Hi [[ session.user.profile.firstName ]]

Shifting Cloud Security Left to Protect Data & Customers

Sadi and Chris will explore how her team at ViacomCBS Digital have shifted cloud security left in order to prevent issues from ever manifesting, deliver better experiences to developers, and be able to meet the rapidly scaling demand for cloud computing. This approach has enabled a lean team to support dozens of business units as they harness the power of public cloud in the production and distribution of online content covering news, sports, entertainment, technology, and business drawing in over millions of viewers making it the 6th largest internet brand. They will also dive into the important facets of making cloud security continuous including visibility, prevention, detection, remediation, automation, and reporting.
Recorded May 12 2020 40 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Sadi Steffl, Cyber Security Analyst at ViacomCBS Digital & Chris DeRamus, CTO at DivvyCloud
Presentation preview: Shifting Cloud Security Left to Protect Data & Customers
  • Channel
  • Channel profile
  • How Can We Grow the Pool of Cloud Security Professionals May 27 2021 9:00 am UTC 45 mins
    Dr. Hing-Yan LEE, LE Ngoc Son, Ferdinand FONG
    Panel Discussion

    Given that many countries have been suffering from a dire shortage of IT professionals for many years and the demand for IT professionals has continued unabated. The panel hopes to address the challenge of having enough cybersecurity professionals and discuss what employers can do to build necessary working experience for the individuals.
  • Securing the Cloud via CCSK May 27 2021 8:15 am UTC 30 mins
    Ekta MISHRA & Philip Cao HUNG
    As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security.

    ​"A Call to Action with CSA Vietnam Chapter” [in Vietnamese language]
    Philip Cao HUNG (Advisor, CSA Vietnam Chapter)
  • Best Practices in Implementing Secure Microservices Architecture May 27 2021 7:30 am UTC 30 mins
    Madhav CHABANI, Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting
    Application containers and a microservices architecture are being used to design, develop, and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This presentation based on CSA research artifact 'Best Practices in Implementing Secure Microservices Architecture' will help to identify best practices in securing microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator, and Architect.
  • Piece of Mind with Cloud Native Security Guidance May 27 2021 6:45 am UTC 30 mins
    Suresh AGARWAL, Honorary Secretary, CSA Singapore Chapter & MD, Agarwal Pte Ltd
    A new Guidance for Cloud Native Security was approved by the Singapore Information Technology Standards Committee in 2020. This speaker will provide an analysis on the strengths and weaknesses of the said technical reference. He will make a comparison with NIST and other papers on the same topic.
  • Reflective Security & DevSecOps May 27 2021 6:00 am UTC 30 mins
    Ronald TSE, CEO, Ribose & Co-Chair, CSA DevSecOps Working Group
    The CSA DevSecOps working group has published a number of papers including Reflexive Security, DevSecOps, and associated best practices. This talk briefly describes these topics, with an explanation of the principles and benefits of the novel management framework around DevSecOps, presented with examples of best practices that fit into this framework. We also provide a roadmap of current research of the working group.
  • SDP & ‘Black-Cloud’ Protection May 27 2021 4:15 am UTC 30 mins
    Juanita Koipillai, Founder & CEO, Waverley Labs
    Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.
  • Healthcare’s Cloud Migration: 7 Emerging Data Security Risks May 6 2021 4:00 pm UTC 60 mins
    Jon Moore, Chief Risk Officer and SVP Consulting Services, Clearwater
    Seeking flexibility, scalability, and cost-savings, an increasing number of healthcare organizations are
    moving systems and data to the Cloud. Fueled by increased adoption of telemedicine and wearable
    medical devices sparked by the pandemic and continuing investment and growth in Cloud-native health IT startups, the market for healthcare cloud computing is expected to grow from $28 billion in 2020 to nearly $65 billion over the next six years, according to a recent study by MarketDigits.

    While there are numerous benefits for healthcare organizations that adopt cloud models, introducing
    sensitive and protected data into the Cloud creates various new risks. As we’ve seen in some surveys, organizations are conflicted on whether cloud security makes it easier or more challenging to manage these risks. A recent Netwrix survey indicated that nearly 40% of respondents have had a cloud security incident in the past year, and nearly half of them could not diagnose the issue.

    During this webinar, Clearwater Chief Risk Officer and Head of Consulting Services Jon Moore will review recent examples of healthcare cloud security failures and discuss critical takeaways that organizations should note to avoid similar missteps.

