Over recent years, security and compliance have been some of the top considerations when moving to the cloud. However, as Covid-19 has served as a transformation accelerator in many aspects of our digital life, cloud consumption is skyrocketing, and cloud transformations are booming. In order to achieve a sustainable cloud experience, it is now more important than ever, that security & compliance are not sacrificed for the speed of migration.
In this talk, we will not only investigate the current state of cloud security, but we will also elaborate on scenarios and capabilities that support organizations in rapidly and securely adopting the cloud, and in maintaining compliance once operating in the cloud.
RecordedNov 3 202038 mins
Your place is confirmed, we'll send you email reminders
The principle of least privilege access – in which all human and machine identities should have only the permissions essential to perform their intended function – is a cloud security best practice promoted by cloud providers like Azure, GCP and leading industry frameworks like MITRE ATT&CK and Cloud Security Alliance’s Cloud Controls Matrix. In this webinar, attendees will learn about the risks of overly broad permissions and how to address them.
What you’ll walk away with:
- Discover the role of excessive permissions in data breaches
- Learn best practices for identifying and remediating excessive permissions in cloud environments
- Explore free and open source tools to gain visibility across multiple cloud environments
- Develop a plan to continuously verify least privilege and meet regulatory + Industry compliance objectives
The biggest shift due to COVID-19 was the immediate move of the workforce to the “home office.” But the "home office" is really just your home environment and your organization’s computer. This leaves employees vulnerable without the comprehensive cyber defense protocols corporate office networks provide. Threat actors have identified this and are actively taking advantage of the situation.
In this session, we will cover the various attacks targeting the “home office,” how attackers can easily collect data about their targets, and what type of data cybercriminals have been selling in underground forums in the past year.
Engage early, engage often. Continuously delivering products with enhanced security capabilities in a cross-functional, multi-platform environment is no easy task; It takes a lot of commitment to collaborate and communicate on the part of every individual involved throughout the development process, especially when working with globally dispersed teams. To overcome these challenges, organizations should leverage five principles of collaboration to help their security and compliance teams collaborate more effectively and efficiently with their product development and operations teams. By adhering to these collaboration principles, organizations can improve efficiencies throughout their products and services while keeping their internal stakeholders happy.
Join Sandhya Narayan, Principal Program Manager at Adobe, as she discusses these principles and how Adobe applies them to improve collaboration between their security, engineering, and operations teams throughout the company.
In this CloudBytes webinar, Cloud Security Alliance CEO Jim Reavis will go into a hypnotic trance and summons otherworldly forces to banish 2020 and all of its evil incarnations into an endless pit of fire, freeing humanity from its evil clutches. Jim will also review the current state of cybersecurity, how the industry has coped with the unexpected events, how cloud has functioned, how businesses are pivoting and what meaningful lessons we take from the year.
Budi Hermawan, Hana ABRIYANSYAH, Andri PURNOMO, Fransiskus INDROMOJO, Muhammad SUHADA, Densi REFWALU
Panel Discussion : Cloud Security Threat Landscape in the New Normal
The pandemic has accelerated the digital transformation initiatives of many organizations in the Indonesia. Local companies jumped to the cloud with survival response as the prime consideration. Join our fellow panelists in this panel discussion on the business impact of the top threats on the Cloud. We will also discuss on the cloud-security-first mindset and how CSA can help the industries in Indonesia in their cloud security journey.
Moderator: Budi Hermawan (Education Director, CSA Indonesia Chapter)
Hana ABRIYANSYAH (CISO of Midtrans and VP of Information Security at GO-JEK)
Andri PURNOMO (VP IT Security, Dana Indonesia)
Fransiskus INDROMOJO (Senior Technical Specialist, Microsoft Indonesia)
Muhammad SUHADA (VP Information Technology, PT Blue Bird Tbk)
Densi REFWALU (Marketing Director, CSA Indonesia Chapter)
Rudi LUMANTO (Chairman, Cyber Security Incident and Resilience Team of Indonesia)
Cyber Threat Intelligence is known as cyber threat knowledge or information which is expected to help implement more effective security controls to provide us with various advantages in building a safe cyber environment. Organizations are then become more proactive rather than reactive to cyber attacks, they are also quicker to mitigate risks and respond to incidents. However, with the rapid development of cyber space and our entry into the industrial era 4.0, threat information become abundant, the biggest challenge for CTI is to provide right information in the right time, so that it will not only technically help but also be useful in decision-making. CTI that only provides non-selective information will eventually become regular news that will not have an impact on increasing cybersecurity awareness. This presentation tries to provide some information on the CTI in Indonesia and see whether it is effective or not to bring awareness to the public or its decision makers. Which intel threat can make us more concerned about our cyber situation?
Customers are turning to the cloud to reduce capital expenses and increase agility as part of their digital innovation (DI) initiatives. Despite the benefits, cloud migration results in business-critical data and services being scattered across clouds and data centers. This leads to an expanded attack surface and a corresponding increase in security risk.
Some organizations are unknowingly stumbling into a new security paradigm - the shared responsibility model, a model that is built on the assumption that the cloud infrastructure will be secured by cloud providers, while security for services used in the cloud are the responsibility of the organization.
