Hi [[ session.user.profile.firstName ]]

A Practitioner’s Guide to Cloud Security and Compliance Processes

Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

Join this session to learn more about:

- Common vulnerabilities and threats that increase security and compliance risks
- Balancing governance with the flexibility needed for developer productivity
- Specific steps you can take to measure and improve security posture
- Lessons learned from scaling these processes to support a growing cloud environment
Recorded Jul 7 2020 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
Presentation preview: A Practitioner’s Guide to Cloud Security and Compliance Processes
  • Channel
  • Channel profile
  • How Can We Grow the Pool of Cloud Security Professionals May 27 2021 9:00 am UTC 45 mins
    Dr. Hing-Yan LEE, LE Ngoc Son, Ferdinand FONG
    Panel Discussion

    Given that many countries have been suffering from a dire shortage of IT professionals for many years and the demand for IT professionals has continued unabated. The panel hopes to address the challenge of having enough cybersecurity professionals and discuss what employers can do to build necessary working experience for the individuals.
  • Securing the Cloud via CCSK May 27 2021 8:15 am UTC 30 mins
    Ekta MISHRA & Philip Cao HUNG
    As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security.

    ​"A Call to Action with CSA Vietnam Chapter” [in Vietnamese language]
    Philip Cao HUNG (Advisor, CSA Vietnam Chapter)
  • Best Practices in Implementing Secure Microservices Architecture May 27 2021 7:30 am UTC 30 mins
    Madhav CHABANI, Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting
    Application containers and a microservices architecture are being used to design, develop, and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This presentation based on CSA research artifact 'Best Practices in Implementing Secure Microservices Architecture' will help to identify best practices in securing microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator, and Architect.
  • Piece of Mind with Cloud Native Security Guidance May 27 2021 6:45 am UTC 30 mins
    Suresh AGARWAL, Honorary Secretary, CSA Singapore Chapter & MD, Agarwal Pte Ltd
    A new Guidance for Cloud Native Security was approved by the Singapore Information Technology Standards Committee in 2020. This speaker will provide an analysis on the strengths and weaknesses of the said technical reference. He will make a comparison with NIST and other papers on the same topic.
  • Reflective Security & DevSecOps May 27 2021 6:00 am UTC 30 mins
    Ronald TSE, CEO, Ribose & Co-Chair, CSA DevSecOps Working Group
    The CSA DevSecOps working group has published a number of papers including Reflexive Security, DevSecOps, and associated best practices. This talk briefly describes these topics, with an explanation of the principles and benefits of the novel management framework around DevSecOps, presented with examples of best practices that fit into this framework. We also provide a roadmap of current research of the working group.
  • SDP & ‘Black-Cloud’ Protection May 27 2021 4:15 am UTC 30 mins
    Juanita Koipillai, Founder & CEO, Waverley Labs
    Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.
  • Introduction, Welcome Remarks & Opening Keynote May 27 2021 2:00 am UTC 30 mins
    Dr. Hing-Yan LEE, Son HO & Jim REAVIS
    ​Dr. Hing-Yan LEE (EVP APAC, CSA)

    Welcome Remarks (in English & Vietnamese)
    ​Son HO (Chairman, CSA Vietnam Chapter) ​
    Opening Address
    Jim REAVIS (CEO & Co-Founder, CSA)
  • Healthcare’s Cloud Migration: 7 Emerging Data Security Risks May 6 2021 4:00 pm UTC 60 mins
    Jon Moore, Chief Risk Officer and SVP Consulting Services, Clearwater
    Seeking flexibility, scalability, and cost-savings, an increasing number of healthcare organizations are
    moving systems and data to the Cloud. Fueled by increased adoption of telemedicine and wearable
    medical devices sparked by the pandemic and continuing investment and growth in Cloud-native health IT startups, the market for healthcare cloud computing is expected to grow from $28 billion in 2020 to nearly $65 billion over the next six years, according to a recent study by MarketDigits.

    While there are numerous benefits for healthcare organizations that adopt cloud models, introducing
    sensitive and protected data into the Cloud creates various new risks. As we’ve seen in some surveys, organizations are conflicted on whether cloud security makes it easier or more challenging to manage these risks. A recent Netwrix survey indicated that nearly 40% of respondents have had a cloud security incident in the past year, and nearly half of them could not diagnose the issue.

    During this webinar, Clearwater Chief Risk Officer and Head of Consulting Services Jon Moore will review recent examples of healthcare cloud security failures and discuss critical takeaways that organizations should note to avoid similar missteps.

