Future Proofing the Connected World - 13 Steps to Developing Secure IoT Product
The CSA IoT Working Group released guidance in October 2016 focused on providing IoT product developers with recommendations for securing their products. This panel discussion will explore different perspectives on how the guidance can best be used by organizations seeking to secure IoT products. We will also discuss how to prioritize your security engineering efforts based on schedule and funding constraints.
Steven Markey, nControl LLC
Brian Russell, Leidos
Drew Van Duren, Security Innovation
Ron Del Rosario, Five9
Elizabeth Lawler, CEO Conjur
RecordedNov 29 201654 mins
Your place is confirmed, we'll send you email reminders
The principle of least privilege access – in which all human and machine identities should have only the permissions essential to perform their intended function – is a cloud security best practice promoted by cloud providers like Azure, GCP and leading industry frameworks like MITRE ATT&CK and Cloud Security Alliance’s Cloud Controls Matrix. In this webinar, attendees will learn about the risks of overly broad permissions and how to address them.
What you’ll walk away with:
- Discover the role of excessive permissions in data breaches
- Learn best practices for identifying and remediating excessive permissions in cloud environments
- Explore free and open source tools to gain visibility across multiple cloud environments
- Develop a plan to continuously verify least privilege and meet regulatory + Industry compliance objectives
Moderator: Dr. Hing-Yan LEE, Panelists: FONG Choong Fook, Ser Yoong GOH, Victor LO, Philip VICTOR
The global pandemic and the associated lockdown in many countries have been an inflexion point in the adoption of cloud computing; we have observed increased usage and adoption. The increased usage as well as new cloud adoption during the current crisis is a positive outcome of the lockdown. The distinguished panel will offer their views and perspectives.
The current COVID19 pandemic outbreak has arguably been a wakeup call for most organizations that faced increasing difficulties operating from the traditional on-premise model. Unknowingly, many organizations might not have been aware that they have been directly or indirectly accessing a wide variety of cloud computing services with services such as Microsoft 0365, emerging technologies such as Internet of Things (IoT) and practices such as big data analytics. As another example, Malaysia's central bank releasing of its Risk Management in Technology (RMiT) guidelines last year has arguably spurred disruption that led to more rapid digital transformation which includes the movement to the cloud within the financial services industry. Based on the guideline's recommendation, financial institutions could adopt cloud services as long as they have performed comprehensive risk assessment prior to the adoption.
This presentation will deliver awareness of cloud security by covering some of the common cloud risks and potential challenges faced with cloud adoption. There will be sharing as well of appropriate security controls be it from management or assurance perspectives that organizations should consider when moving to the cloud.
Sureen SUBRAMANIAN, Dr. Hing-Yan LEE, Dato' Dr. Haji Amirudin bin Abdul WAHAD
Sureen SUBRAMANIAN (Chairman, Protem Committee, CSA Malaysia Chapter)
Dr. Hing-Yan LEE (EVP APAC, CSA)
Opening Keynote - Cloud Security Landscape: Challenges & it's Possible Solutions
Dato' Dr. Haji Amirudin bin Abdul WAHAD (CEO, Cyber Security Malaysia)
The topic will cover the current digital landscape whereby the population is now highly connected and due to the global Covid-19 pandemic the interconnectivity also increases exponentially. It also relates to the convergence of technologies, which adds more complexities to the cyberspace. Due to these complexities it has created a lot of concern on the risk to the users, organizations and industries. Apart from that, it has also created opportunities for unscrupulous persons to conduct illegal activities, scams, Denial of Services (DOS) and disruption of businesses online. Over the years, there were a lot of viruses and malwares that created a lot of problems and disruption not only on the personal level but also to giant corporations and nations.
The presentation also includes cloud security precautionary measures on how to overcome the security and privacy challenges. Like any other digital technology, cloud computing is also vulnerable and open to cyber abuses and cyber threats which are quite rampant in some parts of the world. Another issue would be about policies governing the usage of cloud computing when the server is based abroad and could only be accessed by a few for importing of data
domestically. There could be some legal ramifications on such matters.
The biggest shift due to COVID-19 was the immediate move of the workforce to the “home office.” But the "home office" is really just your home environment and your organization’s computer. This leaves employees vulnerable without the comprehensive cyber defense protocols corporate office networks provide. Threat actors have identified this and are actively taking advantage of the situation.
In this session, we will cover the various attacks targeting the “home office,” how attackers can easily collect data about their targets, and what type of data cybercriminals have been selling in underground forums in the past year.
Engage early, engage often. Continuously delivering products with enhanced security capabilities in a cross-functional, multi-platform environment is no easy task; It takes a lot of commitment to collaborate and communicate on the part of every individual involved throughout the development process, especially when working with globally dispersed teams. To overcome these challenges, organizations should leverage five principles of collaboration to help their security and compliance teams collaborate more effectively and efficiently with their product development and operations teams. By adhering to these collaboration principles, organizations can improve efficiencies throughout their products and services while keeping their internal stakeholders happy.
Join Sandhya Narayan, Principal Program Manager at Adobe, as she discusses these principles and how Adobe applies them to improve collaboration between their security, engineering, and operations teams throughout the company.
In this CloudBytes webinar, Cloud Security Alliance CEO Jim Reavis will go into a hypnotic trance and summons otherworldly forces to banish 2020 and all of its evil incarnations into an endless pit of fire, freeing humanity from its evil clutches. Jim will also review the current state of cybersecurity, how the industry has coped with the unexpected events, how cloud has functioned, how businesses are pivoting and what meaningful lessons we take from the year.
