Name: Emerging Top Threats in Cloud Computing – What We Can Do About Them
Start: 2020-07-15T06:00:00Z
End: 2020-07-15T06:46:01.000Z
Location: BrightTALK
Rating: 4

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Cybersecurity is not just about securing a network, monitoring threats, or identifying vulnerabilities. Consider exactly what you are protecting: intellectual property, trade secrets, and employee and customer data. The loss, damage, or disclosure of this information can also have consequences at a regulatory level.

What has changed in recent years is the realization that risk management and zero trust go hand in hand. Security and technology leaders must protect sensitive data and assets in order to meet their governance objectives and be in compliance with regulations. Through the adoption of zero trust principles, organizations advance their cyber architectures and better protect their users, data, and reputations.   

Sounds great in theory, but what steps do organizations need to take to align zero trust  solutions with their own governance structures and compliance mandates?

Sean Cordero, Zscaler CISO - Americas, and Pam Kubiatowski, Zscaler CTO - Americas, will walk you through the practical methods that leading enterprises have used to successfully implement a zero trust architecture solution, with risk management and mitigation initiatives at the forefront.

The Zero Trust Advancement Center is hosting free monthly webinars about one of the most widely talked about cybersecurity trends today. Zero Trust experts will guide you through the ins and outs of this increasingly popular approach to cybersecurity, helping you come to an understanding of why Zero Trust is needed today, what the key principles are, and how to implement it into your business planning, enterprise architectures, and technology deployments. Learn more at https://csaurl.org/zeroinseries.

The role of zero trust in improving corporate governance and compliance

Modern attacks like ransomware and supply chain attacks can start from anywhere in the kill chain –  endpoints, identities or cloud workloads. Zero Trust, if deployed correctly, can be the answer to increasing real-time security coverage and reducing the attack surface in the hybrid enterprise. 

However, with the rapidly evolving adversarial tactics and techniques behind modern attacks, organizations need to not only operationalize Zero Trust, but to do so with minimal disruption to business operations and complete integration with existing systems.

Join us to learn more about the top five Zero Trust best practices CISOs use to detect and stop modern attacks like ransomware and supply chain breaches in real time.

Top 5 Zero Trust Practices to Stop Modern Attacks

The shift towards building applications as Cloud Native is now in full swing, as new applications are built for speed and scale using DevOps principles, containers, and Kubernetes in the Cloud. A corresponding shift is underway in how to secure these applications in a way that preserves and builds on their unique properties.

In this presentation, Tsvi Korren, Field CTO at Aqua will discuss the basic building blocks of Cloud Native and how to build a security program that starts at the supply chain and ends with stopping attacks directed at running workloads.

The Building Blocks of a Cloud Native Security Program

Identity powers cyber resilience, and acts as the basis for the secure adoption of modern IT innovations, and for the pursuit of digital transformation initiatives that are essential for business competitiveness. Identity is the core of a Zero Trust strategy: With the perimeter moving to the identity layer, people become the critical component of the Zero Trust ecosystem.

Join us for this session to learn more about the key role that identity plays in a zero trust strategy, how you can successfully integrate identity into your existing security practice and why adopting identity-first security will help you realize your zero trust goals.

The Zero Trust Advancement Center is hosting free monthly webinars about one of the most widely talked about cybersecurity trends today. Zero Trust experts will guide you through the ins and outs of this increasingly popular approach to cybersecurity, helping you come to an understanding of why Zero Trust is needed today, what the key principles are, and how to implement it into your business planning, enterprise architectures, and technology deployments. Learn more at https://csaurl.org/zeroinseries.

The Journey to Zero Trust starts with Secure Identity

Is your DevOps team drowning in a sea of alerts? We’ve all been there. The big question is - what vulnerabilities do you fix first? Did you know that as much as 95% of vulnerability alerts simply don’t matter? Prioritize the ones that do by focusing on vulnerabilities actually exposed at runtime. Boost developer productivity by keeping them focused on packages, and not vulnerabilities. 

