Hi [[ session.user.profile.firstName ]]

How to Negotiate a Proper SLA

The typical cloud customer easily grasps perceived advantages and user-friendliness in the cloud, but they are not security experts. Matching an customer's security requirements with what is being offered by CSPs can be the biggest challenge. Even though most CSPs include security provisions in their SLAs (Service Level Agreements), the variety of customer requirements make it all too easy to over/undershoot the security target. This is where the benefits of a template SLA kicks in.

This webinar will present expert opinions on the topic of cloud security SLA (secSLA) negotiation taking into consideration standards, technical, legal and social aspects.
Recorded May 19 2015 61 mins
Your place is confirmed,
we'll send you email reminders
Watch for free
Presented by
Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
Presentation preview: How to Negotiate a Proper SLA
Related topics:

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile

Cloud Security Alliance: CloudBytes

  • Third-Party Cloud Management Feb 28 2019 5:00 pm UTC 60 mins
    Sam Abadir, Vice President of Industry Solutions, Lockpath
    Cloud computing offers massive scalability, availability and low-cost services as major benefits, but as with most new technologies, it introduces new risks. Because there is so much opportunity in the cloud, the cloud service provider network is continuously growing. Service providers are using different technologies, different standards, and like all companies have different competency levels.

    A couple of the major challenges organizations have when using cloud computing is managing these third-party operational and security risks. As more technology is moved from your company’s infrastructure to cloud, understanding and management of these risks often overwhelms technology and procurement teams.

    This can be managed if an effective third-party framework is put into place, appropriately managed and cross-organizational guidelines are being followed.
    Save your seat
  • Avoid the Breach with Effective Application Security Testing Feb 13 2019 6:00 pm UTC 60 mins
    Andrew Dunbar, VP of Security Engineering and IT at Shopify and Luke Tucker, Senior Director of Marketing at HackerOne
    Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Join Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne as they discuss best practices for testing and securing your cloud-based web applications. The session will also cover how you can scale application security for high-growth DevOps organizations and the tools and programs Shopify relies on to reduce security risk.

    In this webinar, you’ll learn to:
    - Develop and improve your application security strategy
    - Discover and manage critical vulnerabilities effectively
    - Scale security for high-growth organizations—with a DevOps methodology
    - Identify systematic issues and root causes to reduce long-term risk
    Save your seat
  • The Top 10 Things I Learned by Phishing my Company Feb 7 2019 5:00 pm UTC 60 mins
    Steve Edwards, Manager - Corporate Security Engineering, Duo
    Ninety-one percent of organizations in a recent TechValidate survey say they have seen phishing attacks on their organization in the past year. What’s more, 42% report more than 10 phishing attacks on their network in that time. What can be done to reduce these risks and protect your data and users? Phishing simulation tools are a powerful way to see how many and which employees are prone to fall for phishing attacks. With this information in hand, you can determine how to train those who are susceptible to avoid these attempts, and provide the tools to protect against them.

    In this webinar you'll hear from Steve Edwards, who manages Duo's Corporate Security Engineering team, on his experience conducting internal phishing campaigns at education and tech organizations. In addition to interesting metrics and appropriate techniques that come from phishing simulations, Steve has 10 valuable lessons to share. Join us on February 7 for this webinar to learn several unexpected things about phishing, your company, and human psychology.
    Save your seat
  • Want Better Management of Cloud Security Risk? Live Where Your People Live Jan 31 2019 6:00 pm UTC 60 mins
    Julia Knecht, Manager for Security and Privacy Architecture, Adobe
    Expecting your (relatively) small staff of security specialists we all have to handle security, risk management, and good governance entirely on their own is a recipe for disaster. While specialists are critical to ensuring products and processes are designed well, promote security, and ease compliance, real security and good governance requires dissemination of knowledge throughout the organization. To truly understand what you are securing, and who does that work, you have to play in their sandbox, integrate into their existing processes, remove overhead wherever possible, and gather that data, data, data… did I mention the data? To scale, push knowledge and requirements downstream as much as possible, in the language your teams can use.

