Hi [[ session.user.profile.firstName ]]

Top 3 Reasons Why Growing Organizations are Moving Their Security to the Cloud

The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down. Data security, privacy and compliance have never been more at risk than in today’s social and mobile world.

According to recent reports:
· 50% of IT professionals rank security as a top reason for migrating applications to the cloud
· 84% of CIOs report that they have cut application costs by moving to the cloud
· 50% of cloud users have reduced their IT spend by 25%

Why should your organization’s security move to the cloud?

Join James Kawamoto, the Senior Director of Product Management, Zscaler Inc., for a compelling webcast that will highlight key reasons why growing organizations are moving their security to the cloud.

We will also talk about:
· The latest strategies and techniques cyber-criminals are using today
· Concrete steps you can take to keep your organization safe
· What to do about Internet security in today's cloud and mobile first IT landscape
· Key benefits of moving your security in the cloud
Recorded Sep 24 2015 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
James Kawamoto, Zscaler Inc.
Presentation preview: Top 3 Reasons Why Growing Organizations are Moving Their Security to the Cloud

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Extending Network Security Visibility into the Cloud Aug 7 2018 5:00 pm UTC 60 mins
    Anner Kushnir, VP of Technology at AlgoSec
    Enterprises are taking advantage of the economies of scale of cloud computing and migrating applications to public and private clouds. The new technology offers many advantages, but also requires taking a step back and evaluating whether existing network security tools and processes are relevant and effective in these new environments. To maintain their security posture, network security professionals need unified visibility and control as deployments spread to and across clouds. This is critical both to ensure that cloud payloads are protected against the growing number of attacks and breaches and also to satisfy regulatory compliance requirements such as PCI, HIPAA and NERC.

    In this webinar, Anner Kushnir, VP of Technology at AlgoSec, will share insights on the latest cloud security technologies and best practices for maintaining full-blown corporate security governance as enterprises deploy their applications in the cloud. Attendees will learn:
    •How to quickly bring enterprise network security best practices to cloud and hybrid deployments
    •How to gain full visibility into cloud network topology and filtering
    •Proactively uncover gaps in the compliance posture
    •How to ensure continuous compliance as part of policy change management
  • Eliminating Security Blind Spots in your AWS Environments Jul 31 2018 4:00 pm UTC 60 mins
    Edward Smith of CloudPassage
    As consumption of cloud services increases, security teams struggle to maintain visibility of the cloud assets in use across multiple environments throughout the enterprise. In fact, 43% of security pros say lack of visibility into cloud environments are their biggest operational headache. Cloud defenders struggle to answer two simple, but important questions: what do I have, and is it secure? The only way to answer these critical questions is with comprehensive security visibility of your AWS public cloud environments.

    Join us for this webinar to learn how to regain security visibility across all of your AWS accounts and how to:
    - Automatically discover all of your AWS assets in use across accounts, services, and regions
    - Reduce your attack surface by identifying and remediating security issues
    - Find and respond to hidden risks by assessing both the control plane and data plane
  • Reducing Risk in Public Cloud Environments Jul 24 2018 5:00 pm UTC 60 mins
    Greg Mayfield, Director of Product Marketing, Tenable
    As organizations adopt their multi-cloud and hybrid cloud strategies, continuous visibility and protection of these dynamic cloud workloads remains the #1 challenge for security teams. It’s essential to gain live visibility into AWS, Azure and Google Cloud Platform assets in order to continuously assess cloud infrastructure to detect vulnerabilities, malware and misconfigurations.

    This webinar will benefit SecOps teams by highlighting how they can obtain a unified view into cyber risk across their cloud environment to better prioritize response and mitigation. The discussion will highlight processes and tools to eliminate blind spots, secure cloud assets and applications and better integrate with CI/CD processes for fast and efficient remediation.
  • Avoiding the Dreaded DNS Hijack Recorded: Jul 12 2018 40 mins
    Dhivya Chandramouleeswaran of Adobe
    With increasing adoption of cloud services by organizations, there is unfortunately often an absence of decommissioning checks when such services are no longer in use. It is often up to developers and operations teams to properly clean them up. DNS records pointing to deleted cloud artifacts - not yet purged from name servers - create dangling DNS records. When these artifacts have the potential to be reclaimed by nefarious actors, organizations may become vulnerable to domain hijacking and subdomain takeover attacks.