    Attendees will learn:
    · Seven ways cloud security can go sideways resulting in a breach and HIPAA violation
    · Best practices to help your organization reduce risk and avoid a HIPAA violation in the Cloud
  • Best Practices for Accelerating Security Development in the Product Lifecycle Apr 29 2021 4:00 pm UTC 60 mins
    Ningjing Gao, Principal Technical Program Manager - Security Team, Adobe
    If you are part of a security organization and noticing the constant resource competing with product feature development, you may have wondered how to further accelerate security work assigned to product teams. How can security best integrate with feature development to reserve engineering resources for security projects? Our team has developed an approach to provide clearer visibility into the security work that needs to be done. It also enabled us to be better aligned with the existing product development process.

    In this webcast we Ningjing Gao, Principal Technical Program Manager for Security at Adobe, will talk about what we did to improve our processes and shared additional best practices that can help you make it more efficient and effective for product teams to build security into everything they do at your organization.
  • Applying Zero-Trust Security to Cloud Workload Protection Apr 27 2021 5:00 pm UTC 60 mins
    Willy Leichter, VP-Marketing and Product Strategy & Shauntinez Jakab, Sr Dir-Product Marketing and Analyst Relations, Virsec
    As attacks on software supply chains and critical applications not only continue but accelerate, we need to extend a next-generation zero-trust model into cloud workloads during runtime. To understand why runtime remains a choice target for threat actors, look no further than the recent SolarWinds and Microsoft Exchange server attacks. Both exploits executed undetected and undeterred in runtime, easily evading existing security measures such as threat hunting and EDR/EPP tools.

    Zero trust is a powerful concept, but many think it only applies to users, devices, and networks. Implementing a next-generation Zero-Trust model, one that incorporates application-aware workload protection, can ensure that only the right code and processes can execute, regardless of the threat environment.

    In their Market Guide for Cloud Workload Protection Platforms, Gartner specifically recommends extending zero trust security, stating: “At runtime, replace antivirus-centric strategies with “zero-trust execution.”
    Join security experts from Virsec as they discuss the challenges of protecting an expanding attack surface area with cloud, hybrid, and container environments and detail the need for application-awareness and effective runtime protection. Get best practices for security implementations for workloads that ensure vulnerability protection with granular application control, system integrity assurance, and advanced memory protection at runtime.
  • Why the Cloud Needs Network Detection and Response Apr 20 2021 5:00 pm UTC 60 mins
    Anton Chuvakin of Google Cloud & Edward Smith and Vijit Nair of Corelight
    If cloud environments are locked down by default and everything is already being logged, is cloud network traffic analysis really helpful? It turns out that even in the cloud, network telemetry data can ensure investigations are fast and hunts are conclusive. As we’ve learned from breaches like Sunburst, network telemetry provides essential evidence for catching threats other tools miss.


    Join experts from Google Cloud Security and Corelight to learn how collection and analysis of cloud network traffic leads to better threat detection and response. We will discuss:
    - Common misconceptions about network telemetry
    - Cloud traffic monitoring use cases
    - Solutions to implementation challenges
  • State of Cloud 2021: A CSA Survey Report Apr 13 2021 5:00 pm UTC 46 mins
    Yitzy Tannenbaum, Product Marketing Manager, AlgoSec
    In the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA developed and distributed a survey to better understand the current cloud security concerns, challenges, and incidents. In this webinar, Yitzy Tannenbaum, Product Marketing Manager from Algosec will cover the results including...
    - current cloud adoption
    - complexity of the modern-day network
    - who's responsible for cloud security
    - misconfigurations and outages
  • Cloud Control Matrix V4: Updated Security Guidance for the Cloud Recorded: Apr 6 2021 66 mins
    Daniele Catteddu, Sean Cordero, Shawn Harris, Sean Estrada
    Since its debut in 2013, the Cloud Control Matrix (CCM) v3.0.1 has become the most comprehensive and globally adopted security framework for assessing security risk of cloud providers. With the emergence of new technologies and the evolution of the cloud certification landscape, CCM needs to reflect this continuous change. Through the commitment and collective knowledge of 18 teams led by highly experienced cloud security experts, CCM v4 is now available with significant updates to the previous version. This session will provide a presentation and overview of: - CCMv4 domains and new control requirements, - A draft version of the new CCMv4 “implementation guidance”, - The new Shared Security Responsibility Model (SSRM) controls for helping CSPs and CSCs delineating CCM controls implementation responsibilities, - The enhanced Consensus Assessment Initiative Questionnaire (CAIQ) v4.0 following the upgrade to CCMv4.0, - Mapping exercises of CCMv4.0 to other well-known standards, as performed by the CCM WG, - The latest activities for the development of CCMv4.0-Lite.

