Hi [[ session.user.profile.firstName ]]

Augmenting Native Cloud Security Services to Achieve Enterprise-grade Security

Appropriate use of native security controls in Amazon Web Services, Microsoft Azure, and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organizations struggle with determining when and how to use these native security controls, doing so in a consistent fashion, and also understanding how and when to augment these to ensure continuous security and compliance. Join Thomas Martin (former GE CIO and founder of NephōSec) and Christopher Hertz (VP Cloud Security Sales at Rapid7) for a discussion on:

- How and when to use native cloud security controls
- Why and when you may want to augment these controls
- How to leverage automation to gain continuous security and compliance in public cloud
Recorded Jun 16 2020 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Thomas Martin, Founder, NephōSec & Chris Hertz, VP Cloud Security Sales, Rapid7
Presentation preview: Augmenting Native Cloud Security Services to Achieve Enterprise-grade Security
  • Channel
  • Channel profile
  • Tackling Security in the World of Containers and Hybrid Cloud Aug 4 2020 5:00 pm UTC 60 mins
    Lucy Kerner, Global Senior Principal Security Technical Evangelist, Red Hat
    Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity?

    Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored across the entire application lifecycle, infrastructure lifecycle, and supply chain.

    In this keynote, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud.
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Jul 29 2020 6:00 am UTC 45 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
  • Visibility & Security Challenges Across Multicloud, Hybrid, & Remote Deployments Jul 23 2020 4:00 pm UTC 60 mins
    Fernando Montenegro, Principal Analyst, 451 Research & Dan Frey, Sr. Product Marketing Manager, ExtraHop
    Migration to the cloud continues, now with even greater urgency as organizations around the world transition to remote workforces and shift operations off-premises. But cloud environments can expand the attack surface and erase visibility into critical infrastructure and applications, introducing complexity—especially in the case of multi-cloud and hybrid cloud.

    So where are organizations migrating workloads to, and how are they doing it? Are they lifting and shifting legacy applications to IaaS and PaaS, repackaging them using containers, or refactoring for serverless? And what’s happening after migration? Do IT and security operations think they have sufficient monitoring and security for applications running in the cloud, and if not, what are they doing to regain control? And what about hybrid organizations? Do new cloud deployments expose their on-premises infrastructure to new threats, and are their legacy security tools able to detect and respond to novel and fast moving attacks?

    Join us for this webinar to learn how cloud deployments are affecting security and operations teams, and how they are responding to the myriad challenges associated with enabling and securing growing businesses and remote workforces.
  • CSA STAR Town Hall – Everything you’ve wanted to know Jul 22 2020 5:00 pm UTC 60 mins
    John Yeoh of CSA, JR of CSA, John DiMaria of CSA, and Brianna Hogan of Booz Allen Hamilton consultant
    CSA STAR is being recognized as the international harmonized solution, leading the way of trust for cloud providers, users, and their stakeholders, by providing an integrated cost-effective solution that decreases complexity and increases trust and transparency.

    The STAR Registry holds close to 1000 top Cloud Service Providers that apply to STAR Level 1 and or 2 Self-assessment or certification. Close to 20,000 people each month visit the STAR Registry to view vendor analysis.

    Join CSA’s John Yeoh, Global Vice President of Research; Luciano (J.R.) Santos, Chief Customer Officer; and John DiMaria, Assurance Investigatory Fellow; as they team up with one of the top cloud security consultants from Booz Allen Hamilton to answer your questions in this special CSA Town Hall.
  • Building a Successful Third Party Risk Management Program for a Modern World Jul 16 2020 5:00 pm UTC 60 mins
    Chad A. Peterson - Director, Security Operations at Optiv Security &Matthew Barth, Senior Sales Engineer at SecurityScorecard
    The challenges that organizations are facing today are increasingly more complex than the past. A global health crisis, an unstable economy and changing dynamics of business risks and opportunities make decision making difficult. These reasons, coupled with ever evolving changes to compliance rules and regulations makes driving a successful Third Party Risk Management Program challenging.

