Hi [[ session.user.profile.firstName ]]

Managing Top 6 Risks with Cloud Service Providers

In this webinar, we'll cover the following...

•Review top six risks with today’s cloud service providers.
•We will analyze these risks, consider the business impact and show
you how to proactively manage cloud risk by automating security for
your cloud management accounts.
•We will use the AWS CIS foundation benchmarks and the CIS Controls to
guide our selection of examples for our discussion.
•With a growing attack surface, it’s important to be aware of the
risks associated with cloud technology in order to secure and manage
it properly.
Recorded Aug 21 2018 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Cliff Turner, Senior Solutions Architect at CloudPassage
Presentation preview: Managing Top 6 Risks with Cloud Service Providers

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Securing Cloud Infrastructure with Cyber Exposure Jun 6 2019 4:00 pm UTC 60 mins
    Nate Dyer, Product Marketing Director, Tenable
    Cloud is dramatically expanding your attack surface and introducing new visibility challenges into infrastructure security. Without foundational visibility, it’s nearly impossible to execute other cloud security programs supporting compliance, policy enforcement, and vulnerability remediation. Cyber Exposure is a cybersecurity discipline to provide visibility into traditional IT and cloud infrastructure to help you manage and measure cyber risk. Cyber Exposure allows you answer three fundamental questions in your cloud environment:
    - Where are we exposed?
    - What should we focus on first?
    - How are we reducing exposure over time?

    Join us as we demystify Cyber Exposure, show how it can help you secure cloud infrastructure, and provide best practices to help you get started on your Cyber Exposure journey.
  • Embracing the Kanyes: Fostering a Security Culture that Accepts Human Error May 30 2019 5:00 pm UTC 44 mins
    Aaron Zander, Head of IT, HackerOne & Gen Buckley, Senior Analyst, Security, and Compliance, Okta
    It's easy blame employees for poor password and email hygiene, but in reality, human error isn't going to go away. Every organization will always have a "Kanye" with poor operational security and weak passwords. IT and Security teams have to acknowledge the “desire paths” across the security landscape, and ensure that we not only keep up, but facilitate ease of access while maintaining our security perimeter.

    There’s no guarantee on the tech savvy nature or level of care an employee will bring to the table, so we need to move the table closer to them and provide a safe harbor where mistakes are allowed to occur. In this session Aaron Zander, Head of IT for HackerOne, and Gen Buckley, Senior Analyst for Security and Compliance at Okta, will discuss the various ways to enable a security culture without crippling your coworkers.
  • GDPR: Data breach prevention & mitigation - Lessons learned in the past year May 28 2019 4:00 pm UTC 60 mins
    Istvan Lám, CEO, Tresorit & Daniele Catteddu, CTO, Cloud Security Alliance
    Organizations in and outside the EU had to take significant measures to revisit the way they stored, shared and processed personal data in preparation to the entry into force of the General Data Protection Regulation (GDPR) on 25 May last year. However, compliance with the GDPR is not a tick box activity, it requires continuous evaluation of data flows in and outside the company.

    This webinar brings together Daniele Catteddu, Chief Technology Officer of the Cloud Security Alliance (CSA) and Istvan Lám, CEO of Cloud encryption company, Tresorit to discuss the key learnings since the GDPR entered into force with focus on data breach prevention and mitigation.

    The speakers will reflect, in particular, on the following aspects:
    - Key learnings from data breach notifications & fines imposed so far
    - Best practices for breach detection and reporting
    - Challenges regarding the assessment of the severity of personal data breaches
    - The most common types of data breaches and how to mitigate their impact
    - Assessment of real-case data breaches, determination of what went wrong, and discussion on the implications for compliance with the GDPR going forward
  • Scaling Cloud Forensics & Incident Response with OSQuery May 23 2019 5:00 pm UTC 60 mins
    Sohini Mukherjee, Security Analyst & Andres Martinson, Sr. Security Engineer, Adobe
    An enterprise has a diverse environment (cloud instances, servers, workstations) in which to try and detect potential security incidents. The ability of an incident response team to work quickly and at necessary scale is imperative when incidents do unfortunately occur. After an initial compromise, attackers often move laterally in an environment, trying to establish a foothold and escalate privileges. While they try to remain stealthy, they almost always leave behind footprints. Detecting and analyzing these footprints quickly and accurately to scope the issue is critical.