    In this webinar, Dhivya will discuss:
    - How DNS hijacks differ from domain hijacks
    - Alternatives for identification of expired cloud artifacts
    - Attack mechanisms that may be used
    - Possible monitoring schemes and tools organizations can implement
    - Defensive measures to prevent dangling records and subdomain takeovers
  • A GDPR Compliance & Preparation Report Card Recorded: Jun 27 2018 51 mins
    Neil Thacker, CISO, EMEA -- Netskope
    With the General Data Protection Regulation (GDPR) now enforceable, organizations around the world have both interpreted and incorporated new and amended regulatory requirements into their security policies and programs. Join Neil Thacker, CISO, EMEA at Netskope for a discussion of our recent study with the Cloud Security Alliance on how organizations have prepared for meeting the requirements of the GDPR and what has been the initial impact on their businesses.

    Session topics will include:
    · Preparation for the GDPR including budget and personnel
    · Frameworks organizations are using to comply with the GDPR
    · Company demographics, challenging articles and convergence of security, data protection and privacy roles
  • User Behavior Study Screams the Need for Backup Recorded: Jun 26 2018 32 mins
    Aimee Simpson of Code42
    Digital transformation efforts won’t be successful unless IT accounts for the human element: workforce behavior. What’s the relationship between endpoint devices and employee work habits? We dug into the data to find out.

    In a new research study, Code42 examined data storage behavior across more than 1,200 laptops to learn how users get their work done–what files they create, where they store them, and how they share and interact with their data.

    Watch the webinar to learn:
    - The results of the research study on user behavior
    - The user work styles we found consistent across all organizations
    - The types of files users put most at risk of loss, theft or breach
    - Best practices for mitigating the risk of digital transformation efforts
  • A Path to Achieving Network Security ZEN Recorded: Jun 21 2018 47 mins
    Den Jones, Director – Enterprise Security, Adobe
    Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. The need to use a certain username and password for some services while saving additional credentials for other services can contribute to a headache for both security pros and users. Is it even possible to balance security and enhancement of the overall user experience? Adobe believes this is possible. We want to help you achieve this balance by sharing our framework known as Project “ZEN.”


    Project ZEN at Adobe is an initiative based upon principles found in zero-trust frameworks. Since there is no “off-the-shelf” solution to fully deliver on these principles today, ZEN is an investment in pioneering technology and policies to make the path to a zero-trust network more efficient and attainable.

    In this session you will: (a) learn about the principles behind Adobe ZEN, (b) understand the Adobe experience so you can start your own journey by leveraging existing security technology investments and targeted automation technologies, and (c) explore common issues you might encounter along the journey, with guidance on overcoming those issues.
  • Taming the Cloud Together – CCSP & CCSK Cloud Certification Synergy Recorded: Jun 12 2018 58 mins
    David Shearer, CEO, (ISC)2; Jim Reavis, CEO, CSA; Kevin Jackson, GovCloudNetwork ; Rich Mogull, Securosis; B. Dunlap (Mod)
    Certain things go together to make the sum of their parts that much better. Peanut Butter and Jelly. Lennon and McCartney. Batman and Robin. In the ever-changing world of the cloud, cyber security professionals need continuous training and certifications to stay up-to-speed and pairing (ISC)2’s CCSP (Certified Cloud Security Professional) with CSA’s CCSK (Certificate of Cloud Security Knowledge) can put any cyber security practitioner ahead in terms of knowledge, skills and job opportunities. On June 12, 2018 at 1:00PM Eastern, join David Shearer, (ISC)2’s CEO and Jim Reavis, CSA’s CEO, along with other subject matter expects as we explore the differences between each program, the training options available for each, and how these programs are synergistic in nature and together were designed to build on one another.
  • The Evolution of Zero Trust Security: Next Gen Access Recorded: Jun 7 2018 28 mins
    Nick Fisher, Security Product Marketing at Okta
    As breaches fill the headlines, more organizations are adopting a Zero Trust security model and its key principle of "never trust, always verify." Modern implementations of this model are focusing on "Next Gen Access," where identity and authentication can greatly enhance your security posture with less complexity than network-based solutions. Join Nick Fisher of Okta where we’ll discuss how companies today are having success taking a Zero Trust approach to security.
  • Secure DevOps: Application Security from Development Through Runtime Recorded: Jun 5 2018 43 mins
    Nathan Dyer of Tenable
    DevOps has become a competitive advantage for organizations competing in the new digital era. Increased speed, rapid experimentation, and continuous change are now guiding operating tenants to win in this market. Unfortunately, cybersecurity has been largely absent in the DevOps conversation despite the growing risks and high profile breaches over the past several years. Cybersecurity must adapt to DevOps, not the other way around, to overcome challenges relating to speed, poor visibility, and limited resources.

