Does WebAuthn Signal the End of Passwords for Browsers?

Wherever you are in your cloud journey, CSA research is available to help organizations transition to the cloud, enhance security in the cloud, and innovate from the cloud through their consensus-driven research and initiatives. In this session, John Yeoh connects the latest industry research for guidance and insight that is applicable to organizations across multiple cloud security positions from the private and the public sectors. Learn how to utilize resources that leverage cloud security controls frameworks, top threats reports, and more

As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.

Migration to the cloud continues, now with even greater urgency as organizations around the world transition to remote workforces and shift operations off-premises. But cloud environments can expand the attack surface and erase visibility into critical infrastructure and applications, introducing complexity—especially in the case of multi-cloud and hybrid cloud.

So where are organizations migrating workloads to, and how are they doing it? Are they lifting and shifting legacy applications to IaaS and PaaS, repackaging them using containers, or refactoring for serverless? And what’s happening after migration? Do IT and security operations think they have sufficient monitoring and security for applications running in the cloud, and if not, what are they doing to regain control? And what about hybrid organizations? Do new cloud deployments expose their on-premises infrastructure to new threats, and are their legacy security tools able to detect and respond to novel and fast moving attacks?

Join us for this webinar to learn how cloud deployments are affecting security and operations teams, and how they are responding to the myriad challenges associated with enabling and securing growing businesses and remote workforces.

TBDCloud has seen the typical technology pendulum swing experienced by most innovative technologies.
Organizations started with the all in cloud first model only to have to later step back and take a more
moderate approach. Yet cloud continues to thrive. I will discuss:
 Why do organizations struggle with cloud?
 The importance of strategy
 The impact on security, risk and compliance programs
 The impact on business process and operations

CSA STAR is being recognized as the international harmonized solution, leading the way of trust for cloud providers, users, and their stakeholders, by providing an integrated cost-effective solution that decreases complexity and increases trust and transparency.

The STAR Registry holds close to 1000 top Cloud Service Providers that apply to STAR Level 1 and or 2 Self-assessment or certification. Close to 20,000 people each month visit the STAR Registry to view vendor analysis.

Join CSA’s John Yeoh, Global Vice President of Research; Luciano (J.R.) Santos, Chief Customer Officer; and John DiMaria, Assurance Investigatory Fellow; as they team up with one of the top cloud security consultants from Booz Allen Hamilton to answer your questions in this special CSA Town Hall.

If you’re eager to learn how you can elevate your Access Management journey, especially with the swift, mass pivot to remote work, don’t miss this webinar. The workforce to protect continues to expand, and everyone needs remote access, bringing more third-party devices and BYOD into the network environment.

In this session, security and technology experts Leya Leydiker and Ganesh Umapathy, Product Managers at Duo, will share a simple framework for Zero Trust that can help guide your journey. Suitable for organizations of all sizes.

The challenges that organizations are facing today are increasingly more complex than the past. A global health crisis, an unstable economy and changing dynamics of business risks and opportunities make decision making difficult. These reasons, coupled with ever evolving changes to compliance rules and regulations makes driving a successful Third Party Risk Management Program challenging.

Throughout this webinar, our speakers - Optiv’s Director of Security Operations, Chad Peterson, along with SecurityScorecard’s Lead Systems Engineer, Matt Barth - will discuss:
- Strategies on how to accurately and efficiently assess your high priority vendors.
- Best practices on how to create a Third Party Risk Management Program that is efficient but can scale effortlessly using automation and technology.
- Why going beyond the questionnaires and risk scores by providing the human element to third party vendors will build a sturdy foundation for a program that is equipped for the future

Mr. Baldwin will define and discuss several new initiatives that FedRAMP is working on in response to feedback for their users including: Open Security Controls Assessment Language (OSCAL), Threat-based Risk Profiling, and Agency Liaison Program. These initiatives are all interrelated and designed to simplify the FedRAMP process, grow the cloud security marketplace and provide guidance to CSPs.

With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important. A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.

