is your corporate backhaul the most efficient way to get to the applications? The migration of applications from the data center to the cloud is forcing organizations to rethink their branch network and security architectures to enable local internet breakouts. What are the challenges of local breakouts and the hybrid branch?

    Join this webcast to discuss considerations for securely moving your branch workloads to the cloud to enable a better user experience, manage costs, and reduce risk.
  • Automating Security for Cloud Services Recorded: Feb 8 2018 61 mins
    Peleus Uhley, Lead Security Strategist at Adobe
    Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that have been successfully used to address each of those challenges.
  • ISO/IEC 19086: An Overview and Application Recorded: Feb 1 2018 60 mins
    John Calhoon of Microsoft
    In this webinar, we will take a look at ISO/IEC 19086 which is an international standard for cloud service level agreements (SLAs). Specifically, we’ll discuss the impetus for establishing the standard in the first place, the scope of the work, organization of the parts, key elements and putting the standard to work. 19086 does not prescribe a template for SLAs but rather provides elements to consider when negotiating and drafting SLAs. 19086 introduces Service Qualitative Objective (SQO) as a new term and we’ll discuss the relationship between SQOs and the more traditional SLO (Service Level Objective). We’ll also discuss the relationship between SLAs and cloud service agreements (CSA) and other documents that can be part of a CSA.
  • Data-driven Cybersecurity Defense for Organizations and their Ecosystems Recorded: Jan 25 2018 30 mins
    Phil Marshall of Security ScoreCard
    Many companies rely on staticpoint-in-time security assessments to measure the cybersecurity health of their enterprise and vendor ecosystem. This approach is quickly becoming obsolete in today’s dynamic cyber threat landscape, fraught with increasingly sophisticated adversaries deploying malicious tactics to compromise your data. Continuous data-driven monitoring of security in your organization and in every vendor organization with access to your IT infrastructure is the only strategy that will keep you one step ahead of the bad guys.

    This webinar will outline how you can gain an outside-in, data-driven view of the security posture of your IT infrastructure to:

    - Empower your team with granular analytics capabilities as well as comprehensive visibility of your network and system vulnerabilities -- all from a hacker’s perspective.
    - Enable your organization to monitor the the cybersecurity health of any third party/vendor organizations
    - Uncover predictive breach capabilities
    - Prioritize areas in which organizations can apply focus to meet regulatory compliance and standards requirements
  • Returning data control to users - the next frontier for cloud security research Recorded: Jan 22 2018 46 mins
    Ryan Ko, Associate Professor, University of Waikato
    From the Uber data leakage incident to cases where photographs of young or vulnerable people are stolen and misused on inappropriate websites, there is a fundamental gap: the lack of users' control over their data once it is uploaded onto the Internet. This talk introduces some of the key challenges and scientific trends in returning data control to cloud users, and how STRATUS (https://stratus.org.nz), a 6-year NZD12.23 mil (incl. GST) MBIE-funded cloud security research project, is addressing these gaps. The talk will also cover some of the Cloud Security Alliance's contributions to the STRATUS project.
  • Introducing HubbleStack: a free, open source project to help automate compliance Recorded: Jan 17 2018 50 mins
    Christer Edwards of Adobe
    Organizations have difficulties handling security auditing and compliance that can be scaled across many teams with varying infrastructure. Adobe found themselves in the same situation and in need of a tool that could provide a window into the complexities of their infrastructure. As a result HubbleStack was developed -- a free open source project.

    Just like the Hubble telescope gives us a window into the complexities of our universe, HubbleStack gives a window into the complexities of your infrastructure. It includes components for information gathering, file integrity monitoring, auditing, and reporting. This webcast you learn:
    - Detail on the HubbleStack project
    - How Adobe has made use of it across all of its cloud services
    - How you can get and try out HubbleStack for yourself
    - How you can help us move HubbleStack forward
    - How you and others can contribute to the development of Hubblestack
  • Cutting through the Cloud Security Noise: 5 Must-have Architectural Requirements Recorded: Jan 11 2018 47 mins
    Steve House of Zscaler
    The cloud and mobility have fundamentally changed the IT landscape. Both apps and users have left the network, however traditional security has struggled to keep pace. Developing a strong cloud security strategy is important to help restore visibility and reduce risk, but what is the best approach? While there are many opinions and perspectives, the best security strategy starts in the beginning with the proper architecture. Join this webcast to hear:

    - 5 key architectural requirements your cloud security strategy can’t live without.
    - What core building blocks you need to enable and secure your users and apps
    - Learn how leading enterprises are transforming their security to cloud

    Speaker Bio:
    Steve House is a seasoned Product Management leader with over 20 years of experience in the networking and security industries. During that time, he has worked for multiple market-leading organizations including Zscaler, Blue Coat Systems, Packeteer and CacheFlow where he has a consistent track record of helping them innovate and grow their market share.

