The Borderless World: Bridging the Cloud with On-Prem Systems
Learn more about the new CSA Top Threats Report and how to protect yourself.
In the borderless world of Cloud computing, everything changes. You cannot deliver a cloud enabled business without a fundamental redesign of your security infrastructure. On-prem systems are increasingly integrated to cloud-based platforms which creates an abyss for data to spread to the farthest corners of earth, across the globe. Data flowing out of your control imposes significant security risks on the corporation, network, IT and the day to day activities of the business. Between all these touchpoints, a tremendous chasm must be traversed efficiently and safely, while maintaining control and ownership of data. With a mountain of sensitive data flowing back and forth daily, a new era of data security must evolve. Organizations must be savvy enough to combat threats while protecting the valuable assets – the data.
During this webcast we will discuss some of the finding from the CSA Top Threats report and how data protection can help mitigate and manage the risks. Think of security as an enabler instead of an obstacle for cloud adoption.
RecordedMar 10 201661 mins
Your place is confirmed, we'll send you email reminders
Jason Garbis of Cryptzone and Puneet Kukreja of TrustedPassage
Since March 2016, when the CSA launched this new Software-Defined Perimeter for IaaS initiative, more and more organizations have embraced the Software-Defined Perimeter model and are benefitting from the seamless protection it offers, whether on-premises or in the cloud. SDP can better protect IaaS services for Enterprise usage, and deliver uniform and seamless protection of on-premises and IaaS resources, enabling cost savings and agility, and a more dynamic infrastructure.
In this webinar, the leaders of the SDP-for-IaaS initiative will provide a preview of the forthcoming research and use cases that this working group has developed. This research focuses on how SDP can uniquely address security, compliance, IT administration and management challenges for cloud service providers and enterprises alike. If you’d like to hear more about securing your IaaS workloads, you’ll want to attend!
Learn how to use threat intelligence to shorten investigation time and improve security decision making. From the right content to the best delivery format, learn the top considerations for picking a threat intelligence source and making it work with your security practice. Join the session to learn how to make the most of threat intelligence, what to look for in a threat intelligence feed, and best practices for integrating feeds into your existing solutions.
As the May 25, 2018 deadline for compliance with the new General Data Protection Regulation (GDPR) rapidly approaches, enterprise IT organizations must implement a cloud data security strategy that supports compliance and minimizes their organization’s exposure to new breach notification requirements and financial penalties as high as 20 million Euros or 4 percent of total annual turnover.
Yael Nishry and Doug Lane from the Vaultive team have extensive backgrounds in risk management and enterprise security technologies. Join them for this event as they discuss what organizations should be doing to prepare for this new regulation.
During this webinar you'll learn:
· The key cloud data security takeaways from GDPR
· What steps can you take to mitigate risk and reduce the notifications required in the event of a data breach
· The challenges of data transfers under the new regulation and how to overcome them
· What is the role and expectation of your cloud provider when it comes to GDPR
· How your company can enforce best-practice segregation of duties between your data and the cloud service provider processing it
Everything we know about defeating the Insider Threat seems not be solving the problem. That's why the Cloud Security Alliance with special commentary from LemonFish Technologies undertook new research to understand the extent of this issue.
Join the Cloud Security Alliance Strategy Advisor, Evelyn de Souza, Mary Beth Borgwing, President of LemonFish Technologies...
-Uncover the extent of insider threats
-Learn what happens to data after its being exfiltrated
-Tools to mitigate insider threats going forward.
Moderated by Rebecca Herold, The Privacy Professor; Jacqueline Cooney, BAH, Daniel Catteddu, CSA, Chris Griffith from HPE
After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.
While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
58% of security professionals expect their budgets to stay the same next year. If you’re like them, you’re trying to secure a growing number of cloud services and infrastructure without a bigger budget.
What do you do? Make a bulletproof business case for a Cloud Access Security Broker (CASB).
In this webinar you'll learn:
-How to demonstrate the financial exposure of not having a CASB
-How to align cloud security spending with business objectives
-How to demonstrate savings in cyber security expertise through
The GDPR Covers Anyone with Data on European Residents
In May 2018, a new data privacy law comes into effect and any organisation with data on the 500+ million citizens of the European Union (EU) has to comply. Fines can be up to 4% of revenue, mandatory data loss notification to regulators and users comes into force, and class action lawsuits will land on the desk of anyone unfortunate enough to lose data. As with any data loss incident, these costs may be dwarfed by the loss of brand image and customers choosing not to do business with you again.
Unmanaged cloud could be your weakest link, so what do you need to do?