    Attendees will learn:
    · Seven ways cloud security can go sideways resulting in a breach and HIPAA violation
    · Best practices to help your organization reduce risk and avoid a HIPAA violation in the Cloud
  • Best Practices for Accelerating Security Development in the Product Lifecycle Apr 29 2021 4:00 pm UTC 60 mins
    Ningjing Gao, Principal Technical Program Manager - Security Team, Adobe
    If you are part of a security organization and noticing the constant resource competing with product feature development, you may have wondered how to further accelerate security work assigned to product teams. How can security best integrate with feature development to reserve engineering resources for security projects? Our team has developed an approach to provide clearer visibility into the security work that needs to be done. It also enabled us to be better aligned with the existing product development process.

    In this webcast we Ningjing Gao, Principal Technical Program Manager for Security at Adobe, will talk about what we did to improve our processes and shared additional best practices that can help you make it more efficient and effective for product teams to build security into everything they do at your organization.
  • Applying Zero-Trust Security to Cloud Workload Protection Apr 27 2021 5:00 pm UTC 60 mins
    Willy Leichter, VP-Marketing and Product Strategy & Shauntinez Jakab, Sr Dir-Product Marketing and Analyst Relations, Virsec
    As attacks on software supply chains and critical applications not only continue but accelerate, we need to extend a next-generation zero-trust model into cloud workloads during runtime. To understand why runtime remains a choice target for threat actors, look no further than the recent SolarWinds and Microsoft Exchange server attacks. Both exploits executed undetected and undeterred in runtime, easily evading existing security measures such as threat hunting and EDR/EPP tools.

    Zero trust is a powerful concept, but many think it only applies to users, devices, and networks. Implementing a next-generation Zero-Trust model, one that incorporates application-aware workload protection, can ensure that only the right code and processes can execute, regardless of the threat environment.

    In their Market Guide for Cloud Workload Protection Platforms, Gartner specifically recommends extending zero trust security, stating: “At runtime, replace antivirus-centric strategies with “zero-trust execution.”
    Join security experts from Virsec as they discuss the challenges of protecting an expanding attack surface area with cloud, hybrid, and container environments and detail the need for application-awareness and effective runtime protection. Get best practices for security implementations for workloads that ensure vulnerability protection with granular application control, system integrity assurance, and advanced memory protection at runtime.
  • Why the Cloud Needs Network Detection and Response Apr 20 2021 5:00 pm UTC 60 mins
    Anton Chuvakin of Google Cloud & Edward Smith and Vijit Nair of Corelight
    If cloud environments are locked down by default and everything is already being logged, is cloud network traffic analysis really helpful? It turns out that even in the cloud, network telemetry data can ensure investigations are fast and hunts are conclusive. As we’ve learned from breaches like Sunburst, network telemetry provides essential evidence for catching threats other tools miss.