    To scale to properly meet evolving risk management and compliance challenges, your own teams need to operate as a service. Automate processes wherever possible to help capture the necessary data to ensure good security is happening – and constantly evolve and improve the quality of that information to ensure it is driving expected behavior. Flow that data into simple dashboards that can help executives understand that things are really working as expected, and where they need to take action. After all, if you can't explain it simply, you don't understand it well enough. In this talk you’ll learn from Julia Knecht how Adobe was able to make this work in relatively short order and how you can take all of the best practices we learned and developed back to your organization and create your own “culture of security.”
    Save your seat
  • Measuring Cybersecurity through Behavioral Analytics - an Outside-In Approach Recorded: Jan 17 2019 62 mins
    Jasson Casey - CTO at SecurityScorecard
    Please join us on the 17th of January as Jasson Casey, CTO at SecurityScorecard, describes the state of cybersecurity in the modern world, and what best practices are for measuring it - differently. He will discuss the importance of behavioral analytics, and how to make use of an “outside-in approach” when measuring cybersecurity.

    He will relate how to apply security analytics to different facets of our business, including devops. With 20 years in the industry, Jasson will discuss his perspective on what tactics work, and which do not. Please join us to learn more.
    Watch now
  • Vendor Risk Management from the GDPR to California Privacy (CCPA) Recorded: Jan 10 2019 55 mins
    Blake Brannon, VP of Products, OneTrust
    In this webinar, we will deep dive into managing the vendor lifecycle under the GDPR, California Privacy (CCPA), and other global regulations. As organizations continue to improve their privacy and security programs, streamlining third-and fourth-party vendor risk has become a priority. This includes everything from filling out vendor assessments like the CSA Consensus Assessments Initiative Questionnaire (CAIQ), gaining sufficient guarantees from your vendors, to efficiently working with them during an audit or incident and much more.

    Together, the Cloud Security Alliance (CSA) and OneTrust launched a free Vendor Risk Management (VRM) tool to automate the vendor risk lifecycle for compliance with global privacy and security frameworks. Learn how to implement CSA-OneTrust Vendor Risk Management (VRM) tool to create successful vendor risk processes, expedite vendor onboarding with built in assessments, and hear practical advice on how to automate vendor risk within a software platform, all while meeting legal compliance obligations.
    Watch now
  • Container Security Best Practices: A How-To Discussion Recorded: Dec 18 2018 56 mins
    Nate Dyer, Sr. Product Marketing Manager, Tenable
    Application containers like Docker help DevOps work faster and quicken time-to-market, but they also create a major Cyber Exposure gap. Traditional vulnerability management approaches can’t easily secure containers – let alone keep pace with the high-velocity world of DevOps and continuous innovation. But don’t despair. We’ve got just the thing to save you from this nightmarish ordeal. Join us as we discuss a number of container security best practices to help you:
    - Learn why “shifting left” is critical to gaining visibility into containers
    - Understand how container security is a win for both security and DevOps
    - Find out three steps you can take to master container security
    Watch now
  • 2018: The Year in Data Security Panel Discussion Recorded: Dec 12 2018 48 mins
    Todd Thorsen, Sr Mgr, Security; Michelle Killian, Sr Mgr, Security Risk and Compliance; and Nathan Hunstad, Dir, Security
    The data security world changes so quickly it can be hard to keep up with the latest threats to corporate data. With countless stories of breaches, phishing scams, insider threats, government whistleblowers and cyber warfare, 2018 was the year all eyes turned to security teams and their role within an organization. In this webinar, a panel of security experts will recap the year in data security, with critical lessons learned, tips for security teams, a few fun stories and more.

    Join us to hear from your security peers about what they learned in 2018 and what they expect from the year to come.
    Watch now
  • Zero Trust in Practice: Why Identity Drives Next-Gen Access Recorded: Dec 6 2018 33 mins
    Nick Fisher, Solutions Marketing at Okta
    Zero Trust is quickly becoming the dominant security model for the cloud, shifting the perimeter from the network to the people and devices that make up a modern workforce. As a model with many moving parts, the immediate question is where to start?

    This session will focus on:
    - The full Zero Trust reference architecture and steps to get there
    - Why Identity is the foundational layer to build contextual access controls from
    Watch now
  • Taking Control of Your Complex Security Policy Across Hybrid and Multi-Cloud Env Recorded: Dec 4 2018 42 mins
    Yitzy Tannenbaum, Product Marketing Manager at AlgoSec
    As the network estate grows in size and complexity, the enterprise security team is responsible for ensuring a unified, comprehensive network security policy. But how can the team be sure about application connectivity and the correct implementation of change requests when applications span the breadth of on-premise, private and multi-cloud environments, each with its own security controls? In the face of application migration to multiple clouds, how can the enterprise be sure about its risk and compliance posture at all times?