    Join Tenable as we talk about new approaches to secure applications across the entire software development lifecycle with specific examples along the way.
  • 3 Ways to Speed Up Your Incident Response Time Recorded: May 31 2018 44 mins
    Abik Mitra of Code42
    The pace of cyber attacks on business users is increasing, but the time it takes to detect and recover from them is taking longer.

    In this webinar, Code42's Abhik Mitra will explore the root cause of this divergence and offer three principles that, when applied, can reverse the trend. These incremental changes in process and technology are actionable by most security and IT teams and can dramatically accelerate incident response.
  • Wrangling Those Pesky 3rd-party Software Vulnerabilities Recorded: May 31 2018 39 mins
    Mayank Goyal, Sr. Security Researcher, Nishtha Behal, Security Researcher, Adobe
    Like many large software companies, Adobe makes use of both open source and commercial off-the-shelf software components to deliver solutions to its customers. From time to time, as with any publicly available software, vulnerabilities may be uncovered that require resolution – creating a cascading challenge in assuring that any solution we have using those components is remediated quickly. To help solve this vexing problem, Adobe developed an in-house solution we call “TESSA.” This session will discuss how TESSA came about, how it is helping to both track and automate remediation of vulnerabilities, and how we integrate it into our software development lifecycle to help us react more quickly to industry vulnerabilities. We would also like to get your feedback during this session to determine if TESSA would be useful to the CSA community as an open source project.
  • LIVE Cyber Attack Simulation: A Crypto Crime in Action Recorded: May 23 2018 37 mins
    Hank Schless and Christian Lappin from Threat Stack
    Crypto mining and cyber crime are at the top of the list for headline-grabbing attacks. Want to see how it’s actually done?

    The reality of what happens on a day-to-day basis is the breakdown of people and process. Join us on May 23rd for a live simulation of hackers bypassing security controls and executing a crypto mining attack. Watch how a security engineer is able to quickly identify the attack, and then learn the tips you can take home to improve your own security posture.
  • GDPR: Personal Data Protection Compliance is a Business Matter Recorded: May 22 2018 59 mins
    Prof. Dr. Paolo Balboni, Business Lawyer and Partner at ICT Legal Consulting
    Many companies approach compliance activities with the forthcoming European General Data Protection Regulation REGULATION (EU) 2016/679 as a purely legal matter. But this is a very shortsighted approach. Compliance with the GDPR is becoming a necessary business requirement. Only companies that will be able to reassure business partners and consumers regarding their alignment to the new EU Regulation will stay competitive in the digital market. Moreover, if performed in a strategic way, compliance with the GDPR enables businesses to process personal data in manifold ways and thus to extract meaningful information from them in order to better serve actual and future customers, as well as to improve efficiency.

    During the webinar Prof. Dr. Paolo Balboni (Business Lawyer, Partner at ICT Legal Consulting) will present a strategic approach to GDPR compliance aimed at mitigating the legal risk and maximising the benefits of data processing activities.
  • 5 Steps to Boost Your Security Posture on AWS Recorded: May 15 2018 28 mins
    Neelum Khan, Tajvia Willis, and ​Sudha Iyer from Netskope
    Many customers have exposed their data in the cloud without proper security solutions. Securing data in the cloud to prevent exposures can present challenges to all enterprises. Despite the rapidly growing need for cloud-native visibility into behavior and activity across AWS environments, many companies are still in the beginning stages learning about best practices and security solutions for AWS. They want to know the best approach and how to get there.

    In this webinar, you will learn:
    - Common AWS security concerns
    - 5 steps you can take to boost your AWS security posture
    - How to implement these steps
  • How to Ace Type 2 SOC 2 with Zero Exceptions Recorded: May 8 2018 43 mins
    Pete Cheslock and Pat Cable of Threat Stack
    Achieving Type 2 SOC 2 compliance with zero exceptions was no easy feat for Threat Stack. However, rather than implementing stringent security protocols at every point of production, they implemented and improved SecOps processes to make it happen.

