Hi [[ session.user.profile.firstName ]]

A Practitioner’s Guide to Cloud Security and Compliance Processes

Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

Join this session to learn more about:

- Common vulnerabilities and threats that increase security and compliance risks
- Balancing governance with the flexibility needed for developer productivity
- Specific steps you can take to measure and improve security posture
- Lessons learned from scaling these processes to support a growing cloud environment
Recorded Jul 7 2020 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
Presentation preview: A Practitioner’s Guide to Cloud Security and Compliance Processes
  • Channel
  • Channel profile
  • Tackling Security in the World of Containers and Hybrid Cloud Aug 4 2020 5:00 pm UTC 60 mins
    Lucy Kerner, Global Senior Principal Security Technical Evangelist, Red Hat
    Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity?

    Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored across the entire application lifecycle, infrastructure lifecycle, and supply chain.

    In this keynote, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud.
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Jul 29 2020 6:00 am UTC 45 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
  • Visibility & Security Challenges Across Multicloud, Hybrid, & Remote Deployments Jul 23 2020 4:00 pm UTC 60 mins
    Fernando Montenegro, Principal Analyst, 451 Research & Dan Frey, Sr. Product Marketing Manager, ExtraHop
    Migration to the cloud continues, now with even greater urgency as organizations around the world transition to remote workforces and shift operations off-premises. But cloud environments can expand the attack surface and erase visibility into critical infrastructure and applications, introducing complexity—especially in the case of multi-cloud and hybrid cloud.

    So where are organizations migrating workloads to, and how are they doing it? Are they lifting and shifting legacy applications to IaaS and PaaS, repackaging them using containers, or refactoring for serverless? And what’s happening after migration? Do IT and security operations think they have sufficient monitoring and security for applications running in the cloud, and if not, what are they doing to regain control? And what about hybrid organizations? Do new cloud deployments expose their on-premises infrastructure to new threats, and are their legacy security tools able to detect and respond to novel and fast moving attacks?

    Join us for this webinar to learn how cloud deployments are affecting security and operations teams, and how they are responding to the myriad challenges associated with enabling and securing growing businesses and remote workforces.
  • CSA STAR Town Hall – Everything you’ve wanted to know Jul 22 2020 5:00 pm UTC 60 mins
    John Yeoh of CSA, JR of CSA, John DiMaria of CSA, and Brianna Hogan of Booz Allen Hamilton
    CSA STAR is being recognized as the international harmonized solution, leading the way of trust for cloud providers, users, and their stakeholders, by providing an integrated cost-effective solution that decreases complexity and increases trust and transparency.

    The STAR Registry holds close to 1000 top Cloud Service Providers that apply to STAR Level 1 and or 2 Self-assessment or certification. Close to 20,000 people each month visit the STAR Registry to view vendor analysis.

    Join CSA’s John Yeoh, Global Vice President of Research; Luciano (J.R.) Santos, Chief Customer Officer; and John DiMaria, Assurance Investigatory Fellow; as they team up with one of the top cloud security consultants from Booz Allen Hamilton to answer your questions in this special CSA Town Hall.
  • Zero Trust: A Five Step Program Jul 21 2020 5:00 pm UTC 60 mins
    Leya Leydiker and Ganesh Umapathy, Product Managers at Duo
    If you’re eager to learn how you can elevate your Access Management journey, especially with the swift, mass pivot to remote work, don’t miss this webinar. The workforce to protect continues to expand, and everyone needs remote access, bringing more third-party devices and BYOD into the network environment.

    In this session, security and technology experts Leya Leydiker and Ganesh Umapathy, Product Managers at Duo, will share a simple framework for Zero Trust that can help guide your journey. Suitable for organizations of all sizes.
  • Building a Successful Third Party Risk Management Program for a Modern World Jul 16 2020 5:00 pm UTC 60 mins
    Chad A. Peterson - Director, Security Operations at Optiv Security &Matthew Barth, Senior Sales Engineer at SecurityScorecard
    The challenges that organizations are facing today are increasingly more complex than the past. A global health crisis, an unstable economy and changing dynamics of business risks and opportunities make decision making difficult. These reasons, coupled with ever evolving changes to compliance rules and regulations makes driving a successful Third Party Risk Management Program challenging.

