Name: Security Automation Simplified with Open Security Controls Assessment Language
Start: 2020-08-19T17:00:00Z
End: 2020-08-19T17:00:41.000Z
Location: BrightTALK
Rating: 3.8

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Discover how the Cloud Security Alliance and Northeastern University are shaping the future of safe AI. In this exclusive webinar, we unveil the Trusted AI Safety Knowledge certification program—an industry-first initiative designed to equip professionals with the principles, frameworks, and practical training to build and manage AI systems safely, securely, and responsibly.

You'll get a first look at the core components of the certification, including risk management strategies, regulatory alignment, and ethical frameworks essential to modern AI deployment. Learn how this collaboration brings together world-class academic rigor and industry-driven insights to address the urgent need for trusted AI expertise across business, compliance, and technical domains.

AI Safety Primer: Inside the Trusted AI Certification by CSA and Northeastern University

Navigate the complexities of securing your hybrid cloud. "Securing the Hybrid Cloud: Key Strategies for Network Security" tackles the critical challenges of achieving comprehensive application visibility, ensuring consistent rule alignment, and proactively managing evolving threats. Discover actionable strategies to fortify your network, optimize security posture, and gain unparalleled insight into your hybrid environment. Don't let the cloud's dynamic nature compromise your security—empower your team with the knowledge to protect your critical assets.

Securing the Hybrid Cloud: Key Strategies for Network Security

Geared towards security and IAM teams, this webinar will share insights into understanding and implementing a non-human identity solution effectively through key use cases, essential solution features and evaluation criteria that will help integrate NHI security into your broader identity strategy and strengthen your security posture.

How to Evaluate a Non-Human Identity (NHI) Security Solution

Salesforce Agentforce will revolutionize how sales, marketing, and customer service agents interact with customers and access internal documentation within the CRM tool.

However, without a proper roll out plan and understanding of how Agentforce works, your organization could face unexpected risks when it comes to security.

Join Varonis and Salesforce for an insightful discussion on mastering Agentforce, including a deep dive into how the tool works, how to plan for deployment, and other best practices that Salesforce users of all levels can adopt.

Unlocking Agentforce: Best Practices for Deploying Salesforce's AI Tools

Organizations are navigating a rapidly evolving threat landscape, with hybrid and multi-cloud environments introducing fragmented visibility and complex data exposure risks. To better understand how enterprises are managing this challenge, Thales commissioned the Cloud Security Alliance (CSA) to investigate how organizations view risk to improve their data security posture. The study explores how organizations identify and prioritize data risks, the classification methods and monitoring tools they rely on, and the limitations they face in achieving a unified, real-time view of their data security posture. It also highlights how risk-based security solutions can improve response effectiveness, reduce downtime, and support compliance by delivering continuous visibility and actionable intelligence across diverse environments. 

Join Hillary Baron, AVP of Research at the Cloud Security Alliance (CSA), as she reveals the results of the Understanding Data Security Risk survey. Also participating is Krishna Ksheerabdhi, Vice President of Product Marketing for Cybersecurity & Digital Identity (CDI) at Thales Group. They will discuss how organizations are unifying fragmented tools into cohesive platforms while adopting proactive, risk-driven approaches to enhance resilience, protect critical data, and streamline compliance.

Data Security Risk Insights for Improving Data Security Posture

Business continuity is top of mind in 2025. With AI-fueled cyberattacks at an all-time high, geopolitical instability in the news, and an ever-growing number of regulations to deal with, organizations are looking for solid foundations on which to build their operations.

In this webinar we will peel back the layers of operational resilience and explore practical ways in to help organizations:
• Remain compliant to regulations covering business continuity
• Protect their brand and reputation in an always-on world
• Look in detail at how to keep its mission critical services online
• Adopt fully managed business continuity cloud solutions

You should expect to come away from this webinar confident in your ability to stay compliant and operational, even during the most trying of circumstances.

Managed Business Continuity Cloud Solutions

Ever wonder what security leaders across industries are focusing on in the GRC space? What are their top priorities, and how should they shape yours?

Join Vanta’s GRC Subject Matter Expert, Faisal Khan, and Daniele Catteddu, CSA's Chief Technology Officer, for a deep dive on building and scaling GRC programs. They will share their take on the role of trust, AI, and automation in strengthening your foundation and preparing for what’s next.