Join us for this webinar where the author of “GDPR – An Action Guide for IT” will speak and you will learn:
· The top ten points of the new regulation
· Which departments in your organisation need to be part of the GDPR-Readiness Team
· What you need to do today, what you can leave until tomorrow
· Policies for collecting, processing, transferring and deleting data
· 25 questions to ask yourselves to ensure you are ready
Rich Mogul of Securosis and Terence Spies of HPE Security--Data Security
Data protection has a tendency to be intimidating for organizations, users and implementers. Organizations see the value of having a data protection program but the challenges of applying a data protection solution often upsets the balance and work flow within the organization, users and create challenges for those implementing. Wouldn’t it be great if there were solutions that took the guesswork out of data protection and key management?
Data moves in a non-linear way. Data protection and key management needs to interact with the data and the users in a seamless way that doesn’t disrupt their processes or destroy the characteristics of the data.
Fortunately, in today’s data driven environment, there are strategies and technologies to protect data that do not have to be the high-risk propositions feared by organizations, users and implementers - IT professionals. By thinking of data protection and key management as data t protection enablers instead of obstacles, you can easily protect data across the infrastructure and beyond.
Join this session and learn how HPE Security – Data Security offers unintimidating data protection and key management solutions that take the guesswork out of data protection. Protecting data through a layered security approach: from data-at-rest to data-in-motion and data-in use.
Salim Hafid and Rich Campagna of Bitglass, and John Yeoh of CSA
With cloud adoption on the rise, IT leaders are looking to peer organizations to understand security best practices in the cloud. Bitglass and CSA surveyed infosec professionals to uncover the top threats to cloud security and the tools most often used to secure cloud apps.
In this webinar, John Yeoh, Senior Research Analyst at CSA, joins Bitglass to discuss the results of the "Mitigating Risk for Cloud Applications" report and to explore the major issues facing organizations in their move to the cloud, from Shadow IT and inadequate visibility to concerns around government access.
The needs for IT agility for business, is driving adoption of flexible computing environments including IaaS, Private Cloud among others. The challenge associated with this transformation towards the Hybrid cloud environment is the assurance around the security for the workloads and data. Specific issues arise due to the “Shared security model ” of the varying Cloud environments in terms of implementation of security, compliance and optimization in these environments.
The need of the hour is to ensure effective security governance through standardization of security controls/Policies across Hybrid cloud deployments are driven by embedded security mechanisms with lesser bolted-on overhead on the IT security teams. One successful example is the leveraging of “security for the cloud from the cloud” to provide elastic and adaptive security services for the hybrid cloud
In this webinar, Avinash Prasad, AVP, Information & Cyber Risk Management and Munish Gupta, Principal – Information & Cyber Risk Management , Infosys (NYSE: INFY) will share their experiences with respect to standardization of security controls in Hybrid cloud environments.
Mat Hamlin of Spanning by EMC and Will McNae of Microsoft
Information theft is the most expensive consequence of cybercrime, according to a recent Ponemon study. Business interruption following a cyberattack exacts a high price in productivity and business process failures—even greater than the cost of information and revenue losses.1 The more data you share in the cloud, the more you expose it to attack. While there’s no one way to achieve absolute security for your data, there’s a lot you can do to safeguard against attacks and to stop them from crippling your business if they do occur. Join us for this webinar as we explore ways to more effectively protect your cloud-based data, detect threats, respond to attacks, and recover from them.
Brandon Cook and Santosh Raghuram of Skyhigh Networks
How does your organization combat insider threats and compromised accounts?
Join CSA and Skyhigh Networks to learn about cloud threat findings from the research of CSA and Skyhigh Cloud Security Labs. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis.
Specifically, we will discuss how Information Security teams can:
• Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and other SaaS applications.
• Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data
• Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
The usage of SaaS applications continues to grow rapidly whether they are enabled by IT or your end users. SaaS-based application usage has grown 46 percent over the past three years as shown in the latest Application Usage and Threat Report from Palo Alto Networks. The attackers are now adapting to leverage these applications as a point of insertion and a medium for malware to proliferate.
Join us for this live webinar where you will hear from Unit 42, the Palo Alto Networks threat research team, on how malware is using SaaS applications. You will also learn how to:
• Protect against the new insertion and distribution points for malware
• Gain visibility and granular, context-based control of SaaS applications
• Secure corporate data from malicious and inadvertent data exposure
CSA, along with support from key corporate members like Rackspace and Intel, has been incubating a new intelligence exchange within the CloudCISC Working Group. Join CSA and technology partner TruSTAR to discuss:
- The challenges of building effective intelligence exchange
- How the CloudCISC exchange is designed differently
- How you can get involved in the growing collection of vetted CSA members exchanging intelligence everyday!