    Throughout this webinar, our speakers - Optiv’s Director of Security Operations, Chad Peterson, along with SecurityScorecard’s Lead Systems Engineer, Matt Barth - will discuss:
    - Strategies on how to accurately and efficiently assess your high priority vendors.
    - Best practices on how to create a Third Party Risk Management Program that is efficient but can scale effortlessly using automation and technology.
    - Why going beyond the questionnaires and risk scores by providing the human element to third party vendors will build a sturdy foundation for a program that is equipped for the future
  • Update on FedRAMP with an Introduction with John Yeoh, Global VP of Research, CS Jul 15 2020 5:00 pm UTC 10 mins
    Zach Baldwin, Program Manager for Strategy, Innovation, and Technology, General Services Administration
    Mr. Baldwin will define and discuss several new initiatives that FedRAMP is working on in response to feedback for their users including: Open Security Controls Assessment Language (OSCAL), Threat-based Risk Profiling, and Agency Liaison Program. These initiatives are all interrelated and designed to simplify the FedRAMP process, grow the cloud security marketplace and provide guidance to CSPs.
  • Emerging Top Threats in Cloud Computing – What We Can Do About Them Jul 15 2020 6:00 am UTC 45 mins
    Moderator : Jim LIM, Panelists: Raju CHELLAM | Nigel LIM | Steve NG
    With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important. A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.
  • Cloud IAM is the New Perimeter, Learn How to Govern It or Lose Control Jul 14 2020 5:00 pm UTC 60 mins
    Tyler Smith, Sr Cloud Security Engineer, Allstate & Chris Hertz, VP of Sales - Cloud Solutions, DivvyCloud by Rapid7
    Strong IAM governance is the key to preventing data breaches and limiting the blast radius should a security incident occur. Join Tyler Smith, Senior Cloud Security Engineer at Allstate, along with Chris Hertz of DivvyCloud by Rapid7 for a discussion on why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how leading organizations like Allstate are governing cloud IAM to reduce risk and the chance of a data breach.

    Key takeaways include understanding how to:
    - Gain visibility to assess, prioritize and remediate improper permission combinations that grant unintended or overly permissive access.
    - Establish and maintain least privilege.
    - Limit cloud security blast radius.
  • Shift Left and Shift Down in the Cloud Recorded: Jul 9 2020 60 mins
    Brian Price, cloudtamer.io|Nicholas Hughes, EITR Technologies|Joe Foster, NASA|Chris Pollard, cloudtamer.io
    How Automation, Templates, and Autonomy Deliver Security with Agility in the Cloud

    Organizations are moving more workloads to the cloud. At the same time, industry surveys indicate that security remains high on the list of reported cloud challenges. The goal remains the same: enable teams to use the cloud to drive agility and innovation while remaining secure and compliant in the process.

    The concept of shift left - moving security earlier in the development process - is a recognized tactic to improve your security posture. We'd add to that the concept of shift down. When you shift down your security efforts properly, you put in place the boundaries developers can work within without hampering productivity and innovation.

    In this webinar, you'll get proven tactics and real-world examples to help you ensure security in the cloud with minimal impact to agility:

    - Identifying and implementing automation opportunities to ensure security without labor-intensive efforts

    - Creating and rolling out a templatized approach to security that gives cloud teams autonomy and jumpstarts development

    - Using and integrating technology solutions to help speed access to and use of the cloud in a compliant manner
  • 2020 State of Federal Cloud Security: A Practitioner’s Perspective Recorded: Jul 8 2020 31 mins
    Dr. Mari Spina (Principal Cyber Security Engineer, The MITRE Corporation)
    Understanding threats and shared responsibility that all Federal agencies have is key to building confidence in security. How has the government and Industry addressed these challenges and are they making progress? Dr. Spina will build on her assessment from the 2018 and 2019 Federal Summits and talk about success areas and challenges.
  • 2020 State of CASB - CSA Research Recorded: Jul 8 2020 58 mins
    John Yeoh, VP of Research, CSA & Itir Clarke, Senior PMM, Proofpoint
    With the shift to work from home, cloud security is a bigger concern than ever. As the network perimeter is replaced by a user-defined security perimeter, enterprises need a people-focused approach to threat detection and data protection in the cloud. Organizations have adopted or plan to adopt Cloud Access Security Brokers (CASBs) to help them.

    Join Proofpoint and CSA experts as they discuss the findings of a newly conducted research among security professionals to determine the needs of enterprises from CASBs, and whether or not their expectations are being met.

    In this session, they will explore:

    - Where is CASB on the adoption curve?
    - How security professionals use CASB for visibility, compliance, data security, threat protection and access control
    - Effectiveness and next evolution of CASBs
  • A Practitioner’s Guide to Cloud Security and Compliance Processes Recorded: Jul 7 2020 62 mins
    Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
    Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

    Join this session to learn more about:

    - Common vulnerabilities and threats that increase security and compliance risks
    - Balancing governance with the flexibility needed for developer productivity
    - Specific steps you can take to measure and improve security posture
    - Lessons learned from scaling these processes to support a growing cloud environment
  • Data Privacy and Security Threat Concerns in the Age of COVID-19 Recorded: Jul 2 2020 57 mins
    Etay Maor, Chief Security Officer, IntSights & Chris Strand, Chief Compliance Officer, IntSights
    Businesses are facing escalating security threats in the wake of the COVID-19 pandemic, which raises questions about the security of everyone’s private and personal data. Many companies are struggling with resource strains, operating in a remote environment, and disrupted supply chains. The pressure of compliance with data protection regulations only adds fuel to the fire.