    This webcast will explore a scalable approach developed by the Adobe security team that relies on open source tools like OSQuery. The goal was to develop techniques that can be leveraged to more quickly and easily investigate large groups infrastructure components for initial triage, basic forensic analysis, and to also help proactively detect threats. Attendees will learn about the techniques we developed that they can then go apply to their own environments to help with their incident response efforts in the cloud.
  • Eliminate Vulnerability Overload – take Nessus Scan data to the next level May 21 2019 3:00 am UTC 60 mins
    Robert Healey | Senior Director Marketing, Asia Pacific
    Nessus has been around for 21 years now and with over 109,000 vulnerabilities in its scan database, is the undisputed global standard tool for Vulnerability Management, that everyone uses, knows and loves. Nessus is a great tool but unfortunately in any medium or large organization, with Nessus alone, you will soon be buried in a mountain of unprioritised vulnerability data. Join this webinar to see how Predictive Prioritization from Tenable combines asset, vulnerability and threat intelligence data to enable you to reduce the number of vulns you need to address by up to 97%, while significantly improving your overall security.
  • The Rise and Fall and Rise of the Edge: Penn State & Duo on the Zero-Trust Strat Recorded: May 9 2019 53 mins
    Steve Manzuik, Director of Security Research at Duo Labs & Keith Brautigam, Director of IAM at Penn State
    In this webinar you will learn:
    - Real examples from Penn State of how network topology has gotten exponentially more complicated
    - Why attackers have shifted from systems-focused to data-focused attacks
    - What the evolution of IoT and BYOD-rich environments means for security teams

    We’ve come a long way from the days of mainframe systems and a security strategy that ended at the edge of your network perimeter. Few security teams are more familiar with this evolution than those working in higher education: between research labs and large student populations bringing in a fresh wave of their own devices every year, you’ve had a front-row seat to this network metamorphosis.

    Penn State's Director of Identity and Access Management, Keith Brautigam, and his team are addressing these new challenges by adopting a zero-trust strategy. Duo is an integral element in that strategy, checking with each new connection whether a user and device should be allowed access. In this session with Steve Manzuik, Duo Lab’s Director of Research, they will explore how the Internet of Things (IoT) is unintentionally driving this perimeter-less movement through devices such as Industrial IoT (aka IIoT), wearables, and a unique new technology that is worth exploring for its wider implications: the hearable.

    Join us for an expert discussion on why the perimeter is going the way of the dinosaur, how smart security teams are adapting, and what is coming next.
  • Extending Zero Trust to the Cloud: Real-World Business Challenges and Benefits Recorded: May 2 2019 61 mins
    John Kindervag from Palo Alto Networks & Rob LaMagna-Reiter from FNTS
    Much has been written and spoken about Zero Trust and the principles of “never trust, always verify” as a means for enterprises to implement effective network segmentation. As the model has been embraced, Zero Trust evolved to become a strategic Cybersecurity initiative that major enterprises align to in order to prevent successful cyberattacks. However, Is it a security buzz word or a real-world effective security strategy?

    Watch as Palo Alto Networks® expert and founder of Zero Trust, John Kindervag discusses the “whys and hows” of extending a Zero Trust architecture to the public and private Cloud and Rob LaMagna-Reiter, FNTS CISO, about their successful Zero Trust cloud operation, the business drivers and strategy, and the technical and cultural challenges and achievements that have quickly delivered the business results and benefits desired.
  • The Rise of Privacy in the Cloud Era Recorded: Apr 25 2019 62 mins
    Neil Thacker, CISO, Netskope
    In a globally connected world where the number of cloud applications consumed by organisations rises daily, the challenges associated with protecting data and individual’s privacy are therefore also on the rise.