What to expect:
Point of view on top of mind issues for GRC leaders
Role of trust management in scaling GRC 
Where to prioritize AI and automation in GRC

Scaling GRC with Trust, AI, and Automation

Dive into a full year of SOC data to identify trends in infrastructure targets, malware, schemes, and more to uncover strategies for improving your security resilience in the coming year. We’ll cover:
• Security data specific to the FinServ industry, including specific threats to be aware of and remediation tactics
• Comparisons of trends in FinServ versus cybersecurity customers as a whole
• Recommendations for keeping your FinServ organization secure

Analyzing Annual SOC Data to Inform Your 2025 FinServ Security Strategies

Join Eoghan Casey and Mark Wigham from Salesforce for an in-depth webinar on maintaining trusted and resilient data to deploy AI at scale. We will explore the essential steps to ensure that AI Agents have access to the data they need, don’t have access to data they shouldn’t, and perform optimally. 

Key topics include:
• Trusted Agentic AI: Understand how to implement robust data security measures to control and track what data Agents access, create, and modify.
• Data Reliability and Relevance: Learn how to maintain the accuracy and relevance of your data, ensuring it remains a valuable asset for your business.
• Data Security Measures: Discover best practices for tracking changes and encrypting sensitive data, including data created and changed by Agents.
• Robust Data Backup and Recovery: Understand the importance of reliable data backup and precision recovery processes in minimizing data loss and disruptions, ensuring business-critical data is easily recoverable and maintaining system integrity.
• Data Anonymization: Explore how data anonymization can enhance security and compliance, reducing the risk of data exposure in development, testing, and training environments.
• Automating Sandbox Seeding: Discover how automating sandbox seeding can speed up development cycles, improve developer productivity, and drive faster revenue growth and higher operating margins.

Walk away with actionable strategies to maintain resilient and trusted data to accelerate your AI projects with confidence.

How to Succeed at Agentic AI with Trusted & Resilient Data

With AI dominating security conversations, it’s easy to get lost in the hype. What’s real today, and what’s still just a promise for the future?

Join Jesse Booth, Sr. Director of Security Operations at GoTo, Rex Guo, CEO of Culminate, and John DiMaria, Chief of Staff of Cloud Security Alliance, for a 60-minute webcast where they’ll cut through the noise and share how GoTo is successfully leveraging AI in its SOC right now—delivering measurable security and operational improvements right now—delivering measurable security and operational improvements.

5 Real AI-Powered Use Cases in GoTo’s SOC—What’s Working Today

Join us for an exclusive fireside chat with Wiz, where industry experts will share insights, experiences, and perspectives on today’s most pressing topics. This informal yet informative session is designed to provide valuable takeaways in a conversational setting.

Top Cloud Threats within AI Security

As cloud adoption grows, managing identity access—especially for non-human identities (NHIs)—across multi-cloud environments is increasingly complex. Many organizations adopting Zero Trust focus on authentication but neglect what happens after login.

This webinar explores Zero Standing Privileges (ZSP), ensuring access is granted only when needed and revoked immediately after use. But Zero Trust is more than a technical challenge—it’s a cultural shift. By fostering a security-first mindset, organizations can integrate least privilege principles across all identities.

Key Takeaways:
• What Zero Standing Privileges (ZSP) is and its role in Zero Trust security
• Step-by-step roadmap to implementing ZSP in IAM
• Proven strategies to build a Zero Trust culture across your organization
• Expert solutions to common ZSP adoption challenges

Join us for practical insights and real-world strategies to strengthen identity access management and accelerate your Zero Trust journey.

Building a Zero Trust Culture with Zero Standing Privileges in IAM

Identity security has traditionally been viewed as a critical yet limiting layer of defense—a necessary barrier against evolving cyber threats. But what if identity management could become more than a defensive perimeter? In this session, we'll explore how forward-thinking enterprises are leveraging non-human identities, as a catalyst for innovation, agility, and business acceleration. Join us to discover:
• How proactive identity strategies enable rapid adoption of emerging technologies, from generative AI to automated DevOps.
• Real-world examples where robust management of non-human identities empowered organizations to launch new services and solutions confidently and securely.
• Practical guidance on shifting your organization's perspective from seeing identity security solely as a risk mitigation tactic to embracing it as a strategic enabler of growth and innovation.
• Turn identity security into your organization's competitive advantage.