    Join IntSights for a webinar on July 2nd as their data privacy experts will break down:

    • Key findings from IntSights' report on data security in the healthcare sector
    • Steps businesses can take to help accelerate their efforts to enhance data protection
    • How the application of cyber threat intelligence can enhance the visibility and understanding of organizational data security policies
  • Reducing Compliance Costs with DevSecOps Principles in the Hybrid Cloud Recorded: Jul 1 2020 22 mins
    Daniel Domkowski - Speakers Software Delivery Specialist Red Hat
    58% of organizations are now viewing security compliance requirements and costs as a barrier to entering new markets. Their only choice is to reinvent their approach to compliance. While the vast majority of enterprises are turning to the public cloud to simplify innovation, 93% are invested in more than one cloud. Considering security models and controls vary widely across public providers, and even more so between the cloud and on-premise environments, the most cost effective approach to compliance is one based on principles and behaviors that are cloud and environment agnostic. Enter DevSecOps in the Hybrid Cloud.
  • Accelerating Hybrid Cloud Migration with Continuous Security Analytics Recorded: Jun 30 2020 46 mins
    Chris Collard, Program Director - QRadar Cloud Security, IBM
    As organizations take advantage of various cloud services for innovation and growth challenges arise at every phase of the security strategy, migration, monitoring, and threat management cycle. How do you detect what services are being used, monitor configuration drift of containers and other resources? How do you ensure your organization is collecting the right data and performing deep packet inspection on flows to ensure attacks are quickly detected?

    Join this webinar to learn how to approach your multi cloud journey and obtain visibility into each part of this fragmented infrastructure as if it was your own.
  • Death of the Traditional Security Review Recorded: Jun 29 2020 27 mins
    John Finizio, Director of Partner Success, Whistic
    Recent crises have not just exposed the many inefficiencies inherent in traditional security reviews, it has exacerbated them. Enterprises and Vendors, or Buyers and Sellers, had only one choice: adapt. Sales cycles and security reviews were accelerated in a rush to procure cloud services to enable workforces that went 100 percent mobile overnight. There is no going back now. The modern-day security review is dead and the fundamental shift to Proactive Vendor Security is well underway, changing the way organizations approach procurement, vendor on-boarding, and security reviews. Other aspects of vendor risk management and procurement are changing drastically as well. Understand how you can stay ahead of the curve and enable your organization to take advantage of these changes.

    John has held numerous roles in the third-party space for over the last 15 years, including IT Audit, Risk, Product, and most recently, Partner Success. Conclusions and observations were gathered from past experiences and recent conversations with customers and partners, practitioners, end users, CIOs, and CISOs.
  • The Resurgence of Cloud Recorded: Jun 25 2020 23 mins
    David Cass, Vice President Cyber & IT Risk, Federal Reserve Bank of New York
    TBDCloud has seen the typical technology pendulum swing experienced by most innovative technologies.
    Organizations started with the all in cloud first model only to have to later step back and take a more
    moderate approach. Yet cloud continues to thrive. I will discuss:
     Why do organizations struggle with cloud?
     The importance of strategy
     The impact on security, risk and compliance programs
     The impact on business process and operations
  • Key Security Controls & Practices for Moving to the Cloud: A CISO’s Perspective Recorded: Jun 25 2020 38 mins
    Mark O’Hare, CISO, Mimecast
    In Cloud We Trust

    While Mimecast is a significant cloud security services provider to more than 38K organizations, we also rely heavily on cloud-based IT and security services to run our own business. Like all global organizations this digital transformation of our organization, with nearly 2K employees, didn’t happen overnight, didn’t happen without a plan, or without some bumps in the road. In this session Mimecast’s CISO for the last 9 years, Mark O’Hare, will review and discuss Mimecast’s transition to the cloud, how it eased our rush to completely work from home in mid-March, and what challenges we came across and how we overcame them.
  • How to Automate and Accelerate the Design of Secure AWS Cloud Environments Recorded: Jun 24 2020 57 mins
    See description for details
    Panelists: Praveen Nallasamy, VP of Cybersecurity, BlackRock | Tom Holodnik, Software Architect, Intuit | Archie Agarwal, Founder and CEO, ThreatModeler | Yeukai Sachikonye, Consultant-Engagement Manager of Global Security and Infrastructure Practice, AWS | Reef D'Souza, Security Consultant, AWS

    Moderator: Ty Sbano, Chief Security & Trust Officer, Sisense

    Learn how to proactively secure your AWS cloud infrastructure, with guidance from AWS Security Epics, accelerating sprint and epic velocity. DevSecOps can discover how to prioritize security early in the cloud migration design phase, reducing overall cost and effort to fix security issues from weeks to just a few hours, maximizing efficiency and ROI. Understand how this approach reduces security efforts in infrastructure and application designs, increases efficiency in security control decision making and reduces overall risk.

    In this webinar, discover how to automatically:

    - Build a threat modeling process that drives security throughout the Cloud Development Life Cycle (CDLC).
    - Convert an architecture diagram into a threat model with a list of threats and relevant security recommendations for AWS services.
    - Identify latent security risks.
    - Generate AWS Security Epics backlog for IAC development, plus secure CloudFormation code templates.
    - Highlight threat model drift from the live environment based upon AWS services, AWS Config, AWS Security Hub and others.
    - Keep threat models synchronized with AWS environments using real-time updates.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: A Practitioner’s Guide to Cloud Security and Compliance Processes
  • Live at: Jul 7 2020 5:00 pm
  • Presented by: Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
  • From:
Your email has been sent.
or close