    In this enlightening webinar, Yitzy Tannenbaum, Product Marketing Manager at AlgoSec, will explain how unified security policy automation can help you:
    •Obtain complete visibility across the entire network estate
    •Maintain uniform security policy across complex multi-cloud and hybrid environments
    •Monitor multi-cloud and hybrid network-security configuration changes to properly analyze and assess risk and to maintain compliance posture
    •Generate audit-ready reports for major regulations, including PCI, HIPAA, SOX and NERC, on demand
    •Correctly provision application connectivity flows with zero touch across the myriad security controls in hybrid environments
    Watch now
  • 2018 Data Exposure Report Recorded: Nov 28 2018 43 mins
    Molly Quinlan, Market Research Manager, Code42
    Are your C-suiters putting valuable company IP at risk through careless data practices? If they're like most business leaders, they are. Nearly three-quarters of CEOs admit they’ve taken IP, ideas, and data from a former employer, and 95 percent admit to keeping a copy of their work on a personal device.

    A new report from Code42 and Sapio Research raises startling concerns about the role of human emotions in risky data practices such as these. The Data Exposure Report includes feedback from nearly 1,700 security, IT and business leaders in the U.S. and Europe.

    Attend this webinar to learn about:
    - The ways business leaders and employees put data at risk
    - How lack of data visibility hampers the ability of IT departments to protect data
    - Strategies for keeping your valuable IP safe--whether you experience a data breach or not
    Watch now
  • Ready for Liftoff? Planning a Safe and Secure Cloud Migration Recorded: Nov 20 2018 48 mins
    Jason Garbis of Cyxtera
    Want to transition on-premises workloads to the cloud, but are concerned about consistently securing access? Join us for a webinar where we discuss how you can easily and effectively apply secure access policies throughout your cloud migration, regardless of your infrastructure complexity or architectural starting point. By utilizing a modern, cloud-ready security architecture, you can maintain – and in fact, improve – your enterprise security controls throughout the entire migration process.

    In this webinar, Jason Garbis, CISSP – Vice President of Products at Cyxtera, will discuss
    - Challenges (real and perceived) that enterprises face when moving to the cloud
    - Managing policies and permissions for cloud vs. on-premises workloads
    - The pitfalls of inconsistent security
    - How to secure any application, on any platform, anywhere.

    This webinar is for IT / Security leadership (director, VP, CISO, CIO).
    Watch now
  • Using Machine Learning to Detect Command Line Anomalies Recorded: Nov 13 2018 52 mins
    Andrei Cotaie and Tiberiu Boros of Adobe
    As we all know, cybersecurity is often a game of cat and mouse - attackers are always trying to outsmart us defenders. At Adobe, we face the same issues and concerns as all the other major companies. We must ask ourselves simple questions with non-simple answers: How do we ensure that all assets are protected? How do we ensure that our employees are secure from the outside threats? How can we mitigate future emerging threats? Attackers will always try to find the next unconventional attack that will bypass our security systems and our security mindset. In this case, how do we protect our self from the unknown? We believe machine learning techniques can assist us in this defense. This presentation will discuss one of our current machine learning innovations that is helping us detect anomalies in command lines. Command line interfaces are frequently used by users, system administrators and applications alike. Many applications launch console scripts to perform tasks, especially in cloud services where conformity in service environments is also helpful for security. When they can, attackers do like to leverage those native system capabilities. This presentation will discuss machine learning methods developed by Adobe computer scientists to help detect anomalies in command line scripts and calls to help prevent these types of attacks.
    Watch now
  • Protecting What’s Left: Cloud Security in the Serverless Age Recorded: Nov 8 2018 40 mins
    Edward Smith of Cloud Passage
    Serverless architectures and FaaS services such as AWS Lambda make application development scalable, easy, and cheap. Plus, there’s no server to maintain or patch! But just because there’s no server doesn't mean there’s nothing to secure. Serverless services and their dependencies still need to be used and configured correctly, which is why it’s important to maintain security visibility into your serverless architecture.

    Join CloudPassage for an introduction on protecting serverless applications and underlying infrastructure and learn:

    - What a serverless application looks like from a security perspective

    - What threats, risks, and potential vulnerabilities could be leaving your organization exposed

    - Steps you can take to secure your serverless architecture
    Watch now
  • Data Breach Myths vs. Reality Recorded: Oct 25 2018 31 mins
    Sami Laine of Okta
    Data breaches can happen to any organization, so it's important to understand your organization's risk of a data breach. But where should you start your assessment? What practical and pragmatic steps can you take?