Join this webinar to learn:
• How to reduce vulnerability noise by up to 95% (hint: by prioritizing vulns tied to active packages)
• Ways to speed remediation by giving devs a consolidated package-centric view of vulnerabilities
• How to leverage runtime intelligence to improve shift-left security

Automatically Prioritize Vulnerabilities Using Runtime Intelligence

SaaS companies today are scrambling to comply with certain security frameworks like AICPA SOC 2, ISO 27001, CSA STAR etc., because demonstrating information security reduces sales barriers, boosts customer trust and increases the protection of sensitive data. But getting compliant is super complicated and eats up loads of time for employees. Moreover, many organizations lack the knowledge and experience required for these frameworks, and have no idea where to begin their compliance journey and how to maintain compliance throughout the year.

In this panel we'll discuss:
• The traditional audit process versus the modern audit process
• Why outsourcing compliance to third parties will allow internal resources to be utilized more strategically and provide greater value to the organization
• The importance of automating repetitive audit-related tests and the significant impact this has on organizational productivity
• An innovative approach to security compliance that streamlines the entire security audit process, saving companies hundreds of hours and freeing up teams to shift their focus away from manual testing of risks and controls to critical and strategic risks
• How to scale your security audit, whether you're a startup or a corporation
• Auditor perspective and future developments

Continuous Auditing & Certification: The Future of Security Compliance for SaaS

Panel Discussion

In this panel discussion on “Implications of PIPL for Enterprise Cloud Users,” moderated by WONG Onn Chee (CSA Fellow & CTO Resolvo Systems), we have invited several experts to weigh in on how their view on how PIPL will affect enterprises doing business in China and elsewhere when using cloud services.

Moderator: WONG Onn Chee (CSA Fellow & CTO Resolvo Systems)

Panelists:
- LIM May-Ann (Director, Fair Tech Institute, Access Partnership & Emeritus Director, Asia Cloud Computing Association, Singapore) 
- Marcus TAN (Managing Partner, Marcus Tan & Co, Advocates & Solicitors, Malaysia)
- Philip VICTOR (Managing Director, Welchman Keen)
- Sarbojit M BOSE (Education Director, CSA Singapore Chapter & CCSK Instructor)

Implications of PIPL for Enterprise Cloud Users

Fireside Chat with Frank ZHANG  (IAPP Fellow & Senior Security & Privacy Expert, Huawei Technology)
Moderator: Benjamin CHEONG (Partner, Rajah & Tann)

Fireside Chat with Frank ZHANG

The presentation will provide the background and the main points of the China Personal Information Protection Law (PIPL).  It will also identify the compliance requirements that enterprises need to comply with. A comparison of the differences between PIPL and GDPR will also be shared.

Implementing China's Personal Information Protection Law  for enterprises

Fireside Chat with Riwzi WUN (Partner, RHTLaw Asia)
Moderator: Daniele CATTEDDU (CTO, CSA)

Fireside Chat with Riwzi WUN

Singapore Personal Data Protection Act & the Cloud

Fireside Chat with Prof. Paolo BALBONI (Co-chair, CSA Privacy Level Agreement WG & Principal Author CSA GDPR CoC)
Moderator: Ekta MISHRA (APAC Membership Director & Country Manager India, CSA, CSA)

Fireside Chat with Prof. Paolo BALBONI

The presentation will update the audience on the main issues and opportunities concerning the provision of cloud services in the EU. We will discuss both privacy and contractual aspects focusing the attention on present and forthcoming Codes of Conducts, data transfer, collaboration duties, limitation of liabilities, etc. Relevant case law will be analyzed as well as recent trends concerning data protection as part of the ESG/Corporate Social Responsibility. The goal is to provide a comprehensive picture to the audience about doing cloud business in the EU.

Doing Cloud Business in the EU: Privacy & Contractual Reflections

Welcome Address
Dr. Hing-Yan LEE (EVP, Government Affairs, CSA) 

Opening Keynote
Jim REAVIS (CEO & Co-Founder, CSA)

Welcome Address & Opening Keynote

Join the 2021 CSA-DC Chapter Research Team as they walk us through the concepts, technologies, business processes, and team building activities associated with their recent CSA publication entitled “A Guided Approach to Support Your Zero Trust Strategy; A Guided Approach for a Complex Hybrid World”. 

Dr. Mari Spina, Research Committee Chair, will moderate a panel of key research contributors to the paper and experts in the field of Zero Trust Architecture (ZTA) development and adoption: Jyoti Wadhwa, Director, Cybersecurity Solutions Architect at T-REX Solutions, Paul Deakin, F5-CSE Security, F5-CSE Cloud Field Solutions Engineer, and Uma Rajagopal, Advisor and author of Essential Security Fundamentals; Security is a Process; Not a Single Product.

