Hi [[ session.user.profile.firstName ]]

CSA's Executive Series: Connectedness and Data Privacy in the Cloud Era

As businesses are transitioning to new cloud services increasing their connectedness, it creates new issues like decreased visibility, new obscure vulnerabilities and cyber criminal opportunities. Simultaneously, new laws like GDPR and CCPA require data owners and aggregators to have visibility and understanding who is capturing, accessing, and using and the security around it. Techniques such as tokenization, data masking, data substitution and field encryption are being used to lower the risk of sensitive data exposure. While these techniques may satisfy data breach laws, the court of public opinion does not yet understand or appreciate these technologies.

 In this webinar, Jerry Archer, CSO of Sallie Mae will discuss liability, data lineage, retention, deletion and other aspects of the proliferation of cloud based services as well as considerations as businesses transition to the cloud.
Recorded May 20 2020 28 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jerry Archer, SVP & Chief Security Officer, Sallie Mae
Presentation preview: CSA's Executive Series: Connectedness and Data Privacy in the Cloud Era
  • Channel
  • Channel profile
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Jul 29 2020 6:00 am UTC 45 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
  • Emerging Top Threats in Cloud Computing – What We Can Do About Them Jul 15 2020 6:00 am UTC 45 mins
    Moderator : Jim LIM, Panelists: Raju CHELLAM | Nigel LIM | Steve NG
    With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important. A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.
  • Shift Left and Shift Down in the Cloud Jul 9 2020 4:00 pm UTC 60 mins
    Brian Price, cloudtamer.io|Nicholas Hughes, EITR Technologies|Joe Foster, NASA|Chris Pollard, cloudtamer.io
    How Automation, Templates, and Autonomy Deliver Security with Agility in the Cloud

    Organizations are moving more workloads to the cloud. At the same time, industry surveys indicate that security remains high on the list of reported cloud challenges. The goal remains the same: enable teams to use the cloud to drive agility and innovation while remaining secure and compliant in the process.

    The concept of shift left - moving security earlier in the development process - is a recognized tactic to improve your security posture. We'd add to that the concept of shift down. When you shift down your security efforts properly, you put in place the boundaries developers can work within without hampering productivity and innovation.

    In this webinar, you'll get proven tactics and real-world examples to help you ensure security in the cloud with minimal impact to agility:

    - Identifying and implementing automation opportunities to ensure security without labor-intensive efforts

    - Creating and rolling out a templatized approach to security that gives cloud teams autonomy and jumpstarts development

    - Using and integrating technology solutions to help speed access to and use of the cloud in a compliant manner
  • Key Security Controls & Practices for Moving to the Cloud: A CISO’s Perspective Jun 25 2020 4:00 pm UTC 45 mins
    Mark O’Hare, CISO, Mimecast
    In Cloud We Trust

    While Mimecast is a significant cloud security services provider to more than 38K organizations, we also rely heavily on cloud-based IT and security services to run our own business. Like all global organizations this digital transformation of our organization, with nearly 2K employees, didn’t happen overnight, didn’t happen without a plan, or without some bumps in the road. In this session Mimecast’s CISO for the last 9 years, Mark O’Hare, will review and discuss Mimecast’s transition to the cloud, how it eased our rush to completely work from home in mid-March, and what challenges we came across and how we overcame them.
  • How to Automate and Accelerate the Design of Secure AWS Cloud Environments Jun 24 2020 4:00 pm UTC 60 mins
    See description for details
    Panelists: Archie Agarwal, Founder and CEO, ThreatModeler | Yeukai Sachikonye, Consultant-Engagement Manager of Global Security and Infrastructure Practice, AWS | Reef D'Souza, Security Consultant, AWS | Praveen Nallasamy, VP of Cybersecurity, BlackRock | Tom Holodnik, Software Architect, Intuit

    Moderator: Ty Sbano, Chief Security & Trust Officer, Sisense

    Learn how to proactively secure your AWS cloud infrastructure, with guidance from AWS Security Epics, accelerating sprint and epic velocity. DevSecOps can discover how to prioritize security early in the cloud migration design phase, reducing overall cost and effort to fix security issues from weeks to just a few hours, maximizing efficiency and ROI. Understand how this approach reduces security efforts in infrastructure and application designs, increases efficiency in security control decision making and reduces overall risk.

