Hi [[ session.user.profile.firstName ]]

How to Negotiate a Proper SLA

The typical cloud customer easily grasps perceived advantages and user-friendliness in the cloud, but they are not security experts. Matching an customer's security requirements with what is being offered by CSPs can be the biggest challenge. Even though most CSPs include security provisions in their SLAs (Service Level Agreements), the variety of customer requirements make it all too easy to over/undershoot the security target. This is where the benefits of a template SLA kicks in.

This webinar will present expert opinions on the topic of cloud security SLA (secSLA) negotiation taking into consideration standards, technical, legal and social aspects.
Recorded May 19 2015 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
Presentation preview: How to Negotiate a Proper SLA
  • Channel
  • Channel profile
  • Shared Responsibility: Someone Else’s Problem Nov 4 2020 8:45 am UTC 30 mins
    Ashley Ward, Cloud CTO, Palo Alto Networks
    When talking about cloud it’s easy to fallback to that old joke that cloud is just someone else’s computer. Unfortunately it’s also easy to see it as Someone Else’s Problem (SEP). Ford Prefect, from The Hitchhiker's Guide to the Galaxy, said “An SEP is something we can't see, or don't see, or our brain doesn't let us see, because we think that it's somebody else's problem.” In this session we examine what that means in the cloud and how we can avoid assuming our security is good enough.
  • Get Quantum Safe Nov 4 2020 8:00 am UTC 30 mins
    Roger Grimes,Data-driven Defence Evangelist,KnowBe4 Inc. Bruno Huttner,Business Development & Product Management,ID Quantique
    Introduction to CSA's Quantum Safe Security Working Group and its goals and objectives. Quantum computers continue to strengthen and soon will be able to break traditional forms of asymmetric encryption and weaker symmetric ciphers. Attend this session to learn about the coming quantum crypto break and what your organization can do now to prepare. It will cover the state of post-quantum cryptography and quantum key distribution. If you don't know much about what is going on in the quantum computing world, the threats, and what we are doing to prepare, this is a good presentation to attend.
  • Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code Nov 3 2020 11:15 am UTC 30 mins
    Josh Stella, Co-founder and CTO, Fugue
    Cloud security is a software engineering problem, not a security analysis one. The engineers that build and maintain cloud infrastructure need policy-as-code tools to ensure cloud security and compliance.
    Open Policy Agent is an open source standard for policy-as-code that’s ideal for cloud infrastructure.

    In this talk, Josh Stella, cofounder and CTO at Fugue, will walk through how OPA works and how cloud engineering teams can leverage it for their use cases, including validating infrastructure-as-code and integrating cloud security into CI/CD pipelines.

    • How OPA and the Rego policy language work for a variety of cloud security use cases
    • How developers can check Terraform against policy with Regula, an open source tool that uses OPA
    • How to use OPA with CI/CD tools to integrate cloud infrastructure security into automated delivery pipelines
  • Cloud Security post Covid-19, Where to Go Next Nov 3 2020 10:30 am UTC 30 mins
    Carlo Gebhardt, Managing Director, Accenture Security
    Over recent years, security and compliance have been some of the top considerations when moving to the cloud. However, as Covid-19 has served as a transformation accelerator in many aspects of our digital life, cloud consumption is skyrocketing, and cloud transformations are booming. In order to achieve a sustainable cloud experience, it is now more important than ever, that security & compliance are not sacrificed for the speed of migration.

    In this talk, we will not only investigate the current state of cloud security, but we will also elaborate on scenarios and capabilities that support organizations in rapidly and securely adopting the cloud, and in maintaining compliance once operating in the cloud.
  • GAIA-X: Current Status and Outlook – What to Expect and How to Engage Nov 3 2020 9:45 am UTC 30 mins
    Andreas Weiss, Head of Digital Business Models, eco Association of the Internet Industry
    The key objectives of GAIA-X, Community Engagement and participation via the GAIA-X Association. European Data Infrastructure as part of NextGenerationEU - based on GAIA-X.
  • The Correlation Between Security Ratings and Breach Likelihood Nov 3 2020 9:00 am UTC 30 mins
    Matthew Mckenna, VP, International Operations, Security Scorecard
    What is the value of security ratings when it comes to predicting breaches? What are the indicators that breached companies are showing that non-breached companies don’t express? This session will examine breaches that have occurred in 2020 and present those security issues most commonly found in breached companies versus control groups of companies in the finance and healthcare that have not experienced publicly notified breaches. We will look at overall ratings, factor ratings and specific security issues which are more predominant in breach groups and illustrate the correlation to breach likelihood.
  • CSA’s Perspective on Cloud Risk Management Nov 3 2020 8:00 am UTC 45 mins
    Daniele Catteddu, CTO, Cloud Security Alliance. Vince Campitelli, Enterprise Security Specialist, Cloud Security Alliance
    This session is designed to introduce the publication of CSA’s unique insights into the challenges of mastering the widespread adoption of cloud technologies. More importantly, CSA will help members understand the importance of translating identified cloud and technology risks into those risks that are crucial to achieving business success and prosperity - the true rationale for the widespread growth of cloud computing. The presentation will also reveal those hidden technical risks that can expose organizations to operational failure, regulatory non-compliance, data breaches, external attacks and supply chain disruption.
  • Automating SAML Security Tests Recorded: Oct 29 2020 58 mins
    Ty Anderson, Application Security Researcher - Product Security Team, Adobe
    Single Sign-On (SSO) applications are becoming increasingly prevalent in organizations today. While there are many different SSO configuration types, Security Assertion Markup Language (SAML) is one of the most common in enterprise environments. Unfortunately, the current SAML 2.0 version is complex, and prone to misconfiguration, which can result in critical authentication and authorization vulnerabilities. Most large organizations likely have hundreds or thousands of applications that have been configured with SAML over the past 15 years, and many new applications still choose to incorporate SAML over other options. Because of how SAML is often incorporated into an existing environment, we are provided with a valuable opportunity to programmatically analyze each workflow and follow up with better preventative controls.