    In this webcast we will look at some of the challenges associated with privacy including:
    - Understanding contractual obligations
    - Managing the geolocation of data
    - Applying data transfers mechanisms and controls
  • Top “Must Do” Steps for Securing Your Public Clouds Recorded: Apr 18 2019 58 mins
    Greg Mayfield, Sr. Director, Product Marketing & Michael Koyfman, Principal Global Solution Architect at Netskope
    Many enterprises have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like Amazon Web Services, Microsoft Azure and Google Cloud Platform. While cloud computing has made it simple to spin up a new server without waiting for IT, this can also be a security nightmare. A simple misconfiguration or human error can compromise the security of your organization's entire cloud environment. Furthermore, "Cloud as an Attack vector"-based threats are increasingly breeding in IaaS, PaaS and SaaS environments to compound organizational risk. Good security hygiene should always be an integral part of any public- or multi-cloud environment, however, this isn’t the reality for many organizations.

    Join Netskope for a lively session in which you’ll learn about some common cloud threats and security mistakes made by SecOps and CloudOps admins and how to avoid them.

    In this webcast you will learn about:
    - How to detect and remediate common misconfigurations in your cloud infrastructure
    - How to identify and stop some of the top "Cloud as an Attack vector"-based threats (e.g. cloud phishing, malware, open redirection, coin miner attacks)
    - How to follow best practices and maintain continuous compliance in your clouds.
  • Organisational Behavior for Cyber Risk Governance Using Security Ratings Recorded: Apr 10 2019 61 mins
    Matthew McKenna, Vice President, International Operations, SecurityScorecard
    This webinar will take a case study approach to demonstrate how security ratings can be leveraged to gain insight the cyber risk governance of organisations. Are organisations working in a structured manner to address cyber risk or are they purely reaction driven? We will look at organisations that have been breached in the last 12 months and explore what insights we can gather from trending across multiple security domains, including network security, DNS health, patching cadence, application security and endpoint security. We will explore how security ratings can help us take proactive measures to help mitigate risk to ourselves or our supply chain and collectively apply better and more disciplined governance.
  • Preventing AWS Misconfiguration and the Risk of Data Breaches Recorded: Mar 28 2019 63 mins
    Josh Stella, Co-Founder and Chief Technology Officer, Fugue
    Today’s enterprise needs to move fast at scale in the cloud, but the dynamic and complex nature of the cloud has introduced a significant new risk: a data breach due to misconfiguration and human error. In large enterprise cloud environments, it’s not uncommon to have tens of thousands of resources spanning hundreds of AWS accounts. This creates a challenge for security and compliance teams: How can you ensure critical data is secure and your AWS environments always adhere to policy—without deploying an army of cloud security engineers? Join Fugue as we explore why AWS misconfiguration is such a pervasive problem and how you can successfully address it. You’ll learn how to:

    - Prevent misconfiguration in your DevOps workflow
    - Identify critical misconfiguration events when they occur
    - Remediate misconfiguration and drift using automation
    - Measure your misconfiguration risk—and your success in addressing it
  • Cloud Security Top Threats:How to Secure the Future While Learning from the Past Recorded: Mar 27 2019 45 mins
    Dan Hubbard, Chief Product Officer, Lacework & John Yeoh, Director of Research, CSA
    IaaS/PaaS providers like AWS, Azure, and GCP are increasing the productivity of our developers-- making our organizations extraordinarily agile. That same agility must be matched with security and compliance measures of the same speed and scale.

    The vast majority of cloud security threats are from misconfigured IaaS instances, compromised accounts, and insider threats but there's emerging threats on the rise as well. And you’ll need deep visibility into your workloads and containers to fight back.

