Building a Successful Third Party Risk Management Program for a Modern World

Understanding threats and shared responsibility that all Federal agencies have is key to building confidence in security. How has the government and Industry addressed these challenges and are they making progress? Dr. Spina will build on her assessment from the 2018 and 2019 Federal Summits and talk about success areas and challenges.

With the shift to work from home, cloud security is a bigger concern than ever. As the network perimeter is replaced by a user-defined security perimeter, enterprises need a people-focused approach to threat detection and data protection in the cloud. Organizations have adopted or plan to adopt Cloud Access Security Brokers (CASBs) to help them.

Join Proofpoint and CSA experts as they discuss the findings of a newly conducted research among security professionals to determine the needs of enterprises from CASBs, and whether or not their expectations are being met.

In this session, they will explore:

- Where is CASB on the adoption curve?
- How security professionals use CASB for visibility, compliance, data security, threat protection and access control
- Effectiveness and next evolution of CASBs

Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

Join this session to learn more about:

- Common vulnerabilities and threats that increase security and compliance risks
- Balancing governance with the flexibility needed for developer productivity
- Specific steps you can take to measure and improve security posture
- Lessons learned from scaling these processes to support a growing cloud environment

Businesses are facing escalating security threats in the wake of the COVID-19 pandemic, which raises questions about the security of everyone’s private and personal data. Many companies are struggling with resource strains, operating in a remote environment, and disrupted supply chains. The pressure of compliance with data protection regulations only adds fuel to the fire.

Join IntSights for a webinar on July 2nd as their data privacy experts will break down:

• Key findings from IntSights' report on data security in the healthcare sector
• Steps businesses can take to help accelerate their efforts to enhance data protection
• How the application of cyber threat intelligence can enhance the visibility and understanding of organizational data security policies

58% of organizations are now viewing security compliance requirements and costs as a barrier to entering new markets. Their only choice is to reinvent their approach to compliance. While the vast majority of enterprises are turning to the public cloud to simplify innovation, 93% are invested in more than one cloud. Considering security models and controls vary widely across public providers, and even more so between the cloud and on-premise environments, the most cost effective approach to compliance is one based on principles and behaviors that are cloud and environment agnostic. Enter DevSecOps in the Hybrid Cloud.

As organizations take advantage of various cloud services for innovation and growth challenges arise at every phase of the security strategy, migration, monitoring, and threat management cycle. How do you detect what services are being used, monitor configuration drift of containers and other resources? How do you ensure your organization is collecting the right data and performing deep packet inspection on flows to ensure attacks are quickly detected?

Join this webinar to learn how to approach your multi cloud journey and obtain visibility into each part of this fragmented infrastructure as if it was your own.

Recent crises have not just exposed the many inefficiencies inherent in traditional security reviews, it has exacerbated them. Enterprises and Vendors, or Buyers and Sellers, had only one choice: adapt. Sales cycles and security reviews were accelerated in a rush to procure cloud services to enable workforces that went 100 percent mobile overnight. There is no going back now. The modern-day security review is dead and the fundamental shift to Proactive Vendor Security is well underway, changing the way organizations approach procurement, vendor on-boarding, and security reviews. Other aspects of vendor risk management and procurement are changing drastically as well. Understand how you can stay ahead of the curve and enable your organization to take advantage of these changes.

John has held numerous roles in the third-party space for over the last 15 years, including IT Audit, Risk, Product, and most recently, Partner Success. Conclusions and observations were gathered from past experiences and recent conversations with customers and partners, practitioners, end users, CIOs, and CISOs.

TBDCloud has seen the typical technology pendulum swing experienced by most innovative technologies.
Organizations started with the all in cloud first model only to have to later step back and take a more
moderate approach. Yet cloud continues to thrive. I will discuss:
 Why do organizations struggle with cloud?
 The importance of strategy
 The impact on security, risk and compliance programs
 The impact on business process and operations

In Cloud We Trust

While Mimecast is a significant cloud security services provider to more than 38K organizations, we also rely heavily on cloud-based IT and security services to run our own business. Like all global organizations this digital transformation of our organization, with nearly 2K employees, didn’t happen overnight, didn’t happen without a plan, or without some bumps in the road. In this session Mimecast’s CISO for the last 9 years, Mark O’Hare, will review and discuss Mimecast’s transition to the cloud, how it eased our rush to completely work from home in mid-March, and what challenges we came across and how we overcame them.

Panelists: Praveen Nallasamy, VP of Cybersecurity, BlackRock | Tom Holodnik, Software Architect, Intuit | Archie Agarwal, Founder and CEO, ThreatModeler | Yeukai Sachikonye, Consultant-Engagement Manager of Global Security and Infrastructure Practice, AWS | Reef D'Souza, Security Consultant, AWS

Moderator: Ty Sbano, Chief Security & Trust Officer, Sisense

Learn how to proactively secure your AWS cloud infrastructure, with guidance from AWS Security Epics, accelerating sprint and epic velocity. DevSecOps can discover how to prioritize security early in the cloud migration design phase, reducing overall cost and effort to fix security issues from weeks to just a few hours, maximizing efficiency and ROI. Understand how this approach reduces security efforts in infrastructure and application designs, increases efficiency in security control decision making and reduces overall risk.

In this webinar, discover how to automatically:

- Build a threat modeling process that drives security throughout the Cloud Development Life Cycle (CDLC).
- Convert an architecture diagram into a threat model with a list of threats and relevant security recommendations for AWS services.
- Identify latent security risks.
- Generate AWS Security Epics backlog for IAC development, plus secure CloudFormation code templates.
- Highlight threat model drift from the live environment based upon AWS services, AWS Config, AWS Security Hub and others.
- Keep threat models synchronized with AWS environments using real-time updates.