According to Gartner, cloud-based security is continuing to grow at a significant rate, spiking at a 35% CAGR compared to 6% for on-premise appliances. Newer and more advanced threats are creating risks that traditional appliances are struggling to keep up with. Consequently, the report highlights a number of key priorities for your security strategy, including:
- The need for ‘advanced threat defense’ and not just a web filtering solution
- The critical nature of securing your remote offices
Is your security strategy aligned with all of the key recommendations from Gartner? What are the implications for enterprise security?
Join Jim Reavis, Co-Founder and Chief Executive Officer, Cloud Security Alliance and Atri Chatterjee, Chief Marketing Officer, Zscaler, Inc., for a compelling webcast providing deep insights into Gartner's findings that are relevant for CISO's and CIO's. They will also address:
- Latest security trends for enterprise security
- Implications of the recent M&A activity in the security market
- Key considerations when making your next web security decision
Mark D. Campbell and Brandon Whichard of IBM Security
The business benefits of cloud applications are undeniable, however security concerns can still slow their adoption. While many mainstream cloud applications offer secure platforms and excellent security capabilities, much of the security burden is still on you. You still need a strategy and the technology tools to ensure your organization can safely and efficiently utilize these cloud apps.
Join IBM Security as we discuss five essential requirements for ensuring safe and efficient adoption of cloud applications.
Brandon Cook and Srini Gurrapu of Skyhigh Networks
Office 365 usage has tripled in the last 9 months as more and more companies enable anytime, anywhere access to Microsoft’s suite of cloud services. But security and compliance require a new level of granularity when users access cloud-based systems of record from a variety of networks, locations, and devices.
In today’s cloud-first, mobile-first world, IT Security teams are creating variable trust models based on user, device, activity, and data sensitivity. In this session, we’ll share the proven 4-layer trust model for security and compliance in O365.
Changed business practices, such as employees working on the move and the adoption of the cloud and cloud resources, should be mirrored by a change in security strategies. Organizations are commonly reluctant to adopt cloud technologies over concerns with security and control over enterprise data. However at the same time, many of these same organizations opened up access to applications for employees on the move, users on personal devices, external contractors, and other third parties that created a significantly larger attack surface than cloud services would have. To combat these threats, a number of cloud-friendly segmentation and application isolation techniques can be deployed to allow organizations to safely use the cloud whilst reducing their attack surface. Specifically, application segmentation via software-defined security represents a technique to accommodate borderless applications, adoption of the cloud, and modern user behaviours.
Paul German, VP in EMEA, will discuss how the challenges presented by the next generation of information security can be overcome with practical examples and best practice tips.
Enabling secure BYOD has long been a challenge for IT. Attempts to secure these devices with agents and device management tools like MDM have been met with widespread employee concerns about privacy and usability, and as a result, organizations see low rates of adoption. Requiring that employees use these install these cumbersome device management tools or access data solely from managed devices are solutions fraught with issues. Employees need the flexibility to work from any device, anywhere.
In this webinar, we'll discuss how IT can limit risk of data leakage amid changing user habits. Learn how organizations across all industries are enabling secure mobility and productivity with a zero-touch, agentless solution.
Chris Frenz, Jennifer Cathcart, Yogi Shaw, and Gib Sorebo
The concept of the Connected Hospital offers full integration with Electronic Health Record (EHR) systems, streamlined operations, and enhanced patient safety. Secure implementation of the capabilities that enable a connected hospital is a challenge given the diverse nature of the components involved. Hospitals, integrators and developers must work together to ensure that security is considered at each stage of a product and system life cycle. Device manufacturers and Solution Providers must ensure that their offerings have been securely engineered and have undergone sufficient testing, while health providers must work to apply defense-in-depth strategies to mitigate the threats to their systems and patients.
Join us for a panel discussion that examines the challenges associated with building a connected hospital and some of the measures taken to do so securely. We’ll hear from medical device developers, service providers, health care providers and security engineers in an attempt to make sense of the complex health environment being shaped by the IoT. Topics will include:
- Hospital concerns and approaches for enabling connected infrastructures and services
- Integrator concerns related to creation of connected systems
- Developer concerns related to smart, connected healthcare devices
- Thoughts on best practices for mitigating threats
- Chris Frenz, Director-Infrastructure, Interfaith Medical Center
- Jennifer Cathcart, Manager Cyber Security at Clinicomp
- Yogi Shaw, Medtronic
- Gib Sorebo, Cyber Security Technologist at Leidos