Strong IAM governance is the key to preventing data breaches and limiting the blast radius should a security incident occur. Join Tyler Smith, Senior Cloud Security Engineer at Allstate, along with Chris Hertz of DivvyCloud by Rapid7 for a discussion on why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how leading organizations like Allstate are governing cloud IAM to reduce risk and the chance of a data breach.

Key takeaways include understanding how to:
- Gain visibility to assess, prioritize and remediate improper permission combinations that grant unintended or overly permissive access.
- Establish and maintain least privilege.
- Limit cloud security blast radius.

How Automation, Templates, and Autonomy Deliver Security with Agility in the Cloud

Organizations are moving more workloads to the cloud. At the same time, industry surveys indicate that security remains high on the list of reported cloud challenges. The goal remains the same: enable teams to use the cloud to drive agility and innovation while remaining secure and compliant in the process.

The concept of shift left - moving security earlier in the development process - is a recognized tactic to improve your security posture. We'd add to that the concept of shift down. When you shift down your security efforts properly, you put in place the boundaries developers can work within without hampering productivity and innovation.

In this webinar, you'll get proven tactics and real-world examples to help you ensure security in the cloud with minimal impact to agility:

- Identifying and implementing automation opportunities to ensure security without labor-intensive efforts

- Creating and rolling out a templatized approach to security that gives cloud teams autonomy and jumpstarts development

- Using and integrating technology solutions to help speed access to and use of the cloud in a compliant manner

Understanding threats and shared responsibility that all Federal agencies have is key to building confidence in security. How has the government and Industry addressed these challenges and are they making progress? Dr. Spina will build on her assessment from the 2018 and 2019 Federal Summits and talk about success areas and challenges.

With the shift to work from home, cloud security is a bigger concern than ever. As the network perimeter is replaced by a user-defined security perimeter, enterprises need a people-focused approach to threat detection and data protection in the cloud. Organizations have adopted or plan to adopt Cloud Access Security Brokers (CASBs) to help them.

Join Proofpoint and CSA experts as they discuss the findings of a newly conducted research among security professionals to determine the needs of enterprises from CASBs, and whether or not their expectations are being met.

In this session, they will explore:

- Where is CASB on the adoption curve?
- How security professionals use CASB for visibility, compliance, data security, threat protection and access control
- Effectiveness and next evolution of CASBs

Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

Join this session to learn more about:

- Common vulnerabilities and threats that increase security and compliance risks
- Balancing governance with the flexibility needed for developer productivity
- Specific steps you can take to measure and improve security posture
- Lessons learned from scaling these processes to support a growing cloud environment

Businesses are facing escalating security threats in the wake of the COVID-19 pandemic, which raises questions about the security of everyone’s private and personal data. Many companies are struggling with resource strains, operating in a remote environment, and disrupted supply chains. The pressure of compliance with data protection regulations only adds fuel to the fire.

Join IntSights for a webinar on July 2nd as their data privacy experts will break down:

• Key findings from IntSights' report on data security in the healthcare sector
• Steps businesses can take to help accelerate their efforts to enhance data protection
• How the application of cyber threat intelligence can enhance the visibility and understanding of organizational data security policies

58% of organizations are now viewing security compliance requirements and costs as a barrier to entering new markets. Their only choice is to reinvent their approach to compliance. While the vast majority of enterprises are turning to the public cloud to simplify innovation, 93% are invested in more than one cloud. Considering security models and controls vary widely across public providers, and even more so between the cloud and on-premise environments, the most cost effective approach to compliance is one based on principles and behaviors that are cloud and environment agnostic. Enter DevSecOps in the Hybrid Cloud.

As organizations take advantage of various cloud services for innovation and growth challenges arise at every phase of the security strategy, migration, monitoring, and threat management cycle. How do you detect what services are being used, monitor configuration drift of containers and other resources? How do you ensure your organization is collecting the right data and performing deep packet inspection on flows to ensure attacks are quickly detected?

Join this webinar to learn how to approach your multi cloud journey and obtain visibility into each part of this fragmented infrastructure as if it was your own.