    Join experts from Google Cloud Security and Corelight to learn how collection and analysis of cloud network traffic leads to better threat detection and response. We will discuss:
    - Common misconceptions about network telemetry
    - Cloud traffic monitoring use cases
    - Solutions to implementation challenges
  • Zero Trust: From Theory to Reality Recorded: Apr 15 2021 34 mins
    Sushila Nair, NTT data
    EMEA Summit 2021 - NTT Data presentation
  • How to Secure Clouds Without Borders – Hear from a CSO Recorded: Apr 15 2021 29 mins
    Greg Day, Palo Alto Networks
    In this fireside chat, we hear from Greg Day, chief security officer for EMEA, who takes us through newcomers into public cloud as well as real-world transitions to put security into existing deployments. Talking across contracts and data sovereignty/analysis through to process consideration and consequences, Greg perfectly frames these, not as scaremongering, but instead with a pragmatic approach to security. Attendees will learn that whilst securing your cloud native workloads can be daunting, there are standard ways of putting your organisation in the right place. Lastly we get a glimpse into the future of securing workloads and how to be ready for that.
  • Building an Open Cloud Platform Recorded: Apr 15 2021 32 mins
    Giuseppe Brizio, Qualys
    Enterprise IT environments are getting exponentially more complex with the booming adoption of cloud computing. To attain seamless security and compliance, the key is to shift to open cloud platforms that interoperate with each other.
    This new model allows organizations to build security natively into their IT infrastructure, and to take a risk-based approach supported by an always updated global IT asset inventory. It’s the only way to have the scale, speed, accuracy, visibility and context needed to protect today’s hybrid and dynamic IT infrastructures.
    As IT teams embrace cloud services, mobility, containers, DevOps and other innovations, the job of security teams gets harder, especially if they have a heterogeneous stack of tools that are difficult and costly to deploy, integrate and manage. With such a siloed and fragmented toolset, visibility into the IT environment narrows, tasks can’t be automated, false positives abound, and security teams struggle to detect and respond quickly to threats.
    With an open cloud platform, organizations can replace their stack of legacy point solutions with a set of natively integrated, cloud-based security and compliance applications and services. The open platform has also offer a true risk-based approach to security, continuously balancing technology risks with business context.
  • State of Cloud 2021: A CSA Survey Report Recorded: Apr 13 2021 46 mins
    Yitzy Tannenbaum, Product Marketing Manager, AlgoSec
    In the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA developed and distributed a survey to better understand the current cloud security concerns, challenges, and incidents. In this webinar, Yitzy Tannenbaum, Product Marketing Manager from Algosec will cover the results including...
    - current cloud adoption
    - complexity of the modern-day network
    - who's responsible for cloud security
    - misconfigurations and outages
  • Cloud Control Matrix V4: Updated Security Guidance for the Cloud Recorded: Apr 6 2021 66 mins
    Daniele Catteddu, Sean Cordero, Shawn Harris, Sean Estrada
    Since its debut in 2013, the Cloud Control Matrix (CCM) v3.0.1 has become the most comprehensive and globally adopted security framework for assessing security risk of cloud providers. With the emergence of new technologies and the evolution of the cloud certification landscape, CCM needs to reflect this continuous change. Through the commitment and collective knowledge of 18 teams led by highly experienced cloud security experts, CCM v4 is now available with significant updates to the previous version. This session will provide a presentation and overview of: - CCMv4 domains and new control requirements, - A draft version of the new CCMv4 “implementation guidance”, - The new Shared Security Responsibility Model (SSRM) controls for helping CSPs and CSCs delineating CCM controls implementation responsibilities, - The enhanced Consensus Assessment Initiative Questionnaire (CAIQ) v4.0 following the upgrade to CCMv4.0, - Mapping exercises of CCMv4.0 to other well-known standards, as performed by the CCM WG, - The latest activities for the development of CCMv4.0-Lite.

    *Introduction music by: Bensounds.com
  • Security Meets Privacy on the Cloud - A Better Understanding Recorded: Mar 31 2021 44 mins
    Tze Meng TAN, Madhav CHABLANI, Riwzi WUN, Sarbojit M BOSE
    Panel Discussion

    Security and privacy are twins when it comes to providing tools to secure the users' data. However, they are un-identical twins; they are different. Security relates to the protection of data from threats, such as hackers, while privacy encompasses how personal data is collected, managed, stored and shared. Enterprises today are realizing the importance of both, since business impact will be immense if these issues are ignored.

    MODERATOR : Tze Meng TAN (Head of Data Cloud Department, Digital Infrastructure and Services Division, MDEC)
    - Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
    - Riwzi WUN (Partner, RHTLaw Asia)
    - Sarbojit M BOSE (Education Director, CSA Singapore Chapter & CCSK Instructor)
  • How privacy & security professionals can cooperate to achieve compliance Recorded: Mar 31 2021 26 mins
    Francoise GILBERT (Global Privacy Strategist, CEO of DataMinding, Inc.)
    How privacy & security professionals can cooperate to achieve better compliance with laws & standards, reduce risks & costs to their organization

    The pandemic has caused drastic changes in the way in which most entities operate. In this new ecosystem, cloud services have become the primary source of computing and processing capabilities. Increased use of cloud services requires increased workforce to manage and operate these systems, and ensure that compliance requirements are met and best practices maintained. Cloud services encompass numerous privacy and security issues. At a time when privacy and security professionals are scarce, organization may help increase efficiency and do more with less if they can encourage privacy and security professionals to cooperate in their tasks.
    In this session we will discuss some of the new privacy and security issues that cloud users and providers may be facing, and how cooperation between privacy and security professionals might help increase efficiency.
  • An In-depth Look at the Obligations Arising from Data Breaches Recorded: Mar 31 2021 18 mins
    Rizwi WUN (Partner, RHTLaw Asia)
    The presentation will look at obligations and desired responses arising from data breaches.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: A Practitioner’s Guide to Cloud Security and Compliance Processes
  • Live at: Jul 7 2020 5:00 pm
  • Presented by: Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
  • From:
Your email has been sent.
or close