The Fortinet Security Fabric was purpose-built to close these cloud-driven security gaps through native integration with public cloud infrastructures, a broad set of security services and products, and cross-cloud security management, automation, and analytics.
Faisal YAHYA, Dr. Hing-Yan LEE, Semeul Abrijani PANGERAPAN
CSA Indonesia Virtual Summit 2020
Faisal YAHYA (Chairman, CSA Indonesia Chapter)
Dr. Hing-Yan LEE (EVP APAC, CSA)
Cloud Computing & Cloud Security Landscape in Indonesia: Challenges & it's Possible Solutions
Semeul Abrijani PANGERAPAN (Director General of ICT Applications, Ministry of Communication and Information Technology, Indonesia)
Vinay Venkataraghavan, Technical Director, Office of the CTO - Prisma Cloud, Palo Alto Networks
Infrastructure as Code and Security Automation for Container Native Applications
Competition and the pursuit for business superiority is shortening product to market cycles, requiring enterprises to reevaluate current application architectures. It doesn’t take long to come to the conclusion that the “right” solution requires embarking on a journey of digital transformation, involving the rapid adoption of the cloud, containers, microservices and devops processes. However, the combination of deploying container native applications at scale, as immutable infrastructure and frequent deploy and tear down cycles, has required DevOps to automate all aspects of the infrastructure as well as security.
In this talk we introduce the “Cloud Security Automation Stack”, which is a framework for representing all aspects of infrastructure and security as code, coupled with automation, applied throughout the build, deploy and run phases. In this manner DevOps and Security teams leverage automation and infrastructure as code with security natively injected at the appropriate points, in order to secure critical cloud native assets. Additionally, in this talk we will demo the adoption of the Cloud Security Automation Stack to comprehensively secure microservices running as containers on the Kubernetes platform.
Nabil Zoldjalali, Director of Cloud Security, Darktrace
As workforces look to remain remote for the long term, the cloud has become ubiquitous. Yet human security professionals relying only on conventional security tools continue to struggle to secure the complexity of today’s hybrid and multi-cloud topologies - in fact, only 22% of organizations feel they have adequate visibility into their cloud applications and infrastructure.
Businesses are increasingly turning to AI as a uniquely dynamic solution to detect and defend from novel threats that emerge on cloud and SaaS environments – which the global workforce continues to rely on in today’s remote working landscape.
Discussion will include exploration of the latest cloud and SaaS real-world threat trends including:
- A malicious file download in Box.com
- Crypto-mining malware inadvertently installed
- Developer misuse of AWS cloud infrastructure
Randy Franklin, VP and Market GM, and William Kokolis, DevOps Practice Lead, Terazo & Bryan Jones, Solutions Architect, Cloud
Shifting security left empowers DevOps teams to create secure software and infrastructure by giving them the tools and indicators to detect and mitigate potential security problems prior to release. Learn how your DevOps teams can take ownership of your security posture by implementing gating functions that prevent insecure software from being promoted to production.
Join this webinar, as Terazo covers the governance and technical aspects of implementing DevSecOps. They will discuss the stages and actions they take to improve the resiliency of software development and delivery, including:
Brandon Traffanstedt, Global Director - Solutions Engineering, CyberArk
Security pros detail the common ways bad actors attack your cloud environments
As organizations just like yours transition to cloud environments, so do the cyber criminals. An inherent lack of visibility across cloud environments and workloads is masking security threats, undermining compliance and governance and compromising the value of cloud adoption. Individual cloud vendors, point security solutions and siloed teams address just one piece of the puzzle, increasing the risk of misconfigurations and inhibiting the ability to prioritize the most serious threats.
It can be overwhelming for security teams when organizations rush headfirst into the cloud without consulting them, putting data and processes at risk.
To effectively mitigate risk, you need to know what bad actors are after. This webinar will guide you through the main compromise points and attacks paths in the cloud.
You will understand:
- How attack paths in the cloud are different from the ones typical for on-premises infrastructure and resources
- The danger of privileged credentials compromise in the cloud
- Understand 3 to 4 of the most common cloud attack paths and potential mitigation tactics and tools
- The role of cloud identities and permissions in the overall cloud security posture
Join this webinar and learn how to combat bad actors in the cloud.
Nikhil Girdhar, Product Line Marketing Manager & Shrivatsa Upadhye, Sr Technical Marketing Architect, CloudHealth by VMware
How confident are you that your developers are avoiding the mistakes in public cloud usage that can lead to critical security risks?
Most security breaches in the cloud are the result of simple configuration errors, and many organizations struggle to enforce policies on secure usage to avoid these mistakes. Oracle and KPMG’s 2020 Cloud Threat Report found that 92% of respondents believe their organization has a gap between the rate of cloud adoption and the maturity of their cloud security and compliance processes.
This session will share some practical examples to showcase how to:
● Get the right security visibility and context to educate developers
● Quantify cloud security and compliance posture through KPIs
● Detect Day 2 misconfiguration mistakes
● Remediate misconfigurations before a criminal exploits them
● Proactively integrate Day 0 security and compliance into DevOps process
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa