Hi [[ session.user.profile.firstName ]]

How to Negotiate a Proper SLA

The typical cloud customer easily grasps perceived advantages and user-friendliness in the cloud, but they are not security experts. Matching an customer's security requirements with what is being offered by CSPs can be the biggest challenge. Even though most CSPs include security provisions in their SLAs (Service Level Agreements), the variety of customer requirements make it all too easy to over/undershoot the security target. This is where the benefits of a template SLA kicks in.

This webinar will present expert opinions on the topic of cloud security SLA (secSLA) negotiation taking into consideration standards, technical, legal and social aspects.
Recorded May 19 2015 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
Presentation preview: How to Negotiate a Proper SLA

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Protect, Detect, Respond and Recover: Mitigating the Risks of Cyber Security Aug 16 2016 4:30 pm UTC 60 mins
    Mat Hamlin of Spanning by EMC and Will McNae of Microsoft
    Information theft is the most expensive consequence of cybercrime, according to a recent Ponemon study. Business interruption following a cyberattack exacts a high price in productivity and business process failures—even greater than the cost of information and revenue losses.1 The more data you share in the cloud, the more you expose it to attack. While there’s no one way to achieve absolute security for your data, there’s a lot you can do to safeguard against attacks and to stop them from crippling your business if they do occur. Join us for this webinar as we explore ways to more effectively protect your cloud-based data, detect threats, respond to attacks, and recover from them.
  • True Detective: Detecting Insider Threats and Compromised Accounts in Office 365 Aug 9 2016 5:00 pm UTC 60 mins
    Brandon Cook and Santosh Raghuram of Skyhigh Networks
    How does your organization combat insider threats and compromised accounts?

    Join CSA and Skyhigh Networks to learn about cloud threat findings from the research of CSA and Skyhigh Cloud Security Labs. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis.

    Specifically, we will discuss how Information Security teams can:

    • Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and other SaaS applications.
    • Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data
    • Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
  • Protect Against New Threats to Safely Enable SaaS Aug 4 2016 4:00 pm UTC 60 mins
    Palo Alto Networks
    The usage of SaaS applications continues to grow rapidly whether they are enabled by IT or your end users. SaaS-based application usage has grown 46 percent over the past three years as shown in the latest Application Usage and Threat Report from Palo Alto Networks. The attackers are now adapting to leverage these applications as a point of insertion and a medium for malware to proliferate.

    Join us for this live webinar where you will hear from Unit 42, the Palo Alto Networks threat research team, on how malware is using SaaS applications. You will also learn how to:

    • Protect against the new insertion and distribution points for malware
    • Gain visibility and granular, context-based control of SaaS applications
    • Secure corporate data from malicious and inadvertent data exposure
  • Joining the Cloud Cyber Intelligence Exchange Aug 2 2016 4:00 pm UTC 60 mins
    Patrick Coughlin, TruSTAR
    CSA, along with support from key corporate members like Rackspace and Intel, has been incubating a new intelligence exchange within the CloudCISC Working Group. Join CSA and technology partner TruSTAR to discuss:
    - The challenges of building effective intelligence exchange
    - How the CloudCISC exchange is designed differently
    - How you can get involved in the growing collection of vetted CSA members exchanging intelligence everyday!
  • Five Requirements for Securely Adopting Cloud Applications Recorded: Jul 26 2016 62 mins
    Mark D. Campbell and Brandon Whichard of IBM Security
    The business benefits of cloud applications are undeniable, however security concerns can still slow their adoption. While many mainstream cloud applications offer secure platforms and excellent security capabilities, much of the security burden is still on you. You still need a strategy and the technology tools to ensure your organization can safely and efficiently utilize these cloud apps.

    Join IBM Security as we discuss five essential requirements for ensuring safe and efficient adoption of cloud applications.
  • Office 365 Security and Compliance – Enforcing the 4 Layers of Trust Recorded: Jul 13 2016 50 mins
    Brandon Cook and Srini Gurrapu of Skyhigh Networks
    Office 365 usage has tripled in the last 9 months as more and more companies enable anytime, anywhere access to Microsoft’s suite of cloud services. But security and compliance require a new level of granularity when users access cloud-based systems of record from a variety of networks, locations, and devices.

    In today’s cloud-first, mobile-first world, IT Security teams are creating variable trust models based on user, device, activity, and data sensitivity. In this session, we’ll share the proven 4-layer trust model for security and compliance in O365.
  • Protecting employees on the move with cloud-friendly application segmentation Recorded: Jul 13 2016 52 mins
    Paul German of Certes Networks
    Changed business practices, such as employees working on the move and the adoption of the cloud and cloud resources, should be mirrored by a change in security strategies. Organizations are commonly reluctant to adopt cloud technologies over concerns with security and control over enterprise data. However at the same time, many of these same organizations opened up access to applications for employees on the move, users on personal devices, external contractors, and other third parties that created a significantly larger attack surface than cloud services would have. To combat these threats, a number of cloud-friendly segmentation and application isolation techniques can be deployed to allow organizations to safely use the cloud whilst reducing their attack surface. Specifically, application segmentation via software-defined security represents a technique to accommodate borderless applications, adoption of the cloud, and modern user behaviours.

    Paul German, VP in EMEA, will discuss how the challenges presented by the next generation of information security can be overcome with practical examples and best practice tips.
  • Data-centric protection: the future of BYOD security Recorded: Jul 12 2016 45 mins
    Enabling secure BYOD has long been a challenge for IT. Attempts to secure these devices with agents and device management tools like MDM have been met with widespread employee concerns about privacy and usability, and as a result, organizations see low rates of adoption. Requiring that employees use these install these cumbersome device management tools or access data solely from managed devices are solutions fraught with issues. Employees need the flexibility to work from any device, anywhere.

    In this webinar, we'll discuss how IT can limit risk of data leakage amid changing user habits. Learn how organizations across all industries are enabling secure mobility and productivity with a zero-touch, agentless solution.
  • Building the Connected Hospital - Securely Recorded: Jun 30 2016 51 mins
    Chris Frenz, Jennifer Cathcart, Yogi Shaw, and Gib Sorebo
    The concept of the Connected Hospital offers full integration with Electronic Health Record (EHR) systems, streamlined operations, and enhanced patient safety. Secure implementation of the capabilities that enable a connected hospital is a challenge given the diverse nature of the components involved. Hospitals, integrators and developers must work together to ensure that security is considered at each stage of a product and system life cycle. Device manufacturers and Solution Providers must ensure that their offerings have been securely engineered and have undergone sufficient testing, while health providers must work to apply defense-in-depth strategies to mitigate the threats to their systems and patients.

    Join us for a panel discussion that examines the challenges associated with building a connected hospital and some of the measures taken to do so securely. We’ll hear from medical device developers, service providers, health care providers and security engineers in an attempt to make sense of the complex health environment being shaped by the IoT. Topics will include:

    - Hospital concerns and approaches for enabling connected infrastructures and services
    - Integrator concerns related to creation of connected systems
    - Developer concerns related to smart, connected healthcare devices
    - Thoughts on best practices for mitigating threats

    Panelists include:
    - Chris Frenz, Director-Infrastructure, Interfaith Medical Center
    - Jennifer Cathcart, Manager Cyber Security at Clinicomp
    - Yogi Shaw, Medtronic
    - Gib Sorebo, Cyber Security Technologist at Leidos
  • It's Alive! Automating Security Response in the Cloud Recorded: Jun 22 2016 54 mins
    Tim Prendergast of Evident.io
    The challenges facing teams responsible for creating speed and acceleration in the cloud are numerous, but the most dangerous challenge is discerning security signals from infrastructure noise. We can no longer deploy catch-all appliances or wrap hosts in countless layers of agent-based security technology in modern cloud environments. The context and approach to security has changed drastically in this shared ecosystem. It's time for us, as an industry, to acknowledge this shift and equip ourselves for success in the new world before us through security automation. The application of security automation in an API-centric cloud world represents a net new opportunity for defenders to gain an advantage.

    In this webcast, attendees will learn:
    -how to bridge the communications gap between Information Security Professionals and Engineering/Operations Professionals while improving defense capabilities
    -how to draw on the knowledge gleaned from DevOps to create a world where Security-as-Code is commonplace
    -how security automation helps to overcome the dire shortage in trained cloud security professionals
    -how to secure rapidly growing workloads in the cloud more easily as adversaries are also automating their attacks
  • Infosecurity 2016: The Influence of Privacy Shield on Data Protection Recorded: Jun 14 2016 7 mins
    Daniele Catteddu, CTO, CSA & Josh Downs, Community Manager, BrightTALK
    - Infosecurity Europe 2016 -

    BrightTALK were honoured to be joined by the CSA's CTO Daniele Catteddu to get his thoughts on cyber security and cloud defences in particular.