    *Introduction music by: Bensounds.com
  • Security Meets Privacy on the Cloud - A Better Understanding Recorded: Mar 31 2021 44 mins
    Tze Meng TAN, Madhav CHABLANI, Riwzi WUN, Sarbojit M BOSE
    Panel Discussion

    Security and privacy are twins when it comes to providing tools to secure the users' data. However, they are un-identical twins; they are different. Security relates to the protection of data from threats, such as hackers, while privacy encompasses how personal data is collected, managed, stored and shared. Enterprises today are realizing the importance of both, since business impact will be immense if these issues are ignored.

    MODERATOR : Tze Meng TAN (Head of Data Cloud Department, Digital Infrastructure and Services Division, MDEC)
    PANELISTS:
    - Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
    - Riwzi WUN (Partner, RHTLaw Asia)
    - Sarbojit M BOSE (Education Director, CSA Singapore Chapter & CCSK Instructor)
  • How privacy & security professionals can cooperate to achieve compliance Recorded: Mar 31 2021 26 mins
    Francoise GILBERT (Global Privacy Strategist, CEO of DataMinding, Inc.)
    How privacy & security professionals can cooperate to achieve better compliance with laws & standards, reduce risks & costs to their organization

    The pandemic has caused drastic changes in the way in which most entities operate. In this new ecosystem, cloud services have become the primary source of computing and processing capabilities. Increased use of cloud services requires increased workforce to manage and operate these systems, and ensure that compliance requirements are met and best practices maintained. Cloud services encompass numerous privacy and security issues. At a time when privacy and security professionals are scarce, organization may help increase efficiency and do more with less if they can encourage privacy and security professionals to cooperate in their tasks.
    In this session we will discuss some of the new privacy and security issues that cloud users and providers may be facing, and how cooperation between privacy and security professionals might help increase efficiency.
  • An In-depth Look at the Obligations Arising from Data Breaches Recorded: Mar 31 2021 18 mins
    Rizwi WUN (Partner, RHTLaw Asia)
    The presentation will look at obligations and desired responses arising from data breaches.
  • The Promise and Pitfalls of Committing to Cloud Recorded: Mar 31 2021 30 mins
    Steven SIM (President, ISACA Singapore Chapter)
    Securing Authorization and Architecture Off-Premise

    With accelerated cloud adoption particularly during the COVID-19 pandemic, cloud has become a life-line to numerous organizations for sustaining their operations working from home, but yet it also raises the concern of embroiling into a cyber pandemic of malware outbreak, data breaches and disrupted operations. This presentation hopes to help the audience to navigate the realities of on-premise to cloud migration and address key security concerns relating to new vectors of attack that off-premise operations invite.
  • Blockchain is here to Stay and Being Attacked - How we fix it? Recorded: Mar 31 2021 33 mins
    Kurt SEIFRIED (Chief Blockchain Officer & Director of Special Projects, CSA)
    Blockchains are here to stay, and they’re being attacked. Why? Because that’s where the money is, literally (have you seen the price of Ethereum lately?). Combine this with Turing complete smart-contracts (often with security flaws) and it becomes obvious why attackers are so interested. The good news is that we’ve done this before, and we can not only learn from the past but we know what the gaps are this time around and we can close them faster. In this session, I’ll cover the real attacks we’re seeing today, and the attacks we can expect to see tomorrow. We’ll also talk about how to prevent them, and what the future (might) bring with respect to Blockchain security.
  • Cloud Security in the Age of Hybrid Clouds Recorded: Mar 31 2021 44 mins
    Onn Chee WONG, Narudom ROONSIRIWONG, Ian LOE, Feng ZOU
    Panel Discussion

    Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?

    MODERATOR : Onn Chee WONG (CTO, Resolvo Systems Pte Ltd)
    PANELISTS:
    - Ian LOE (CTO, NE Digital)
    - Narudom ROONSIRIWONG (SVP & Head of IT Security ​Kiatnakin Phatra Bank & Co-chair, Hybrid Cloud Security WG, CSA)
    - Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA)
  • Embracing ICS with Cloud Computing Necessitate Clarity of Vision Recorded: Mar 31 2021 30 mins
    ​William HO (Co-chair, ICS Security WG, CSA)
    Understanding the trends, security concerns and state of Industrial Control Systems (ICS) cloud helps pave the way. ICS with access to the cloud via web-enabled services are where IT and OT (Operational Technology) converge resulting in an integrated process and information flow that brings with it a more complex architecture. As ICS advances from communicating with networks within the enterprise to interacting externally via IoT platforms and the cloud, the efficiency, effectiveness and scalability, improve. These advances create additional complexity and a larger attack surface which in turn has increased the opportunity for cyberattacks.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Shifting Cloud Security Left to Protect Data & Customers
  • Live at: May 12 2020 5:00 pm
  • Presented by: Sadi Steffl, Cyber Security Analyst at ViacomCBS Digital & Chris DeRamus, CTO at DivvyCloud
  • From:
Your email has been sent.
or close