    In this webcast we will explain how an organization can gather an inventory of SAML-based applications, test for vulnerabilities in each workflow, and then effectively validate and report those findings with minimal false positives. We will also shed light on common mistakes that can complicate and slow down a project and provide useful tips and tricks that can help avoid these pitfalls.
  • The Shift to Cloud-Based, Intelligent Ecosystems Recorded: Oct 28 2020 60 mins
    Paul Kurtz, Bob Gourley, Chase Cunningham,& John Yeoh (moderator)
    In a document titled “Cloud-Based, Intelligent Ecosystems” CSA proposes a call to action for security executives to break the endless cycle of iterative tool adoption and, instead, move to data-centric security operations, driving integration and automation leveraging cloud-based fusion. Here, we break down the white paper and open discussion on redefining intelligence, sharing data, today’s overabundance of security tools, and more.

    What you’ll learn:
    - How “intelligence” is being redefined in the industry
    - The challenges of integrating data from internal security tools and external threat feeds.
    - How to build a Cloud-based, secure, intelligent ecosystem
  • Reducing Security Review Friction Recorded: Oct 28 2020 29 mins
    Duane Newman, VP of Product & Tom Rhoton, VP of Marketing at Whistic
    Security reviews are a part of nearly every sales cycle, and a frequent cause of business friction. In this webinar we’ll discuss common causes of this friction, and give practical insight into how it can be reduced.
  • STAR 1000 - The reason behind the STAR Program success story Recorded: Oct 27 2020 53 mins
    Daniele Catteddu, CSA and John DiMaria, CSA
    The cloud has come to dominate the technology landscape and revolutionize the market, creating a tectonic shift in accepted practice contributing to a massive advancement in technology. With an increase in business demand for cloud computing, also comes increased security and privacy concerns. How organizations evaluate Cloud Service Providers (CSPs) has become key to providing increased levels of assurance and transparency, better risk management and ultimately trust

    The STAR Program, the CSA program for cloud assurance, transparency, and accountability, was established in 2011 with the exact purpose of improving the level of trust in the cloud ecosystem and since it’s instantiation has evolved into the leading cloud-specific program for governance, risk, and compliance.

    In 2020 we are celebrating the achievement of the 1000 cloud services evaluated according to the principles of the STAR Program.

    Join us during this historic session where we bring together a top expert panel that includes the key innovators in the evolution of CSA STAR, along with CSA members that utilize the STAR Registry to communicate to their current and potential customers.

    Sponsored by Whistic.
  • Public Cloud Database Security: Using Others’ Mistakes to Stop Attacks Recorded: Oct 22 2020 59 mins
    Aaron C. Newman Founder, SecureCloudDB
    Hacks and breaches occur regularly. It can take months to find and contain an incident. According to Gartner, 99% of cloud security failures will be the cloud customer’s fault. Why is that?

    Join us as we
    - Dissect cloud database security — it’s different from on-prem
    - Get acquainted with cloud database hacking — real-world examples put the practice into perspective
    - Provide guidance on how to prevent breaches and stop attacks in their tracks — learn from what others didn’t do

    Leave with actionable takeaways regarding how to defend against dynamic threats.

    More about the presenter:
    Aaron Newman is an acclaimed international speaker and serial entrepreneur who has founded six successful startups including Cloud Storage Sec, SecureCloudDB, CloudCheckr, Techrigy, Application Security, Inc. and DbSecure. Aaron authored the books Enterprise 2.0, printed by McGraw-Hill, and the Oracle Security Handbook, published by Oracle Press. He has presented at hundreds of database conferences and user groups on technology topics and has been awarded multiple patents in cloud and database security.
  • The Current & Future of Cloud Security Strategy Recorded: Oct 22 2020 56 mins
    Ken Low, Subhajit Deb, Alex Ng, Noordin Yusuff Marican
    Join fellow CISOs for this panel discussion about Cloud Security strategy in 2020 and beyond. Where should you place your bets (and your budget)? How can you protect your organization from the new threats? And perhaps, most importantly, what do you say to the CEO who comes looking to you for cloud security answers?