    Daniele walked through his thoughts on privacy shield and the sharing of EU data with the US; data protection; cyber security in the financial sector and how the banks can better protect themselves; assessing who the key threat actors are; ethical hacking and strengthening your perimeter to keep out zero-day attacks.
  • Continuous auditing/assessment of relevant security properties Recorded: Jun 14 2016 44 mins
    John DiMaria of BSI
    Module 3 in the CSA STAR Series

    While the Cloud Security Alliance’s (CSA) STAR Certification has certainly raised the bar for cloud providers, any audit is still a snapshot of a point in time. What goes on between audits can still be a blind spot.
    To provide greater visibility, the CSA developed the Cloud Trust Protocol (CTP), an industry initiative which will enable real time monitoring of a CSP’s security properties, as well as providing continuous transparency of services and comparability between services on core security properties[1]. This process is now being contributed to by BSI and other industry leaders.

    CTP forms part of the Governance, Risk, and Compliance stack and the Open Certification Framework as the continuous monitoring component, complementing point-in-time assessments provided by STAR certification and STAR attestation.

    Join us as we discuss:
    The concepts behind different evolving approaches to continuous monitoring, the next step in increasing transparency in the cloud.
  • The CSA Strategy for Securing IoT via the Cloud Recorded: Jun 7 2016 57 mins
    Jim Reavis
    Internet of Things will lead to a future where virtually every physical item has a microprocessor and all industries will be disrupted. In this presentation, CSA CEO Jim Reavis discusses key security trends for Internet of Things and Cloud Computing. He will make the case that the cloud platform is the key strategy for attaining secure IoT implementations and will explain the CSA roadmap for converging cloud and IoT security.
  • CSA SDP for IaaS Initiative: Best Practices and a Progress Report Recorded: Jun 2 2016 49 mins
    Jason Garbis of Cryptzone
    Enterprise adoption of IaaS environments has brought tremendous benefits, in terms of cost savings and agility, and enabled a more dynamic infrastructure. However, these changes have created new security, compliance, and IT administration challenges for enterprises, and management challenges for cloud service providers.

    The good news is that a Software-Defined Perimeter (SDP) approach can solve these problems. SDP can better protect IaaS services for Enterprise usage, and deliver uniform and seamless protection of on-premises and IaaS resources. In this webinar, Jason Garbis, Cryptzone’s VP Products, and IaaS Initiative Workgroup Chair, will provide a progress report from the new IaaS SDP Working Group initiative and an update on how SDP can uniquely address these problems for IaaS. Whether you’re with a cloud provider looking to improve management capabilities, or an enterprise that wants to bolster IaaS security initiatives, you’ll want to tune in.
  • Cloud Trust Protocol (CTP) Demo Recorded: May 20 2016 12 mins
    Alain Pannetrat of Cloud Security Alliance
    The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust.

    This video illustrates in concrete details how CTP can be used to monitor the security level of cloud assets. We follow Alice, a cloud customer, who provisions a set of webservices from a SaaS provider and uses the CTP API to monitor two security parameters in real time: uptime and SSL/TLS cryptographic strength. The presented demo was constructed to mimic a real cloud service using software containers and the open-source CTP prototype implementation currently developed by CSA.
  • Mitigating risk with application isolation and cryptographic segmentation Recorded: May 11 2016 53 mins
    Adam Boone of Certes Networks
    There is a direct correlation between the size of an enterprise’s attack surface and its risk profile. The greater the number of networked applications supported by the enterprise and the greater number of users granted access, the greater the chance that one of those users will be compromised and hackers will gain a foothold to the broad enterprise application environment. In fact, this attack vector has been exploited by hackers in most of the high profile data breaches dominating headlines over the past two years. However, enterprises are now adopting more advanced application isolation and segmentation techniques that actually shrink the attack surface and reduce the risk of a data breach. This presentation will cover use case examples of application isolation, cryptographic segmentation, and role-based access control methodologies that limit application exposure while containing and minimizing the damage of breaches when they occur.
  • The Business Value of Operational Risk Management Recorded: May 11 2016 50 mins
    John DiMaria of BSI
    Risk Management is not a standalone activity carried out by a company’s risk experts; it is part of the responsibilities of management and a concern to all of the organization’s stakeholders. Risk identification and management are vital to strategic planning, project development and change management. Correctly instituted, Operational Risk Management (ORM) is a cross-functional and dynamic process that is critical in helping decision-makers reach informed choices based on facts and data, not opinions. It helps management prioritize actions and distinguish the best route amid alternative courses of action. Securing information and assets is not a silo within the security or IT business unit.