    Join us for a live webinar with Dan Hubbard, inaugural CSA Research Fellow, co-inventor of the CSA top threats, and Lacework CPO on the current and emerging threats to public cloud and how best to automate security and compliance across AWS, Azure, and GCP, including:

    - Current and emerging threats to AWS, Azure, and Google Cloud environments
    - Recommendations on how to prevent, detect, analyze, and respond to cloud cyber attacks
    - How to move away from a network-centric mindset and adopt a cloud approach
    - How to automate security and compliance across AWS, Azure, GCP, and private clouds
  • BigID, AWS, & Cloud Security Alliance Webinar Recorded: Mar 14 2019 54 mins
    Nimrod Vax, BigID Head of Product & Bill Reid, AWS Senior Manager, Leader, Security and Compliance Solution Architecture
    Protection & Privacy in the Cloud: Operationalizing Privacy in AWS Environments

    New privacy regulations like GDPR and CCPA make finding and protecting personal information more critical than ever. This means being able to identify both PII and contextual PI by person at scale. This Webinar featuring BigID’s Head of Product and AWS's Leader of Security and Compliance Solution Architecture will examine best practices for finding, protecting and automating PI/PII-centric privacy tasks at scale.

    What You Will Learn:
    - How to find PII/PI across AWS
    - The difference between Protection and Privacy
    - How to actualize privacy tasks like DSAR
    - The role of ML in cloud-first privacy engineering
  • Third-Party Cloud Management Recorded: Feb 28 2019 53 mins
    Sam Abadir, Vice President of Industry Solutions, Lockpath
    Cloud computing offers massive scalability, availability and low-cost services as major benefits, but as with most new technologies, it introduces new risks. Because there is so much opportunity in the cloud, the cloud service provider network is continuously growing. Service providers are using different technologies, different standards, and like all companies have different competency levels.

    A couple of the major challenges organizations have when using cloud computing is managing these third-party operational and security risks. As more technology is moved from your company’s infrastructure to cloud, understanding and management of these risks often overwhelms technology and procurement teams.

    This can be managed if an effective third-party framework is put into place, appropriately managed and cross-organizational guidelines are being followed.
  • CSA Summit at RSA Conference 2019 Preview (Part 2) Recorded: Feb 26 2019 16 mins
    McAfee and IBM
    Want to know what you can expect at CSA Summit at RSA Conference 2019? Join this webinar to get a preview of....

    Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
    As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud. Hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances.

    Lessons from the Cloud
    Large enterprises are rethinking technology and data to build a platform for the future and cloud is at the center of this transformation. During this session we will discuss key drivers for cloud adoption, regulatory landscape, building effective controls and solutions, and the cloud journey for large organizations.
  • Is multi-cloud a cost-cutter or complexity adder? Recorded: Feb 21 2019 52 mins
    Petri Kallberg, CTO at Nordcloud Finland & Markku Rossi CTO at SSH.COM
    The cloud promises to bring savings, agility and scalability. All of this is attainable provided that you know which services to choose for which purpose and how to set up your environment properly. Join multi-cloud experts from Nordcloud and SSH.COM for this exclusive webinar hosted by Cloud Security Alliance where we will discuss the following topics:

    •Why vendor-lock might not be your best option in the cloud
    •Why ensuring the best possible privileged access experience for developers and administrators is vital for your business
    •How to make daily access routines operationally efficient with automation
    •How to choose best-of-breed services for the cloud based on your business needs
    •Why existing cloud vendor or legacy solutions might sometimes add increase costs
  • CSA Summit at RSA Conference 2019 Preview (Part 1) Recorded: Feb 19 2019 18 mins
    OneTrust and Cyxtera
    Want to know what you can expect at CSA Summit at RSA Conference 2019? Join this webinar to get a preview of...

    - From GDPR to California Privacy: Managing Cloud Vendor Risk
    Managing vendor risk is a continuous effort under GDPR, California CCPA and other global regulations. As organizations continue to improve their privacy and security programs, streamlining 3rd and 4th party vendor risk has become a priority. This includes everything from filling out vendor assessments, such as the CSA CAIQ, getting sufficient guarantees from your vendors to efficiently working with them during an audit or incident and much more. In this session, you’ll learn how to implement successful vendor risk processes, expedite vendor onboarding, and hear practical advice to automate vendor risk management within a software technology platform.

