Hi [[ session.user.profile.firstName ]]

Cloud Security: What You Should Be Concerned About

Intel Security conducted a survey regarding cloud adoption and cloud security. This webcast will discuss the findings and answer questions like...
-Is cloud for everyone?
-How much are companies investing in cloud?
-What are the top concerns?
Recorded Mar 31 2016 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Raji Samani of Intel Security and Jim Reavis of CSA
Presentation preview: Cloud Security: What You Should Be Concerned About

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • GDPR: Personal Data Protection Compliance is a Business Matter May 22 2018 12:00 pm UTC 60 mins
    Prof. Dr. Paolo Balboni, Business Lawyer and Partner at ICT Legal Consulting
    Many companies approach compliance activities with the forthcoming European General Data Protection Regulation REGULATION (EU) 2016/679 as a purely legal matter. But this is a very shortsighted approach. Compliance with the GDPR is becoming a necessary business requirement. Only companies that will be able to reassure business partners and consumers regarding their alignment to the new EU Regulation will stay competitive in the digital market. Moreover, if performed in a strategic way, compliance with the GDPR enables businesses to process personal data in manifold ways and thus to extract meaningful information from them in order to better serve actual and future customers, as well as to improve efficiency.

    During the webinar Prof. Dr. Paolo Balboni (Business Lawyer, Partner at ICT Legal Consulting) will present a strategic approach to GDPR compliance aimed at mitigating the legal risk and maximising the benefits of data processing activities.
  • 5 Steps to Boost Your Security Posture on AWS May 15 2018 4:00 pm UTC 60 mins
    Neelum Khan, Tajvia Willis, and ​Sudha Iyer from Netskope
    Many customers have exposed their data in the cloud without proper security solutions. Securing data in the cloud to prevent exposures can present challenges to all enterprises. Despite the rapidly growing need for cloud-native visibility into behavior and activity across AWS environments, many companies are still in the beginning stages learning about best practices and security solutions for AWS. They want to know the best approach and how to get there.

    In this webinar, you will learn:
    - Common AWS security concerns
    - 5 steps you can take to boost your AWS security posture
    - How to implement these steps
  • The Road to GDPR Compliance: Tips from the Cloud Security Alliance and Dome9 May 3 2018 5:00 pm UTC 60 mins
    Daniele Catteddu of CSA and Marina Segal of Dome9 Security
    General Data Protection Regulation (GDPR) is coming into effect on May 25, 2018. The requirements of GDPR are substantial and the penalties for non-compliance are severe. The new regulation will require companies across the globe to rethink how they store and handle customer data. Has your organization implemented the legal and technological controls required to comply?

    In this webinar, Daniele Catteddu, CTO of the Cloud Security Alliance (CSA) and Marina Segal, Lead Compliance Product Manager at Dome9, will discuss key challenges and best practices to address GDPR requirements. The webinar will cover compliance automation solutions available to help organizations achieve GDPR compliance and meet the May deadline.

    Topics we will cover:
    -Code of Conduct & Certification for GDPR Compliance
    -Where the most likely GDPR violations will occur
    -The impact of running workloads in the public cloud on GDPR
    -Best practices to simplify and speed up compliance
  • True Detective – Autopsy of latest O365 and AWS threats Apr 25 2018 5:00 pm UTC 60 mins
    Brandon Cook, Thyaga Vasudevan, and Sandeep Chandana of McAfee
    How does your organization defend against the latest O365 and AWS threats including KnockKnock and Ghostwriter?

    Join CSA and McAfee to see an autopsy of two recent cloud threats: KnockKnock (O365) and Ghostwriter (AWS) uncovered CSA by our Cloud Threats Lab. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis
    and leveraging the “network effect”.