The Zero Trust Advancement Center is hosting free monthly webinars about one of the most widely talked about cybersecurity trends today. Zero Trust experts will guide you through the ins and outs of this increasingly popular approach to cybersecurity, helping you come to an understanding of why Zero Trust is needed today, what the key principles are, and how to implement it into your business planning, enterprise architectures, and technology deployments. Learn more at https://csaurl.org/zeroinseries.

A Guided Approach to Support Your Zero Trust Strategy

Ransomware isn’t new – we can track it back to attacks using floppy disks in 1989 – and like all attacks, it has evolved over time. As defenders adopted yesterday’s protections attackers respond by upping their game. The original “smash and grab” approach has moved on, leading to today’s more sophisticated and dangerous landscape, with:

• Ransomware-as-a-Service where attack tools are commercialized, meaning less skilled teams can buy and use advanced weapons they could not build for themselves
• Double Extortion where Cybercriminals don’t just lock your data where it sits – they pull out a copy, exploiting your weak, asymmetric network controls. This allows two threats– blocking your access to your own data, and threatening to release it publicly if you don’t pay.
• Cloud ransom attacks Every new tech has a new attack surface, and new exploits targeting it, and cloud is no different. 

Fighting Ransomware 2.0 means upgrading your defensive techniques – as the exploits evolve, so must your response. Combating both double-dip extortion demands and cloud-focused attacks requires understanding your attack surface, so you can find and fix your defensive gaps and open pathways before the bad guys use them against you. Concern about these attacks has reached the C-suite as ransoms have impacted not only brand and customer trust, but the bottom line with huge financial implications. 

In this webinar we will cover:
• Why network segmentation is the essential strategic response
• Comprehensive strategies vs. single point solutions needed
• The true impact of lateral movement within your network
• Why an ounce of prevention is worth a pound of cure

We’ve moved from smash and grab to sophisticated heists. This requires a cyber security strategy that works harder to avoid not only someone getting in, but plan to stop lateral movement and exfiltration. Control the blast radius, and you have a fighting chance at protecting your brand, your customers and your bottom line.

Combating Ransomware 2.0: Beyond Backups

As you move to the cloud, your security teams often feel a loss of control in this new world. Traditional tools and processes are not working in the cloud and visibility is limited. How do you identify and get your arms around the “real” risks in the cloud?

Getting security right starts with a first-principles approach to finding, focusing, and fixing risks across clouds and containers.

Join this webinar to learn:
• How to map security controls when moving from on-premise to the cloud?
• How innovative organizations eliminate blind spots and prioritize what matters 
• Leveraging open standards (ex. Falco) for runtime threat detection and cloud security monitoring  
• Key areas to cover when implementing cloud security from source to run

Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices

Large enterprises such as Adobe have historically relied upon solutions managed wholly in-house for identity and access management. However, as we began our move towards a more cloud-centric zero-trust based networking environment, we recognized that we needed to ensure our core enterprise identity and access management system was more cloud-centric as well. This became apparent as the definition of “work” changed for our users as a result of the COVID-19 pandemic. Our cloud-based directory provider of choice for this effort is Microsoft Azure Active Directory (Azure AD). Over the past several years as we have transitioned to a cloud-based enterprise identity model we have learned a lot about how best to utilize this technology. Microsoft Azure AD is also still relatively new technology and is a constantly evolving system. This has presented some unique challenges as we work to use it in an organization as large and complex as Adobe. 

 

In this webcast Aaron Resnikoff, Sr. Security Engineer, and Trevor Ashby, Security Engineer, from our enterprise security team will talk about the evolution of how we use Microsoft Azure AD and give you the scoop on many of the lessons we have learned on our journey as we have made this the core of our enterprise identity infrastructure. You will leave this webcast with knowledge you can use to help you with your own zero-trust networking and cloud-based identity management journey.

Best Practices for using Microsoft Azure Active Directory (AD)

With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important.  A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.

Emerging Top Threats in Cloud Computing – What We Can Do About Them

top threats

Cloud Computing

Cyber Security

Vulnerabilities

Architecture

IT Infrastructure

Cloud Security

Cloud Service Providers

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Emerging Top Threats in Cloud Computing – What We Can Do About Them

Presented by

About this talk

More from this channel