    At Zscaler, Steve leads the Product Management team responsible for driving product strategy and execution. Steve’s goal is to help the company through its next phase of growth becoming the standard Internet security platform delivered as a service to any user on any device in any location. Steve holds a Bachelor of Science in Electrical Engineering from Duke University.

    For more questions about Zscaler, go to www.zscaler.com
  • Developing a Successful Secure Product Lifecycle (SPLC) Program Recorded: Jan 4 2018 53 mins
    Julia Knecht and Taylor Lobb of Adobe
    A secure product lifecycle (SPLC) is integral to ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams.

    In this webinar, Julia Knecht and Taylor Lobb – Managers, Security & Privacy Architecture at Adobe, will explain how a team of just two security pros helped roll out a successful SPLC program that has scaled to support thousands of engineers by leveraging automation and establishing security ambassadors (champions) within the product engineering teams.

    Defining security requirements and KPIs for engineering teams is just the first step in creating the SPLC. In order to make the design a reality for several products, thousands of engineers, and millions of lines of code, Adobe’s team was organized into an “as a service” model and utilized automation to scale to meet this demand. Establishing a strong security ambassador program helped ensure the success of the SPLC. The centralized ambassador network has been crucial to the success all product security initiatives throughout the business unit.

    You’ll walk away with on-the-ground knowledge you can use to establish an effective SPLC in your own organization by establishing and utilizing security ambassadors and providing seamless automation to support these key initiatives.
  • Top 10 Public Cloud Security Recommendations Recorded: Dec 14 2017 43 mins
    Matt Keil of Palo Alto Networks
    Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.
  • Exploring CSA’s Cloud Controls Matrix (CCM) for Cloud Security Recorded: Dec 7 2017 61 mins
    Neha Thethi, BH Consulting
    As a cloud customer, vendor, security auditor or regulator, you may have been involved with ensuring security in the cloud. Although numerous standards, regulations, and controls frameworks exist to ensure compliance with security best practices, a harmonized and cloud-focused guidance can be quite valuable. In this webinar, we will explore how the CSA Cloud Controls Matrix (CCM) framework provides organizations with such a harmonized guidance and needed structure relating to information security tailored to the cloud industry. We will also discuss how the CCM addresses assurance of legal and interoperability aspects of the cloud.
  • 5 Steps to Prevent AWS Data Exposures Recorded: Dec 6 2017 49 mins
    Brandon Cook and Anant Mahajan of Skyhigh
    Amazon Web Services has strong security features, but customer misconfigurations have led to a series of very public data exposures over the last few months from Verizon, Dow Jones, Accenture, and Patient Home Monitoring.

    And now, we are seeing different misconfigurations leading to a new AWS exposure, dubbed GhostWriter, whereby third parties can alter content in S3 buckets, enabling bad actors to use the exposure to conduct MITM phishing and malware attacks.

    In this webinar, we will outline the proven steps you can take to prevent AWS data exposures, including a Skyhigh Security Cloud demo of:
    •Auditing AWS to identify and correct unsecure/noncompliant configurations
    •Preventing employee access to 3rd party GhostWriter-exposed S3 Buckets
    •Detecting compromised accounts and malicious insiders working with AWS

    About the speakers:

    Brandon Cook, VP, Marketing
    Brandon Cook leads the product marketing team at Skyhigh Networks and has over a decade of experience in the tech industry identifying and developing new markets. Prior to Skyhigh, Brandon worked at Sequoia Capital, Symantec, Clearwell (acquired by Symantec), and IBM. As a regular contributor to the Cloud Security Alliance (CSA) events and blogs and author of the quarterly Cloud Adoption and Risk Report, he has expertise in "shadow IT", cloud security, cloud governance, and cloud regulatory compliance. Brandon holds a B.S. in Economics from Duke University.

    Anant Mahajan, Senior Product Manager
    As a senior product manager, Anant Mahajan heads up Skyhigh’s IaaS product for AWS, Azure and Google Cloud. Prior to Skyhigh Networks, Anant led Druva’s Governance product offerings and has a successful track record of driving product innovation in the Cloud Security, Data Protection, eDiscovery and Compliance space. Anant is a software engineer by training and holds an MBA from Imperial College London.
  • Cloud Security for Startups - From A to E(xit) Recorded: Nov 23 2017 61 mins
    Moshe Ferber of CSA Israel and Shahar Maor of Outbrain
    Cloud computing perform amazing things for startups, providing young companies with access to enterprise grade infrastructure . But also act as a double edge sword. Lack of proper security controls can lead to multiple challenges varying from longer sales cycles to losing customers & investors trust.
    The Cloud Security Alliance identified those unique challenges and developed a cloud security for startups guidelines.
    In the upcoming webinar, the guidelines co-authors will explain the 3 phases security strategy that is recommended for your cloud based startups.
  • Security Anthropology: How Do Organizations Differ? Recorded: Nov 16 2017 33 mins
    Wendy Nather with Duo Security
    When planning a go-to-market strategy, it’s common practice to build detailed marketing and sales personas for key security individuals such as the CISO, the IT administrator, the developer, and the end user. Each of these roles has different needs and priorities when considering a security tool, and sales strategy recognizes the need to address each of them. Organizations have different types of business drivers, priorities, constraints, and capabilities as well: for example, an 80-year-old manufacturing company may not care what cute new IoT ideas you might have.