    Specifically, we will discuss how Information Security teams can:
    • Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data
    • Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and AWS
    • Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
  • Anatomy of a Cyber Security Breach: The Hero's Journey Recorded: Apr 11 2018 64 mins
    Sam Curry of Cybereason; Andrew Hammond and Red Curry of SSH Communications Security; Hector Monsegur of Rhino Security Labs
    My mother was washing dishes in the kitchen when the glass window she was looking out shattered in front of her…she was OK but unfortunately my curve ball has never gotten better. The second law of thermodynamics dictates that you can't put together something that has fallen apart. There was no way I could put that shattered glass back together. The second law of thermodynamics applies to breaches. There is no way to go back once you have been breached. We will tell you what are the emerging threats, how to prepare, and how to proactively manage an ongoing breach. We will cover the following types of breaches:
    - Phishing Scams
    - Buffer Overflow
    - Password Hacking
    - Downloading Free Software
    - Fault Injection
  • Understanding the Status of ERP Security in the Cloud Recorded: Mar 21 2018 63 mins
    JP Perez-Etchegoyen of Onapsis and Shamun Mahmud of CSA
    With ERP vendors reporting double-digit growth in cloud revenue year over year, many organizations are faced with the challenging task of planning a cloud migration of their most critical assets. Because these systems are typically more complex, and also house the organization's critical data and processes, special precautions must be taken when building a migration plan.

    During this webcast JP Perez-Etchegoyen, CTO of Onapsis Inc and Shamun Mahmud, Research Analyst at CSA, will present their key findings from the recently released white paper, "The State of Enterprise Resource Planning Security in the Cloud." Attendees will learn:
    - Security requirements of ERP and Business-Critical Applications
    - Cloud adoption trends
    - Challenges of migrating ERP solutions to the cloud
    - Common Security and privacy risks in cloud based ERP applications
    o SaaS ERP Applications
    o IaaS ERP Deployments
    o ERP extensions in PaaS cloud
    - Conclusions and key take-aways
  • How to Design Successful Internal Bug Hunts: Squashing Security Bugs on a Budget Recorded: Mar 19 2018 54 mins
    Pieter Ockers of Adobe
    Far too often, testing software for security flaws falls into the “nice-to-have” category, taking a backseat to the demands of the marketplace and inflexible feature release schedules. In addition to the expense of hiring an outside security testing team, testing for and fixing obscure security bugs is a brake on an engineer’s ability to put new code in the hands of their customers. Fortunately, there is a workaround to this dilemma that will allow you to promote application security awareness while helping to reduce security bugs in your applications.

    An internal bug hunt contest - in which your employees compete for prizes by finding and reporting security bugs - enables you to harness the creativity and problem-solving skills of your workforce while reducing security bugs in your applications. It can also help promote a culture of security awareness - without a large security testing budget.

    An internal bug hunt contest can you help you:

    • Find and remediate vulnerabilities before external entities can exploit them
    • Provide a safe platform for your application owners to test for security bugs
    • Promote application security awareness
    • Engage employees outside of the central security team who want to explore the security domain

    In this webcast, you will learn how an internal bug bounty program can help you find security flaws in your applications before criminals or spies, while improving the security culture at your company.
  • CSA Summit at RSA Conference Preview Recorded: Mar 14 2018 35 mins
    Jim Reavis of CSA,Wayne Anderson of McAfee, Deena Thomchick of Symantec, Jervis Hui of Netskope, and Chris Steffen of Cyxtera
    Want to know what you can expect at this years CSA Summit at RSA Conference? Join this webinar to get a preview of several sessions including: 

    - Appetite for Destruction – The Cloud Edition
    Over the last two years, the multitude of data leaks and breaches in the cloud has skyrocketed. Many of these leaks are reminiscent of the past security lessons, and some show new attributes unique to our evolving computing environments. In this short talk, we’ll take a look at the past, and peer towards the prospective future being discussed during year’s summit. 

    - Cloud Security Journey
    Get a preview of how a major retailer solves the problem of security software chaos and fragmentation while addressing new security requirements. Get a real-world perspective on how they approached cloud security while addressing end-to-end compliance, data governance, and threat protection requirements. 

    - A GDPR-Compliance & Preparation Report Card
    With the impending May 2018 deadline for GDPR compliance, organizations worldwide need to account for the regulation in their security policies and programs. Join us for a preview of our recent study with the Cloud Security Alliance on how organizations are preparing for compliance. 

    - The Software-Defined Perimeter in Action
    Learn how organizations have taken CSA's Software-Defined Perimeter (SDP) from experimental to enterprise-grade. Join us for a preview of the valuable insights and hear best practices on how enterprises can make SDP adoption a reality that will be discussed at this year's summit.
  • Making Compliance Count Recorded: Mar 7 2018 57 mins
    Dave Lenoe and Molly Junck at Adobe
    It’s a brave new world, with bug bounties and crowd-sourced penetration tests now an up-and-coming way to augment security programs. But can you do the same with your compliance and certification programs? At Adobe, our security team has been working with our internal audit team and outside vendors to see if it’s possible – and the early returns are very encouraging!