    The benefits are many, but ORM, once implemented, facilitates reducing operational and compliance costs and provides a detection system that will help reduce future exposure to risk. Ultimately it means a more resilient organization.

    Some industries are under more regulatory pressure than others, but the federal government is now also pushing forward risk-based frameworks. Organizations dubbed as “Critical Infrastructure” will need to ensure they have the controls and processes in place to meet requirements outlined by risk-based frameworks such as the NIST Cybersecurity Framework.

    Attendees will learn:
    - How risk based security is defined and harmonized internationally
    - What ORM look like in real life business models
    - The importance of the combination of People, Process and Technology in reducing risk
    - How Operational Risk Management fosters Operational Resilience
  • Risky Business: Key Cloud Security Metrics your Board Needs to See Recorded: May 10 2016 55 mins
    Srini Gurrapu, Skyhigh Networks
    A recent study by Ponemon showed that the likelihood of an enterprise data breach of involving more than 10,000 records is approximately 22%. This risk, with an average associated cost of $3.79 million, has catapulted cloud security into an executive and board level.

    What key metrics should you track and share with your board? How should you structure your cloud security strategy to best protect your organization?

    Join Skyhigh Networks and CSA for a discussion of best practices that leading enterprises have embraced for managing and communicating cloud risk with the board.

    In this session, you’ll learn how to: 

    • Develop a comprehensive cloud security and governance framework 
    • Map your organization’s maturity based on current practices
    • Identify key business outcomes across the 4 pillars of cloud security 
    • Implement best practices for presenting cloud security metrics to the board

    Registrants will also receive a “Cloud Security and Governance Report for Executives and the Board” template to jump start the discussion. We look forward to seeing you at the webinar!
  • Improve CX, Productivity, Revenues and Security with Identity Coherence Recorded: May 5 2016 56 mins
    Steve Tout of Forte Advisory
    Customers expect a seamless experience across services and devices, critical to ensure successful conversions and renewals in e-commerce. At the same time, the impact of disconnected user experience on employee productivity can have significant financial implications. Big egos, politics, a shortage of skilled talent, legacy systems and complexity can also conspire to undermine the success of your IAM program unless you plan for and take massive action today. Join Steve Tout as he presents Identity Coherence, a blueprint for creating massive value and success with IAM in a multi-vendor, multi-cloud environment.
  • Meeting international requirements and leveraging CSA STAR for supply chain mana Recorded: May 4 2016 52 mins
    John DiMaria, BSI
    When an organization adopts cloud services, it is in fact expanding its operations from a local or regional presence to a more global one. As a result, the corresponding organizational operations’ strategy needs to be adjusted to align with these changes. You need to be in line with international requirements as well as your supply-chain. A more formal analysis of the supply-chain as part of a more comprehensive due diligence review also needs to be considered.1

    It is not always clear how the CSP handles incidents, encryption, and security monitoring. Organizations are rarely aware of all the risks they take when working with a CSP. In fact, the risks are multifaceted and are far more complex than those they experienced before moving to the cloud.

    An organization that rushes to adopt cloud services may subject itself to a number of business impacts including

    - Contractual issues over obligations regarding liability, response, and/or transparency
    - Mismatched expectations between the CSP and the customer
    - Lack of internal training and awareness within the user organization
    - Potential for software designers/engineers that are developing software to be unaware of associated risks

    Many organizations are turning to the cloud because of the resources required to manage complex supply chains. It can be challenging for most organizations to understand the supply-chain structure of the CSP’s environment; however, an increase in transparency will increase trust.

    At this session we will discuss:

    -Quick review of module 1
    -How CSA STAR maps to international requirements
    -How you can use CSA STAR to manage and monitor your supply-chain.
Education on the uses of Cloud Computing, Security and Privacy.
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Negotiate a Proper SLA
  • Live at: May 19 2015 12:00 pm
  • Presented by: Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
  • From:
Your email has been sent.
or close