From Barrier to Catalyst: Transforming Identity Security into an Engine of Innovation

As businesses rapidly adopt cloud and SaaS technologies, the traditional model of centralized IT control has given way to business-led technology decisions. Rather than fighting this shift, forward-thinking security teams are embracing it by implementing unified visibility and intelligence across their expanding digital ecosystem. This session explores how modern access security and data-driven governance enables organizations to support business-driven innovation while maintaining security control.

Beyond Shadow IT: Enabling Business Innovation Through Unified Access Intelligence

Cloud security teams are inundated with alerts, making it difficult to prioritize what matters most and resolve issues efficiently. While this isn’t a new problem, understanding the scope and scale of the challenge is key to finding solutions. To dive deeper, we analyzed 3,960,090 alerts from our proprietary data to break down the problem at scale. In this session, we’ll reveal the most common misconfigurations and explore the factors behind dangerously long dwell times and high MTTR, some stretching up to 498 days and 285 days, respectively. What’s adding to the complexity? Inconsistent severity ratings across different tools, making prioritization even harder. But it’s not all doom and gloom. We’ll highlight quick wins you can implement today, along with key alert types to prioritize for faster triage and risk reduction. By the end of this session, you’ll learn from our expert services team how they tackle these problems at scale every day, and you’ll take away your data-backed strategies to cut through the noise, tackle high-risk misconfigurations, and improve your cloud security posture.

From Alert to Remediation: Millions of Alerts Analyzed to Shape Your Strategy

In today’s digitally interconnected world, patch management is no longer a routine IT task—it’s a critical business imperative.

The complexity of modern IT environments, including hybrid clouds, diverse operating systems, and a multitude of third-party apps, has made patch management increasingly challenging.

In this webinar, Automox and GigaOM will share insights from the “GigaOM Radar Report for Patch Management v3.0” and discuss how organizations like yours can tackle these challenges in 2025 and beyond.

Join us to learn:
• How AI-powered threat assessment and patch orchestration are transforming patch management
• Why strategic patch management requires more than just applying patches and key factors to consider
• The evolving patch management landscape, highlighting key vendors and emerging trends
• Tips to help you choose the right solution for your needs

You’ll leave this webinar ready to strengthen your defenses and proactively mitigate cyber risks.

How To Effectively Manage and Automate the Evolving Landscape of Patch Management

Join us for a behind-the-scenes journey into how industry experts curated the definitive guide to the most critical risks in NHI Security: the OWASP Top 10 NHI Security Risks.

In this talk, we'll break down the methodology behind the rankings—explaining why specific risks were chosen and how they map to challenges engineers face in real-world production environments. We’ll also spotlight the growing role of AI agents—often hailed as the workforce of the future—and their profound impact on each risk. And we won’t stop at theory. Watch live demos of how attackers can exploit the top three risks, uncovering vulnerabilities in NHIs that expose organizations to privilege escalation, data theft, and supply chain attacks. Whether you’re new to NHI security or seeking deeper technical insights, this session promises a fun, engaging, and practical experience that will equip you to tackle the unique challenges of NHIs.

Behind the Scenes: OWASP Top 10 NHI Risks

Securing applications in today's dynamic cloud environments demands a new approach. This webinar explores the critical shift towards application-centric security, moving beyond traditional network-centric models to address the unique challenges of cloud-native architectures. We'll delve into how a deep understanding of application behavior and dependencies is essential for robust security posture. Attendees will learn how to leverage threat intelligence and analysis to proactively identify and mitigate risks, including vulnerabilities and malware. We'll discuss the importance of integrating vulnerability management, network security, and zero trust principles to create a comprehensive defense. Furthermore, we'll examine how application-centric security strengthens compliance efforts and streamlines security operations. Join us to discover how to unlock a more effective and efficient approach to cloud security, focusing on the applications that drive your business.

Unlocking Application-Centric Security in the Cloud

Security Automation Simplified with Open Security Controls Assessment Language
Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of containers and service mesh technologies employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.

Security Automation Simplified with Open Security Controls Assessment Language

Federal Summit

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Security Automation Simplified with Open Security Controls Assessment Language

Presented by

About this talk

More from this channel