    Learn how Threat Stack's Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable collaborated to make the SOC 2 journey a success as well as the innovations created along the way (including a Change Management tool called ‘SockemBot’). Join this webinar to learn more about:

    - The SockemBot, ticketing workflows, and other SOC 2 innovations
    - Developer-approved operational changes for code and ticket mapping
    - The SOC 2 business benefits get to reap now
  • The Road to GDPR Compliance: Tips from the Cloud Security Alliance and Dome9 Recorded: May 3 2018 57 mins
    Daniele Catteddu of CSA and Marina Segal of Dome9 Security
    General Data Protection Regulation (GDPR) is coming into effect on May 25, 2018. The requirements of GDPR are substantial and the penalties for non-compliance are severe. The new regulation will require companies across the globe to rethink how they store and handle customer data. Has your organization implemented the legal and technological controls required to comply?

    In this webinar, Daniele Catteddu, CTO of the Cloud Security Alliance (CSA) and Marina Segal, Lead Compliance Product Manager at Dome9, will discuss key challenges and best practices to address GDPR requirements. The webinar will cover compliance automation solutions available to help organizations achieve GDPR compliance and meet the May deadline.

    Topics we will cover:
    -Code of Conduct & Certification for GDPR Compliance
    -Where the most likely GDPR violations will occur
    -The impact of running workloads in the public cloud on GDPR
    -Best practices to simplify and speed up compliance
  • True Detective – Autopsy of latest O365 and AWS threats Recorded: Apr 25 2018 60 mins
    Brandon Cook, Thyaga Vasudevan, and Sandeep Chandana of McAfee
    How does your organization defend against the latest O365 and AWS threats including KnockKnock and Ghostwriter?

    Join CSA and McAfee to see an autopsy of two recent cloud threats: KnockKnock (O365) and Ghostwriter (AWS) uncovered CSA by our Cloud Threats Lab. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis
    and leveraging the “network effect”.

    Specifically, we will discuss how Information Security teams can:
    • Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data
    • Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and AWS
    • Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
  • Anatomy of a Cyber Security Breach: The Hero's Journey Recorded: Apr 11 2018 64 mins
    Sam Curry of Cybereason; Andrew Hammond and Red Curry of SSH Communications Security; Hector Monsegur of Rhino Security Labs
    My mother was washing dishes in the kitchen when the glass window she was looking out shattered in front of her…she was OK but unfortunately my curve ball has never gotten better. The second law of thermodynamics dictates that you can't put together something that has fallen apart. There was no way I could put that shattered glass back together. The second law of thermodynamics applies to breaches. There is no way to go back once you have been breached. We will tell you what are the emerging threats, how to prepare, and how to proactively manage an ongoing breach. We will cover the following types of breaches:
    - Phishing Scams
    - Buffer Overflow
    - Password Hacking
    - Downloading Free Software
    - Fault Injection
  • Understanding the Status of ERP Security in the Cloud Recorded: Mar 21 2018 63 mins
    JP Perez-Etchegoyen of Onapsis and Shamun Mahmud of CSA
    With ERP vendors reporting double-digit growth in cloud revenue year over year, many organizations are faced with the challenging task of planning a cloud migration of their most critical assets. Because these systems are typically more complex, and also house the organization's critical data and processes, special precautions must be taken when building a migration plan.

    During this webcast JP Perez-Etchegoyen, CTO of Onapsis Inc and Shamun Mahmud, Research Analyst at CSA, will present their key findings from the recently released white paper, "The State of Enterprise Resource Planning Security in the Cloud." Attendees will learn:
    - Security requirements of ERP and Business-Critical Applications
    - Cloud adoption trends
    - Challenges of migrating ERP solutions to the cloud
    - Common Security and privacy risks in cloud based ERP applications
    o SaaS ERP Applications
    o IaaS ERP Deployments
    o ERP extensions in PaaS cloud
    - Conclusions and key take-aways
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Top 3 Reasons Why Growing Organizations are Moving Their Security to the Cloud
  • Live at: Sep 24 2015 3:30 pm
  • Presented by: James Kawamoto, Zscaler Inc.
  • From:
Your email has been sent.
or close