    Throughout this webinar, our speakers - Optiv’s Director of Security Operations, Chad Peterson, along with SecurityScorecard’s Lead Systems Engineer, Matt Barth - will discuss:
    - Strategies on how to accurately and efficiently assess your high priority vendors.
    - Best practices on how to create a Third Party Risk Management Program that is efficient but can scale effortlessly using automation and technology.
    - Why going beyond the questionnaires and risk scores by providing the human element to third party vendors will build a sturdy foundation for a program that is equipped for the future
  • Update on FedRAMP with an Introduction with John Yeoh, Global VP of Research, CS Jul 15 2020 5:00 pm UTC 10 mins
    Zach Baldwin, Program Manager for Strategy, Innovation, and Technology, General Services Administration
    Mr. Baldwin will define and discuss several new initiatives that FedRAMP is working on in response to feedback for their users including: Open Security Controls Assessment Language (OSCAL), Threat-based Risk Profiling, and Agency Liaison Program. These initiatives are all interrelated and designed to simplify the FedRAMP process, grow the cloud security marketplace and provide guidance to CSPs.
  • Emerging Top Threats in Cloud Computing – What We Can Do About Them Jul 15 2020 6:00 am UTC 45 mins
    Moderator : Jim LIM, Panelists: Raju CHELLAM | Nigel LIM | Steve NG
    With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important. A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.
  • Cloud IAM is the New Perimeter, Learn How to Govern It or Lose Control Jul 14 2020 5:00 pm UTC 60 mins
    Tyler Smith, Sr Cloud Security Engineer, Allstate & Chris Hertz, VP of Sales - Cloud Solutions, DivvyCloud by Rapid7
    Strong IAM governance is the key to preventing data breaches and limiting the blast radius should a security incident occur. Join Tyler Smith, Senior Cloud Security Engineer at Allstate, along with Chris Hertz of DivvyCloud by Rapid7 for a discussion on why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how leading organizations like Allstate are governing cloud IAM to reduce risk and the chance of a data breach.

    Key takeaways include understanding how to:
    - Gain visibility to assess, prioritize and remediate improper permission combinations that grant unintended or overly permissive access.
    - Establish and maintain least privilege.
    - Limit cloud security blast radius.
  • Shift Left and Shift Down in the Cloud Jul 9 2020 4:00 pm UTC 60 mins
    Brian Price, cloudtamer.io|Nicholas Hughes, EITR Technologies|Joe Foster, NASA|Chris Pollard, cloudtamer.io
    How Automation, Templates, and Autonomy Deliver Security with Agility in the Cloud

    Organizations are moving more workloads to the cloud. At the same time, industry surveys indicate that security remains high on the list of reported cloud challenges. The goal remains the same: enable teams to use the cloud to drive agility and innovation while remaining secure and compliant in the process.

    The concept of shift left - moving security earlier in the development process - is a recognized tactic to improve your security posture. We'd add to that the concept of shift down. When you shift down your security efforts properly, you put in place the boundaries developers can work within without hampering productivity and innovation.

    In this webinar, you'll get proven tactics and real-world examples to help you ensure security in the cloud with minimal impact to agility:

    - Identifying and implementing automation opportunities to ensure security without labor-intensive efforts

    - Creating and rolling out a templatized approach to security that gives cloud teams autonomy and jumpstarts development

    - Using and integrating technology solutions to help speed access to and use of the cloud in a compliant manner
  • 2020 State of Federal Cloud Security: A Practitioner’s Perspective Jul 8 2020 5:00 pm UTC 31 mins
    Dr. Mari Spina (Principal Cyber Security Engineer, The MITRE Corporation)
    Understanding threats and shared responsibility that all Federal agencies have is key to building confidence in security. How has the government and Industry addressed these challenges and are they making progress? Dr. Spina will build on her assessment from the 2018 and 2019 Federal Summits and talk about success areas and challenges.
  • 2020 State of CASB - CSA Research Jul 8 2020 4:00 pm UTC 58 mins
    John Yeoh, VP of Research, CSA & Itir Clarke, Senior PMM, Proofpoint
    With the shift to work from home, cloud security is a bigger concern than ever. As the network perimeter is replaced by a user-defined security perimeter, enterprises need a people-focused approach to threat detection and data protection in the cloud. Organizations have adopted or plan to adopt Cloud Access Security Brokers (CASBs) to help them.