    In this webinar you'll find out more about how you can leverage both internal and external security researchers to help with compliance efforts, while measuring your real-world security risk.
  • Are Your Containers Compliant? Recorded: Feb 28 2018 49 mins
    Cliff Turner, Cloud Security Evangelist, CloudPassage
    If we could call out two things that are growing in importance in 2018, it’s containers and compliance. Penalties for data breaches are on the rise, all the while organizations are under increasing pressure to expand their DevOps practices and increase their agility, which leads teams to turn to containers. And while containers usher in plenty of opportunities, they can lead to compliance headaches if they aren’t properly configured.

    Join us for this webinar for helpful tips and best practices on how to create a containerized environment that works with your compliance needs.
  • Defining the cloud-enabled branch: How cloud apps drive network transformation Recorded: Feb 13 2018 62 mins
    Dan Shelton of Zscaler
    Amazon, Azure and SaaS are already on everyone's mind. When your data center workloads move to cloud, is your corporate backhaul the most efficient way to get to the applications? The migration of applications from the data center to the cloud is forcing organizations to rethink their branch network and security architectures to enable local internet breakouts. What are the challenges of local breakouts and the hybrid branch?

    Join this webcast to discuss considerations for securely moving your branch workloads to the cloud to enable a better user experience, manage costs, and reduce risk.
  • Automating Security for Cloud Services Recorded: Feb 8 2018 61 mins
    Peleus Uhley, Lead Security Strategist at Adobe
    Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that have been successfully used to address each of those challenges.
  • ISO/IEC 19086: An Overview and Application Recorded: Feb 1 2018 60 mins
    John Calhoon of Microsoft
    In this webinar, we will take a look at ISO/IEC 19086 which is an international standard for cloud service level agreements (SLAs). Specifically, we’ll discuss the impetus for establishing the standard in the first place, the scope of the work, organization of the parts, key elements and putting the standard to work. 19086 does not prescribe a template for SLAs but rather provides elements to consider when negotiating and drafting SLAs. 19086 introduces Service Qualitative Objective (SQO) as a new term and we’ll discuss the relationship between SQOs and the more traditional SLO (Service Level Objective). We’ll also discuss the relationship between SLAs and cloud service agreements (CSA) and other documents that can be part of a CSA.
  • Data-driven Cybersecurity Defense for Organizations and their Ecosystems Recorded: Jan 25 2018 30 mins
    Phil Marshall of Security ScoreCard
    Many companies rely on staticpoint-in-time security assessments to measure the cybersecurity health of their enterprise and vendor ecosystem. This approach is quickly becoming obsolete in today’s dynamic cyber threat landscape, fraught with increasingly sophisticated adversaries deploying malicious tactics to compromise your data. Continuous data-driven monitoring of security in your organization and in every vendor organization with access to your IT infrastructure is the only strategy that will keep you one step ahead of the bad guys.

    This webinar will outline how you can gain an outside-in, data-driven view of the security posture of your IT infrastructure to:

    - Empower your team with granular analytics capabilities as well as comprehensive visibility of your network and system vulnerabilities -- all from a hacker’s perspective.
    - Enable your organization to monitor the the cybersecurity health of any third party/vendor organizations
    - Uncover predictive breach capabilities
    - Prioritize areas in which organizations can apply focus to meet regulatory compliance and standards requirements
  • Returning data control to users - the next frontier for cloud security research Recorded: Jan 22 2018 46 mins
    Ryan Ko, Associate Professor, University of Waikato
    From the Uber data leakage incident to cases where photographs of young or vulnerable people are stolen and misused on inappropriate websites, there is a fundamental gap: the lack of users' control over their data once it is uploaded onto the Internet. This talk introduces some of the key challenges and scientific trends in returning data control to cloud users, and how STRATUS (https://stratus.org.nz), a 6-year NZD12.23 mil (incl. GST) MBIE-funded cloud security research project, is addressing these gaps. The talk will also cover some of the Cloud Security Alliance's contributions to the STRATUS project.
  • Introducing HubbleStack: a free, open source project to help automate compliance Recorded: Jan 17 2018 50 mins
    Christer Edwards of Adobe
    Organizations have difficulties handling security auditing and compliance that can be scaled across many teams with varying infrastructure. Adobe found themselves in the same situation and in need of a tool that could provide a window into the complexities of their infrastructure. As a result HubbleStack was developed -- a free open source project.