    These organizational personas must be considered when searching out peers for benchmarking. Security decisions made only by looking at other companies in the same industry doesn’t provide enough data, because there are many other variables that come into play. Building a security anthropology model for comparing organizations provides more context to better design products and services to align with their needs, while helping the security community speak the language of the users it’s serving. Join us for a discussion on how we can excavate a better approach with Wendy Nather, Principal Security Strategist at Duo Security.

    SPEAKER INFO:
    Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
  • Protecting Corporate Data When an Employee Leaves Recorded: Nov 2 2017 56 mins
    Michael Osterman of Osterman Research and Drew Neilson of Druva
    Employees leave organizations each year, but did your sensitive data leave with them? Osterman Research found that 39% of companies are not sure that they have recovered all corporate data assets, posing a significant risk in terms of data breach, regulatory and compliance implications, while leaving IT trying to locate and contain sensitive information.

    This presentation with Michael Osterman, president of Osterman Research, as he shares new research, and Drew Nielsen, Director of Enterprise Security, Druva. Key learnings include:

    * Understanding your organization's data vulnerabilities for data exfiltration
    * Recommended technologies, policies, and procedures to protect critical information
    * Preparation that can save IT time from potential audits, investigations or litigation
  • CISO Challenges with Cloud Computing Recorded: Oct 31 2017 60 mins
    Moshe Ferber of CSA Israel
    Cloud computing provides companies with unprecedented access to robust, scalable infrastructure, but on the other hand, cloud adoption is accompanied with various challenges for security professionals. In this presentation, we will examine cloud security challenges according to based on the different cloud services out there, review the current trends and discuss cloud strategies based on market sector.
  • Market State of Cloud Security Recorded: Oct 24 2017 55 mins
    Nick Mendez of Optiv
    Optiv will be sharing their insights on the market state of cloud security and how enterprises should bolster their security programs for the evolution of cloud. We will cover what we see in the field from the cloud security maturity state of most organizations to the IaaS/PaaS security trends that will impact your cloud deployment plans. At the end of this webinar, you will learn how you can accelerate cloud deployments securely so you gain a competitive edge in today’s market.
  • CASB 2.0: The Next Frontier for CASB Recorded: Oct 17 2017 50 mins
    Deena Thomchick of Symantec
    The rapid adoption of cloud applications and services has fueled the need for new security solutions, such as Cloud Access Security Brokers (CASBs). But how do these systems weave into your overall security infrastructure? There are many intersections to consider, such as DLP, Advanced Malware Protection, Web Security and Endpoint where organizations are navigating how to best integrate cloud security into their environment. This talk will explore this next frontier of CASB solutions.
  • Securing the Open Enterprise - API Security Threats, Risks and Solutions Recorded: Oct 10 2017 53 mins
    Ron Speed of TrustedImpact
    Enterprises around the globe are rapidly opening up their back-end systems and databases to the outside world using APIs. Drivers for doing this include everything from improving customer service, to monetizing corporate information assets and meeting regulatory requirements. For businesses and systems, however, that were never designed to be opened up to the outside world, APIs can expose them to a whole new range of major security threats and attacks. This webinar will examine this important and growing industry trend from a vendor-agnostic perspective, including:
    - What are the emerging threats and risks with APIs?
    - What API security controls and practices should be considered and how can cloud-based solutions assist?
    - What to look for when evaluating API security solutions?

    About Ron
    Ron, an IT risk, security and compliance executive, has 20+ years experience in international leadership roles, including Big 4 consulting and financial services. He specializes in “building bridges” between business and IT and working strategically with organizations looking to securely adopt new and emerging technologies, such as cloud, mobility, APIs, big data and IoT. Ron’s a recognized thought leader in such areas as cloud risk management and Fintech / blockchain security.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud CISC Virtual Summit
  • Live at: Feb 5 2015 5:40 pm
  • Presented by: Paul Kurtz, Dave Cullinane
  • From:
Your email has been sent.
or close