    In this webinar, ThreatModeler and AWS will cover how to automate ...
    Building a threat modeling process that drives security throughout the Cloud Development Life Cycle (CDLC).
    - Converting an architecture diagram into a threat model with a list of threats and relevant security recommendations for AWS services.
    - Identifying latent security risks.
    - Generating AWS Security Epics backlog for IAC development, plus secure CloudFormation code templates.
    - Highlighting threat model drift from the live environment based upon AWS services, AWS Config, AWS Security Hub and others.
    - Keeping threat models synchronized with AWS environments using real-time updates.
  • Cloud Incident Response Need Not be Reactive Jun 24 2020 6:00 am UTC 45 mins
    Alex Siow, Chairman CSA Singapore Chapter
    In today’s connected era, a comprehensive incident response is an integral aspect of any organization aiming to manage and lower their risk profile. A good incident response needs to be useful not only when dealing with incidents caused by malicious threat actors, but should also be applicable in a variety of other situations such as downtime caused by an unexpected power outage or cut internet fiberfra due to roadworks. There are, however, different considerations when it comes to incident response for cloud-based infrastructure and systems, due in part to the nature of its shared responsibility.

    Additionally, with a number of incident response standards, frameworks and guidelines available, it could be confusing for cloud providers and users to make sense of them for their cloud incident response (CIR) procedure. CSA’s CIR Framework will serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, along with serving as a transparent and common framework for CSPs to share cloud incident response practices with their customers.

    This talk will cover key contributions of the CIR Framework to the cloud community, and also make available a Quick Guide that distils the main objectives and overview of the CIR Framework.
  • Landscape of Application Security for Cloud-Based Apps Jun 18 2020 5:00 pm UTC 54 mins
    Ashwath Krishna Reddy, Managing Consultant & Sandesh Mysore Anand, Managing Consultant at Synopsys
    Large enterprises moving to the cloud do so in a phased manner. Consequently, at least for a while, they have a mix of on-premises and cloud environments (and very often, multiple cloud environments). These environments, combined with the many ways you can move an application to the cloud, create new considerations for application security:

    - Rehost (lift and shift): threat landscape increased because of network exposure
    - Replatform (lift and reshape): new attack vectors via buckets, databases, message queues
    - Repurchase (drop and shop): third-party data exposure, noisy neighbor attacks, data retention
    - Rearchitect (rewriting and decoupling apps): serverless, container based, container orchestration
  • Augmenting Native Cloud Security Services to Achieve Enterprise-grade Security Jun 16 2020 5:00 pm UTC 60 mins
    Thomas Martin, Founder, NephōSec & Chris Hertz, VP Cloud Security Sales, Rapid7
    Appropriate use of native security controls in Amazon Web Services, Microsoft Azure, and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organizations struggle with determining when and how to use these native security controls, doing so in a consistent fashion, and also understanding how and when to augment these to ensure continuous security and compliance. Join Thomas Martin (former GE CIO and founder of NephōSec) and Christopher Hertz (VP Cloud Security Sales at Rapid7) for a discussion on:

    - How and when to use native cloud security controls
    - Why and when you may want to augment these controls
    - How to leverage automation to gain continuous security and compliance in public cloud
  • See FIDO Run: Passwordless, From the Ground Up Jun 11 2020 4:00 pm UTC 60 mins
    Nick Steele, Senior R&D Engineer, Duo Labs
    Duo has been part of the passwordless authentication conversation from the start, as early adopters of the WebAuthn protocol and one of the first strategic partners of the FIDO Alliance. Advances like WebAuthn enable faster, easier, and more secure authentications, such as utilizing fingerprint readers already embedded in many of today's latest laptops. This fits our long term goal to simplify and reduce the number of authentication prompts while keeping logins secure and easy to use.

    Join Nick Steele, Senior R&D Engineer at Duo Labs, for a discussion of recent advancements in the passwordless evolution, why vendors are starting to embrace a passwordless experience, and how tools available today can help move us closer to a post-password world.
  • How to See AWS Workload-Level Risks Without Agents Jun 9 2020 5:00 pm UTC 60 mins
    Aaron Brown, Cloud Security Engineer, Sisense | Sounil Yu, CISO-in-Residence, YL Ventures | Avi Shua CEO Orca Security
    Learn modern AWS security best practices with Sisense, Orca Security, and Special Guest Sounil Yu, Former Chief Security Scientist, Bank of America

    We’ll start off with Sounil Yu, the former Chief Security Scientist at Bank of America, who will explain how to use his Cyber Defense Matrix to gain a thorough understanding of cloud security.

    Then we’ll dive into the practitioner’s perspective with Sisense Cloud Security Engineer Aaron Brown, who will speak to the challenges around rapidly scaling cloud infrastructure, while still maintaining security and visibility into your assets.

    Aaron and Sounil will be joined by Avi Shua, CEO and co-founder of Orca Security, former chief technologist at Check Point Software Technologies. It’s going to be a fast-paced hour as we start with the theoretical and quickly dive all the way down into Aaron’s “notes from the field”.