Budi Hermawan, Hana ABRIYANSYAH, Andri PURNOMO, Fransiskus INDROMOJO, Muhammad SUHADA, Densi REFWALU
Panel Discussion : Cloud Security Threat Landscape in the New Normal
The pandemic has accelerated the digital transformation initiatives of many organizations in the Indonesia. Local companies jumped to the cloud with survival response as the prime consideration. Join our fellow panelists in this panel discussion on the business impact of the top threats on the Cloud. We will also discuss on the cloud-security-first mindset and how CSA can help the industries in Indonesia in their cloud security journey.
Moderator: Budi Hermawan (Education Director, CSA Indonesia Chapter)
Hana ABRIYANSYAH (CISO of Midtrans and VP of Information Security at GO-JEK)
Andri PURNOMO (VP IT Security, Dana Indonesia)
Fransiskus INDROMOJO (Senior Technical Specialist, Microsoft Indonesia)
Muhammad SUHADA (VP Information Technology, PT Blue Bird Tbk)
Densi REFWALU (Marketing Director, CSA Indonesia Chapter)
Rudi LUMANTO (Chairman, Cyber Security Incident and Resilience Team of Indonesia)
Cyber Threat Intelligence is known as cyber threat knowledge or information which is expected to help implement more effective security controls to provide us with various advantages in building a safe cyber environment. Organizations are then become more proactive rather than reactive to cyber attacks, they are also quicker to mitigate risks and respond to incidents. However, with the rapid development of cyber space and our entry into the industrial era 4.0, threat information become abundant, the biggest challenge for CTI is to provide right information in the right time, so that it will not only technically help but also be useful in decision-making. CTI that only provides non-selective information will eventually become regular news that will not have an impact on increasing cybersecurity awareness. This presentation tries to provide some information on the CTI in Indonesia and see whether it is effective or not to bring awareness to the public or its decision makers. Which intel threat can make us more concerned about our cyber situation?
Customers are turning to the cloud to reduce capital expenses and increase agility as part of their digital innovation (DI) initiatives. Despite the benefits, cloud migration results in business-critical data and services being scattered across clouds and data centers. This leads to an expanded attack surface and a corresponding increase in security risk.
Some organizations are unknowingly stumbling into a new security paradigm - the shared responsibility model, a model that is built on the assumption that the cloud infrastructure will be secured by cloud providers, while security for services used in the cloud are the responsibility of the organization.
The Fortinet Security Fabric was purpose-built to close these cloud-driven security gaps through native integration with public cloud infrastructures, a broad set of security services and products, and cross-cloud security management, automation, and analytics.
Faisal YAHYA, Dr. Hing-Yan LEE, Semeul Abrijani PANGERAPAN
CSA Indonesia Virtual Summit 2020
Faisal YAHYA (Chairman, CSA Indonesia Chapter)
Dr. Hing-Yan LEE (EVP APAC, CSA)
Cloud Computing & Cloud Security Landscape in Indonesia: Challenges & it's Possible Solutions
Semeul Abrijani PANGERAPAN (Director General of ICT Applications, Ministry of Communication and Information Technology, Indonesia)
Vinay Venkataraghavan, Technical Director, Office of the CTO - Prisma Cloud, Palo Alto Networks
Infrastructure as Code and Security Automation for Container Native Applications
Competition and the pursuit for business superiority is shortening product to market cycles, requiring enterprises to reevaluate current application architectures. It doesn’t take long to come to the conclusion that the “right” solution requires embarking on a journey of digital transformation, involving the rapid adoption of the cloud, containers, microservices and devops processes. However, the combination of deploying container native applications at scale, as immutable infrastructure and frequent deploy and tear down cycles, has required DevOps to automate all aspects of the infrastructure as well as security.
In this talk we introduce the “Cloud Security Automation Stack”, which is a framework for representing all aspects of infrastructure and security as code, coupled with automation, applied throughout the build, deploy and run phases. In this manner DevOps and Security teams leverage automation and infrastructure as code with security natively injected at the appropriate points, in order to secure critical cloud native assets. Additionally, in this talk we will demo the adoption of the Cloud Security Automation Stack to comprehensively secure microservices running as containers on the Kubernetes platform.
Nabil Zoldjalali, Director of Cloud Security, Darktrace
As workforces look to remain remote for the long term, the cloud has become ubiquitous. Yet human security professionals relying only on conventional security tools continue to struggle to secure the complexity of today’s hybrid and multi-cloud topologies - in fact, only 22% of organizations feel they have adequate visibility into their cloud applications and infrastructure.
Businesses are increasingly turning to AI as a uniquely dynamic solution to detect and defend from novel threats that emerge on cloud and SaaS environments – which the global workforce continues to rely on in today’s remote working landscape.
Discussion will include exploration of the latest cloud and SaaS real-world threat trends including:
- A malicious file download in Box.com
- Crypto-mining malware inadvertently installed
- Developer misuse of AWS cloud infrastructure
Randy Franklin, VP and Market GM, and William Kokolis, DevOps Practice Lead, Terazo & Bryan Jones, Solutions Architect, Cloud
Shifting security left empowers DevOps teams to create secure software and infrastructure by giving them the tools and indicators to detect and mitigate potential security problems prior to release. Learn how your DevOps teams can take ownership of your security posture by implementing gating functions that prevent insecure software from being promoted to production.
Join this webinar, as Terazo covers the governance and technical aspects of implementing DevSecOps. They will discuss the stages and actions they take to improve the resiliency of software development and delivery, including:
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa
Future Proofing the Connected World - 13 Steps to Developing Secure IoT ProductBrian Russell, Drew Van Duren, Steven Markey, Ron Del Rosario; and Elizabeth Lawler[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]53 mins