    Just like the Hubble telescope gives us a window into the complexities of our universe, HubbleStack gives a window into the complexities of your infrastructure. It includes components for information gathering, file integrity monitoring, auditing, and reporting. This webcast you learn:
    - Detail on the HubbleStack project
    - How Adobe has made use of it across all of its cloud services
    - How you can get and try out HubbleStack for yourself
    - How you can help us move HubbleStack forward
    - How you and others can contribute to the development of Hubblestack
  • Cutting through the Cloud Security Noise: 5 Must-have Architectural Requirements Recorded: Jan 11 2018 47 mins
    Steve House of Zscaler
    The cloud and mobility have fundamentally changed the IT landscape. Both apps and users have left the network, however traditional security has struggled to keep pace. Developing a strong cloud security strategy is important to help restore visibility and reduce risk, but what is the best approach? While there are many opinions and perspectives, the best security strategy starts in the beginning with the proper architecture. Join this webcast to hear:

    - 5 key architectural requirements your cloud security strategy can’t live without.
    - What core building blocks you need to enable and secure your users and apps
    - Learn how leading enterprises are transforming their security to cloud

    Speaker Bio:
    Steve House is a seasoned Product Management leader with over 20 years of experience in the networking and security industries. During that time, he has worked for multiple market-leading organizations including Zscaler, Blue Coat Systems, Packeteer and CacheFlow where he has a consistent track record of helping them innovate and grow their market share.

    At Zscaler, Steve leads the Product Management team responsible for driving product strategy and execution. Steve’s goal is to help the company through its next phase of growth becoming the standard Internet security platform delivered as a service to any user on any device in any location. Steve holds a Bachelor of Science in Electrical Engineering from Duke University.

    For more questions about Zscaler, go to www.zscaler.com
  • Developing a Successful Secure Product Lifecycle (SPLC) Program Recorded: Jan 4 2018 53 mins
    Julia Knecht and Taylor Lobb of Adobe
    A secure product lifecycle (SPLC) is integral to ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams.

    In this webinar, Julia Knecht and Taylor Lobb – Managers, Security & Privacy Architecture at Adobe, will explain how a team of just two security pros helped roll out a successful SPLC program that has scaled to support thousands of engineers by leveraging automation and establishing security ambassadors (champions) within the product engineering teams.

    Defining security requirements and KPIs for engineering teams is just the first step in creating the SPLC. In order to make the design a reality for several products, thousands of engineers, and millions of lines of code, Adobe’s team was organized into an “as a service” model and utilized automation to scale to meet this demand. Establishing a strong security ambassador program helped ensure the success of the SPLC. The centralized ambassador network has been crucial to the success all product security initiatives throughout the business unit.

    You’ll walk away with on-the-ground knowledge you can use to establish an effective SPLC in your own organization by establishing and utilizing security ambassadors and providing seamless automation to support these key initiatives.
  • Top 10 Public Cloud Security Recommendations Recorded: Dec 14 2017 43 mins
    Matt Keil of Palo Alto Networks
    Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.
  • Exploring CSA’s Cloud Controls Matrix (CCM) for Cloud Security Recorded: Dec 7 2017 61 mins
    Neha Thethi, BH Consulting
    As a cloud customer, vendor, security auditor or regulator, you may have been involved with ensuring security in the cloud. Although numerous standards, regulations, and controls frameworks exist to ensure compliance with security best practices, a harmonized and cloud-focused guidance can be quite valuable. In this webinar, we will explore how the CSA Cloud Controls Matrix (CCM) framework provides organizations with such a harmonized guidance and needed structure relating to information security tailored to the cloud industry. We will also discuss how the CCM addresses assurance of legal and interoperability aspects of the cloud.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Security: What You Should Be Concerned About
  • Live at: Mar 31 2016 7:05 pm
  • Presented by: Raji Samani of Intel Security and Jim Reavis of CSA
  • From:
Your email has been sent.
or close