    Get ready to ask your toughest AWS security questions as we discuss:

    - How to use the Cyber Defense Matrix to gain a thorough understanding of cloud security

    - The 6 risks hiding inside every large AWS environment

    - Technical takeaways, advice, and pitfalls to avoid from Sisense

    - Pros and cons of different cloud security tools: AWS GuardDuty, traditional agent-based tools and scanners, and CSPM (cloud security posture management)

    - New approach to quickly eliminating hidden risks
  • Why Your Cloud Migration Needs a New Approach to Security and Governance Jun 9 2020 4:00 pm UTC 34 mins
    Brendan Hannigan, CEO & Co-Founder, Sonrai Security
    The very nature of how software applications are built today has changed from stem to stern, with public cloud at the foundation of this shift. Companies that have successfully ‘digitally transformed’ are thriving, while laggards continue to languish. While digital transformation continues at a rapid pace, security and governance has just not kept up as evidenced by so many cloud data breaches. In this talk, you will learn:
    - Why digital transformation turns old-security ways upside down
    - How new approaches must be built for cloud from the ground up
    - Why identity and data are the key critical control points for public cloud governance
    - The ticking time-bomb of complexity hidden in cloud-provider IAM models
    - 5 steps organizations can take to de-risk their cloud
  • The S in IoT stands for Security Recorded: Jun 3 2020 48 mins
    Moderator: Suresh AGARWAL, Panelist: Aleksandar ANDRIC | ​Jim LIM | Haojie ZHUANG
    Internet of Things (IoT) and connected devices promise tremendous benefits and a new wave of business opportunities. This hype is best balanced with caution especially with respect to security. Along with new revenue opportunities, IoT introduces points of vulnerability for data thefts and loss of device control. Such data breaches and loss create negative impact on a large scale. With devices connected to the Internet, the large attack surface offers numerous points of peril. Come and learn from our panel of experts on the risks and how to manage the perils effectively before you embark your IoT journey.
  • Build a Robust App Control Strategy for your Cloud Workloads Recorded: Jun 2 2020 58 mins
    Itai Tevet, CEO at Intezer
    The use of application control (also known as whitelisting) is considered to be a robust and essential Cloud Workload Protection strategy largely due to the high predictability of cloud environments.

    But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent—referred to as “Living off the Land.” App control also presents some operational headaches, requiring strict and often unrealistic policies.

    This webinar explains how to build a robust application control strategy that is informed by these challenges. Learn what capabilities you should consider when evaluating a Cloud Workload Protection Platform (CWPP).
  • DLT Security Framework for the Finance Industry Recorded: May 30 2020 34 mins
    Jyoti Ponnapalli, DLT Lead, DTCC and Kurt Seifried, Chief Blockchain Officer, Cloud Secur
    DLT introduces a multitude of value propositions for the financial services industry. The pace of innovation is aggressively picking up in use cases pertaining to finance such as digital assets, tokenization and cryptocurrency. However, the security measures are significantly inadequate to support innovation. There is a growing need for increased vigilance and an industry-standard security framework. Please join us as DTCC & CSA speak about the current state of security in the DLT world and announce the launch of the Blockchain working group to address the needs of industrywide DLT Security Framework.
  • Innovative Enterprise Architecture Techniques to Complete your Digital Transform Recorded: May 30 2020 38 mins
    Jon-Michael Brook, Principal: Security, Cloud & Privacy, Guide Holdings LLC
    A successful digital transformation requires a lot of moving parts. Even greenfield opportunities challenge organizations in catching all business, IT, DevOps, and security tactics in the effort. The Cloud Security Alliance's Enterprise Architecture, Cloud Controls Matrix, and Security Guidance products help create innovative, manageable, repeatable, and measurable processes. In this session, Jon-Michael C. Brook will discuss how the CSA toolset, a sprinkling of open source or third-party products, and a little elbow grease can bring a positive transition to the cloud for your business.
  • How to Future-Proof the Cloud, from the POVs of a CISO, CPO & Ethical Hackers Recorded: May 30 2020 31 mins
    Kevin Fielder, CISO, Just Eat and Peter Blanks, Chief Product Officer & Head of Engineering, Synack
    IDC predicts that by 2022, over 90% of enterprises worldwide will be relying on a cloud solution to meet their infrastructure needs, in large part driven by the COVID-19 remote working environments. This rapid migration to the cloud has created new attack surfaces and opportunities for cybercriminals to gain access to sensitive data and wreak havoc to organizations. Join us as we share how organizations are rapidly deploying dynamic security testing to future proof the connected world from the perspective of a CISO, ethical hackers from the Synack Red Team (SRT), and a solutions architect.

    o Kevin Fielder, CISO of leading food delivery app Just Eat, shares his approach for creating a more secure cloud environment as they scale up to address an uptick in food deliveries during the pandemic and a recent merger.

    o Ethical hackers from the Synack Red Team (SRT) share their perspective on the attacks in the cloud environment and ways to harden cloud-deployed resources.

    o A technical expert from Synack’s Solutions Architect team shares his insights from the frontline helping customers deploy rapid crowdsourced security testing to harden their cloud assets against cybercriminals.