    In this presentation, we'll discuss the myths vs. the realities on how:

    - Breaches happen

    - The rapidly growing cloud and SaaS adoption changes the game for
    defenders

    - Identity-driven security can help reduce the probability of a breach happening to your organization
    Watch now
  • How to Phish Your Employees For Functional Security Recorded: Oct 18 2018 45 mins
    Josh Green of Duo Security
    More than 90% of reported data breaches and security incidents in 2016 involved a successful phishing attack*. Attackers rely on phishing as a primary strategy because it continues to be both effective and efficient, as users remain the most vulnerable attack vector.

    The best defense against phishing is proactively educating your users, through a shame-free campaign that prepares them for real-world phishing attempts. Along with teaching your users what to watch for, an internal phishing exercise can result in faster user reports of possible phish attempts and reinforce your security response plan.

    In this webinar, you will learn how to:

    - Quickly and easily assess your security posture
    - Help build the business case for addressing your organization’s security needs
    - Build and deploy effective phishing simulations within minutes
    - Identify vulnerable users and devices
    - Increase the speed of user reporting for possible phishing messages

    * Verizon 2017 Data Breach Investigations Report, page 30
    Watch now
  • Discovering a Competitive Advantage with ISO 27001 Certification Recorded: Oct 11 2018 41 mins
    Jason Eubanks, CRISC, ISO 27001 Lead Auditor, Principal Consultant, Lockpath
    Organizations with mature, enterprise-wide information security risk management programs enjoy a competitive advantage, thanks to ISO 27001 certification that signifies an international standard for safeguarding information. In this webinar, Lockpath's Jason Eubanks, a governance, risk management, and compliance (GRC) consultant and former ISO auditor, will share the business case for earning ISO 27001 certification and the critical role of technology in implementing a successful information security management system (ISMS).

    You'll learn:
    •Challenges and pitfalls with ISO 27001 certification
    •Tips on establishing and maturing an ISMS
    •Strategies for preparing and passing ISO audits
    •Technology's role in earning and maintaining certification

    Learn how ISO 27001 can give you a competitive advantage and strategies for earning certification. Register now to attend this educational webinar.
    Watch now
  • Crypto Conflagration and Securing the Cryptocurrency Ecosystem Recorded: Oct 4 2018 41 mins
    Chris Wysopal, Co-Founder and Chief Technology Officer at CA Veracode
    Not only do cryptocurrencies rely on blockchain for their security, but they also rely on an ecosystem of software that runs exchanges, wallets, smart contracts and more. This software ecosystem, as well as the infrastructure on which it runs are required to be secure. Whether you are a builder, investor, or consumer- this webinar will help you learn how to identify the vulnerable aspects of the software that powers the cryptocurrency ecosystem - and how to avoid them.
    Watch now
  • Past the Perimeter: Earned Access Through A Zero-Trust Model Recorded: Sep 27 2018 47 mins
    Zoe Lindsey of Duo Security
    Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter.

    Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check.

    The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.
    Watch now
  • Cloud–delivered Security: Why It’s Your Best Bet Recorded: Sep 20 2018 48 mins
    Greg Mayfield of Tenable
    On-prem vs Cloud-based security? It’s an ongoing debate that SecOps teams face daily.

    With cloud adoption continuing to be a top business initiative, SecOps teams must adapt or risk falling behind. As most on-prem security tools don’t work in the cloud and suffer limitations, SecOps teams are faced with a myriad of new technologies and tools to implement to protect their critical assets. This can be overwhelming as numerous options abound.

    As the attack surface evolves and expands in the cloud, understanding the current state of assets and assessing their risk is an essential first step. Achieving continuous visibility and protection is then the following challenge. This webinar will discuss the opportunities and benefits that SecOps teams face by utilizing cloud-delivered security solutions vs. traditional on-prem solutions.
    Watch now
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy
  • Upcoming webinars (4)
  • Recorded webinars (165)
  • Subscribers (19,254)
Channel RSS feed

Register for Free

 

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Negotiate a Proper SLA
  • Live at: May 19 2015 12:00 pm
  • Presented by: Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
  • From:
Your email has been sent.
or close