    - Can you trust your eyes? Context as the basis for “Zero Trust” systems
    In a digital world, you can’t trust everything you see. While the digital transformation has created countless benefits for enterprises, it has also made it possible to easily disguise reality, increasing the difficulty and complexity of security. Authenticating users and controlling access to critical workloads is challenging, due to the many vulnerabilities that only require network access, and security systems that neglect a key component: context. In this session, Cyxtera VP of Products and Co-Chair of the CSA Software Defined Perimeter Working Group discusses shortcomings with current authentication and authorization protocols, requirements for a consistent and effective security model, and portrays a way forward with a dynamic, context- based security solution.
  • Avoid the Breach with Effective Application Security Testing Recorded: Feb 13 2019 41 mins
    Andrew Dunbar, VP of Security Engineering and IT at Shopify and Luke Tucker, Senior Director of Marketing at HackerOne
    Security is a top priority for e-commerce giant Shopify, with over 800,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Join Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne as they discuss best practices for testing and securing your cloud-based web applications. The session will also cover how you can scale application security for high-growth DevOps organizations and the tools and programs Shopify relies on to reduce security risk.

    In this webinar, you’ll learn to:
    - Develop and improve your application security strategy
    - Discover and manage critical vulnerabilities effectively
    - Scale security for high-growth organizations—with a DevOps methodology
    - Identify systematic issues and root causes to reduce long-term risk
  • The Top 10 Things I Learned by Phishing my Company Recorded: Feb 7 2019 50 mins
    Steve Edwards, Manager - Corporate Security Engineering, Duo
    Ninety-one percent of organizations in a recent TechValidate survey say they have seen phishing attacks on their organization in the past year. What’s more, 42% report more than 10 phishing attacks on their network in that time. What can be done to reduce these risks and protect your data and users? Phishing simulation tools are a powerful way to see how many and which employees are prone to fall for phishing attacks. With this information in hand, you can determine how to train those who are susceptible to avoid these attempts, and provide the tools to protect against them.

    In this webinar you'll hear from Steve Edwards, who manages Duo's Corporate Security Engineering team, on his experience conducting internal phishing campaigns at education and tech organizations. In addition to interesting metrics and appropriate techniques that come from phishing simulations, Steve has 10 valuable lessons to share. Join us on February 7 for this webinar to learn several unexpected things about phishing, your company, and human psychology.
  • Want Better Management of Cloud Security Risk? Live Where Your People Live Recorded: Jan 31 2019 56 mins
    Julia Knecht, Manager for Security and Privacy Architecture, Adobe
    Expecting your (relatively) small staff of security specialists we all have to handle security, risk management, and good governance entirely on their own is a recipe for disaster. While specialists are critical to ensuring products and processes are designed well, promote security, and ease compliance, real security and good governance requires dissemination of knowledge throughout the organization. To truly understand what you are securing, and who does that work, you have to play in their sandbox, integrate into their existing processes, remove overhead wherever possible, and gather that data, data, data… did I mention the data? To scale, push knowledge and requirements downstream as much as possible, in the language your teams can use.

    To scale to properly meet evolving risk management and compliance challenges, your own teams need to operate as a service. Automate processes wherever possible to help capture the necessary data to ensure good security is happening – and constantly evolve and improve the quality of that information to ensure it is driving expected behavior. Flow that data into simple dashboards that can help executives understand that things are really working as expected, and where they need to take action. After all, if you can't explain it simply, you don't understand it well enough. In this talk you’ll learn from Julia Knecht how Adobe was able to make this work in relatively short order and how you can take all of the best practices we learned and developed back to your organization and create your own “culture of security.”
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Managing Top 6 Risks with Cloud Service Providers
  • Live at: Aug 21 2018 5:00 pm
  • Presented by: Cliff Turner, Senior Solutions Architect at CloudPassage
  • From:
Your email has been sent.
or close