    Join Proofpoint and CSA experts as they discuss the findings of a newly conducted research among security professionals to determine the needs of enterprises from CASBs, and whether or not their expectations are being met.

    In this session, they will explore:

    - Where is CASB on the adoption curve?
    - How security professionals use CASB for visibility, compliance, data security, threat protection and access control
    - Effectiveness and next evolution of CASBs
  • A Practitioner’s Guide to Cloud Security and Compliance Processes Jul 7 2020 5:00 pm UTC 60 mins
    Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
    Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

    Join this session to learn more about:

    - Common vulnerabilities and threats that increase security and compliance risks
    - Balancing governance with the flexibility needed for developer productivity
    - Specific steps you can take to measure and improve security posture
    - Lessons learned from scaling these processes to support a growing cloud environment
  • Data Privacy and Security Threat Concerns in the Age of COVID-19 Recorded: Jul 2 2020 57 mins
    Etay Maor, Chief Security Officer, IntSights & Chris Strand, Chief Compliance Officer, IntSights
    Businesses are facing escalating security threats in the wake of the COVID-19 pandemic, which raises questions about the security of everyone’s private and personal data. Many companies are struggling with resource strains, operating in a remote environment, and disrupted supply chains. The pressure of compliance with data protection regulations only adds fuel to the fire.

    Join IntSights for a webinar on July 2nd as their data privacy experts will break down:

    • Key findings from IntSights' report on data security in the healthcare sector
    • Steps businesses can take to help accelerate their efforts to enhance data protection
    • How the application of cyber threat intelligence can enhance the visibility and understanding of organizational data security policies
  • Reducing Compliance Costs with DevSecOps Principles in the Hybrid Cloud Recorded: Jul 1 2020 22 mins
    Daniel Domkowski - Speakers Software Delivery Specialist Red Hat
    58% of organizations are now viewing security compliance requirements and costs as a barrier to entering new markets. Their only choice is to reinvent their approach to compliance. While the vast majority of enterprises are turning to the public cloud to simplify innovation, 93% are invested in more than one cloud. Considering security models and controls vary widely across public providers, and even more so between the cloud and on-premise environments, the most cost effective approach to compliance is one based on principles and behaviors that are cloud and environment agnostic. Enter DevSecOps in the Hybrid Cloud.
  • Accelerating Hybrid Cloud Migration with Continuous Security Analytics Recorded: Jun 30 2020 46 mins
    Chris Collard, Program Director - QRadar Cloud Security, IBM
    As organizations take advantage of various cloud services for innovation and growth challenges arise at every phase of the security strategy, migration, monitoring, and threat management cycle. How do you detect what services are being used, monitor configuration drift of containers and other resources? How do you ensure your organization is collecting the right data and performing deep packet inspection on flows to ensure attacks are quickly detected?

    Join this webinar to learn how to approach your multi cloud journey and obtain visibility into each part of this fragmented infrastructure as if it was your own.
  • Death of the Traditional Security Review Recorded: Jun 29 2020 27 mins
    John Finizio, Director of Partner Success, Whistic
    Recent crises have not just exposed the many inefficiencies inherent in traditional security reviews, it has exacerbated them. Enterprises and Vendors, or Buyers and Sellers, had only one choice: adapt. Sales cycles and security reviews were accelerated in a rush to procure cloud services to enable workforces that went 100 percent mobile overnight. There is no going back now. The modern-day security review is dead and the fundamental shift to Proactive Vendor Security is well underway, changing the way organizations approach procurement, vendor on-boarding, and security reviews. Other aspects of vendor risk management and procurement are changing drastically as well. Understand how you can stay ahead of the curve and enable your organization to take advantage of these changes.