    Tune in to learn how organizations have embraced rapid, easily deployable crowdsourced security testing solutions for the cloud and why the future of cloud security is linked to the future of trusted crowdsourced security intelligence.
  • Cyber Risk Exchanges: Mastering a New Approach to Vendor Risk & Performance Moni Recorded: May 30 2020 20 mins
    Randy Ferree, Third-Party Risk Consultant, OneTrust Vendorpedia
    Your vendors often handle your most sensitive data. This presents significant challenges as security, procurement, sourcing, IT, and privacy teams struggle to vet and manage vendor risks and performance in real time. So, how can organizations proactively monitor vendors to protect against emerging issues? Additionally, how can cyber risk exchanges help organizations manage the third-party risk management lifecycle with more efficiency? In this session, we'll answer these questions and breakdown how cyber risk exchanges offer a more streamlined approach to vendor risk monitoring.
  • SDP – The Yellow Brick Road to Zero Trust Recorded: May 29 2020 42 mins
    Juanita Koilpillai Founder and CEO Waverley Labs LLC
    Today’s network security architectures, tools and platforms fall short of meeting the challenges presented by current security threats. Zero Trust is emerging as a popular anti-hack strategy and, as the concept implies, requires that users are not allowed any access to anything until they are authenticated. Attaching the moniker “Zero Trust” to solutions, while popular, misleads one into a false sense of security (no pun intended).

    In this webinar, you’ll learn how a Zero Trust implementation using SDP is applied to network connectivity, meaning it is agnostic of the underlying untrusted IP-based infrastructure, and hones in on securing connections. The webinar will delve into the steps to implement SDP and facilitate organizations to defend from new variations of old attack methods that are constantly surfacing in existing perimeter-centric networking and infrastructure models.

    Separating the control plane where trust is established, from the data plane where actual data is transferred.
    Hiding the infrastructure using a dynamic deny-all firewall - the point where all unauthorized packets are dropped for logging and analyzing traffic.
    Using single packet authorization to authenticate and authorize users and validate devices for access to protected services and least privilege is implicit.
  • Enhance Security and Operational Efficiency with CASB Recorded: May 29 2020 53 mins
    Itir Clarke Sr. Product Marketing Manager, Proofpoint and Dan "Hackerman", National Health Organization
    The move to the cloud and a mobile workforce has brought new security and compliance risks. Cloud account takeover, data loss and usage of unapproved cloud applications present big challenges to security teams. Protecting IT-approved applications - Microsoft Office 365, Google G Suite, Box, Dropbox, Salesforce, Slack, AWS, ServiceNow and more – is top of mind.

    Join Proofpoint and a healthcare customer as we discuss how CASB enhanced security and operational efficiency for this physician practice management company. We will cover:

    Why do you need a CASB?
    How to protect users from cloud account compromise
    How to defend your data and ensure compliance in the cloud
    How to manage third-party apps and risks of cloud to cloud access
  • Secure your Cloud Investment by Unlocking the Network as a Data Source Recorded: May 29 2020 40 mins
    Ryan Davis Sr. Cloud Product Manager ExtraHop
    While the cloud may be a force multiplier for DevOps and IT Ops, for security teams, it can be a vulnerability. With SecOps taking the blame for stalled migration efforts, enterprises are recognizing the need to take a cloud-native approach to securing data and workloads rather than trying to retrofit old technology to new cloud security best practices. The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. Traditional security tools focused on prevention, or those that rely on agents or logs for analysis, can’t keep up with the speed and scale of the cloud. They leave too many blind spots, add friction to development cycles, and slow down incident response. Without visibility into network traffic and the ability to analyze full packets, organizations are vulnerable to new and evolving threats, and security teams are forced to slow the pace of cloud migration.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: CSA's Executive Series: Connectedness and Data Privacy in the Cloud Era
  • Live at: May 20 2020 5:00 pm
  • Presented by: Jerry Archer, SVP & Chief Security Officer, Sallie Mae
  • From:
Your email has been sent.
or close