    This session is moderated by Ken Low, Cybersecurity Industry Leader and Former Chairman, APAC Executive Council, CSA.

    Panelists include:
    Subhajit Deb, CISO, Dr. Reddy’s Laboratories,
    Alex Ng, Director, Insyghts Security,
    Md. Noordin Yusuff Marican, Global CISO, Circle.Life,
  • Watching the STARs Recorded: Oct 22 2020 36 mins
    Sanjeev Gupta, Director, Certification Partners Global
    We review what Certification means, in the most important
    criterion for a business, sales. How does a Certification Program
    achieve this? And what are the costs, not just direct. How should an
    Organisation begin this process, what to look out for, and what do you
    get at the end? We also review the differences of the CSA STAR with other Cloud Security programs.
  • Coronavirus, Computer Virus, Cyber Threats: A False Sense of Security Recorded: Oct 22 2020 37 mins
    Ekta Mishra, APAC Membership Director & Country Manager - India & Dr. Ngair Teow-Hin, CEO, SecureAge Technology
    With most office workers working from home due to Coronavirus pandemic, computer virus attacks on home computers are now a major issue facing the world. In this talk, we discuss the history of computer virus, cyber threat and why enterprises can be insecure due to having a false sense of cyber security. We also discuss how computer users can get infected by computer virus and what they can do about it.
  • The Rise and Importance of Digital Identity Recorded: Oct 21 2020 28 mins
    Chris Bailey, VP of Strategy and Business Development, Entrust
    One of the factors that drives innovation is the demand for convenience and efficiency while maintaining security in our digital lives. Certification authorities (CAs) enable secure encryption and provide ownership identification in their digital certificates for websites that ask for sensitive personal data, such as passwords and credit card numbers – but only some digital certificates include confirmed website ownership information, while others do not and allow websites to operate anonymously. This has already resulted in an explosion of anonymous encrypted phishing websites imitating authentic websites and stealing user information. This analysis explores how the current security landscape was shaped, and how proposed changes will impact the brands and the security of users who interact with them moving forward.
  • There is no more enterprise perimeter. Now What? Recorded: Oct 21 2020 33 mins
    Bob Flores, Satyavathi Divadari, Sandip Kumar Panda & Keith Prabhu.
    With more and more emphasis on cloud computing, the traditional enterprise perimeter is being redefined. This means enterprises must think differently when considering cybersecurity protection. The panel will explore changes enterprises should consider for risk management.

    This session will be moderated by Bob Flores, Founder and CTO of Applicology Inc. Panelists include:
    Satyavathi Divadari, ​​ Chairman, CSA Bangalore Chapter
    Sandip Kumar Panda, Co-Founder & CEO, Instasafe
    Keith Prabhu, Chairman, CSA Mumbai Chapter.
  • Zero Trust and Identity as a Service Recorded: Oct 21 2020 28 mins
    Nya Alison Murray, CEO, Trac-Car Technology
    As the threat landscape and cybersecurity risks are an ever present threat in 2020, it is clear that measures have to be taken to be more mindful of what end users, people, applications and IOT device connections we allow through the virtual network defences into the platform and software services. As malware continues to evolve, accidental misconfigurations grow with application complexity, and new forms of operations hacking emerge, and the top three attack vectors were Phishing (31 percent), Scan and Exploit (30 percent) and Stolen Credentials (source IBM X-Force), it is clear that Identity Management and Access Control require attention to ensure they effectively protect data centre resources. It is clearly time for a new approach to identity services allowing or denying access, particularly for insecure network connections.
  • SDP & 'Black-Cloud' Protection Recorded: Oct 21 2020 28 mins
    Juanita Koipillai, Founder & CEO, Waverley Labs
    Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.
  • SASE Economics: The New Frontier of Cloud Security Recorded: Oct 21 2020 35 mins
    Dr. Hing-Yan Lee EVP APAC, CSA & Jonathan Andresen, Senior Director Marketing, Asia-Pacific & Japan Bitglass
    Secure Access Service Edge (SASE) has become one of the hottest topics in the IT industry. Fueled by cloud services, the rise of BYOD and fast tracked by the new reality of remote working, direct-to-cloud platforms radically disrupt the economics of traditional IT security. By 2024, Gartner predicts that 40% of companies will adopt a SASE architecture.

    But what exactly is SASE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? This presentation cuts through the hype to explain the fundamentals of SASE, and how it compares to typical network and cloud security architectures. It will cover real-world use cases for securing SASE, and the benefits of moving to a cloud-first SASE platform.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Negotiate a Proper SLA
  • Live at: May 19 2015 12:00 pm
  • Presented by: Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
  • From:
Your email has been sent.
or close