    John has held numerous roles in the third-party space for over the last 15 years, including IT Audit, Risk, Product, and most recently, Partner Success. Conclusions and observations were gathered from past experiences and recent conversations with customers and partners, practitioners, end users, CIOs, and CISOs.
  • Key Security Controls & Practices for Moving to the Cloud: A CISO’s Perspective Recorded: Jun 25 2020 38 mins
    Mark O’Hare, CISO, Mimecast
    In Cloud We Trust

    While Mimecast is a significant cloud security services provider to more than 38K organizations, we also rely heavily on cloud-based IT and security services to run our own business. Like all global organizations this digital transformation of our organization, with nearly 2K employees, didn’t happen overnight, didn’t happen without a plan, or without some bumps in the road. In this session Mimecast’s CISO for the last 9 years, Mark O’Hare, will review and discuss Mimecast’s transition to the cloud, how it eased our rush to completely work from home in mid-March, and what challenges we came across and how we overcame them.
  • How to Automate and Accelerate the Design of Secure AWS Cloud Environments Recorded: Jun 24 2020 57 mins
    See description for details
    Panelists: Praveen Nallasamy, VP of Cybersecurity, BlackRock | Tom Holodnik, Software Architect, Intuit | Archie Agarwal, Founder and CEO, ThreatModeler | Yeukai Sachikonye, Consultant-Engagement Manager of Global Security and Infrastructure Practice, AWS | Reef D'Souza, Security Consultant, AWS

    Moderator: Ty Sbano, Chief Security & Trust Officer, Sisense

    Learn how to proactively secure your AWS cloud infrastructure, with guidance from AWS Security Epics, accelerating sprint and epic velocity. DevSecOps can discover how to prioritize security early in the cloud migration design phase, reducing overall cost and effort to fix security issues from weeks to just a few hours, maximizing efficiency and ROI. Understand how this approach reduces security efforts in infrastructure and application designs, increases efficiency in security control decision making and reduces overall risk.

    In this webinar, discover how to automatically:

    - Build a threat modeling process that drives security throughout the Cloud Development Life Cycle (CDLC).
    - Convert an architecture diagram into a threat model with a list of threats and relevant security recommendations for AWS services.
    - Identify latent security risks.
    - Generate AWS Security Epics backlog for IAC development, plus secure CloudFormation code templates.
    - Highlight threat model drift from the live environment based upon AWS services, AWS Config, AWS Security Hub and others.
    - Keep threat models synchronized with AWS environments using real-time updates.
  • Cloud Incident Response Need Not be Reactive Recorded: Jun 24 2020 41 mins
    Alex Siow, Chairman CSA Singapore Chapter
    In today’s connected era, a comprehensive incident response is an integral aspect of any organization aiming to manage and lower their risk profile. A good incident response needs to be useful not only when dealing with incidents caused by malicious threat actors, but should also be applicable in a variety of other situations such as downtime caused by an unexpected power outage or cut internet fiberfra due to roadworks. There are, however, different considerations when it comes to incident response for cloud-based infrastructure and systems, due in part to the nature of its shared responsibility.

    Additionally, with a number of incident response standards, frameworks and guidelines available, it could be confusing for cloud providers and users to make sense of them for their cloud incident response (CIR) procedure. CSA’s CIR Framework will serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, along with serving as a transparent and common framework for CSPs to share cloud incident response practices with their customers.

    This talk will cover key contributions of the CIR Framework to the cloud community, and also make available a Quick Guide that distils the main objectives and overview of the CIR Framework.
  • A Path to Better Securing Container Orchestration Environments Recorded: Jun 23 2020 59 mins
    Trent Bennett, Security Engineer, Adobe
    Many companies, including Adobe, are investing in container platforms and orchestration environments as their next step in the evolution of cloud application development infrastructure. However, as is true with almost all nascent technologies, there are inherent risks. While Kubernetes has proven itself to be a solid application development platform, it does not come with very many guardrails. Thus, we must build tooling and standards for developers around the platform to put in those guardrails.

    Join Trent Bennett, security engineer at Adobe, as he discusses how Adobe has approached monitoring enforcement of controls defined for our container platform– a platform that now serves as the basis for several “next generation” applications including Adobe Experience Manager as a Cloud Service. He will talk about the key issues of focus within our environment and some of the tooling and standards we developed to help enforce those controls for our own developers
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Augmenting Native Cloud Security Services to Achieve Enterprise-grade Security
  • Live at: Jun 16 2020 5:00 pm
  • Presented by: Thomas Martin, Founder, NephōSec & Chris Hertz, VP Cloud Security Sales, Rapid7
  • From:
Your email has been sent.
or close