Hi [[ session.user.profile.firstName ]]

Cloud Security post Covid-19, Where to Go Next

Over recent years, security and compliance have been some of the top considerations when moving to the cloud. However, as Covid-19 has served as a transformation accelerator in many aspects of our digital life, cloud consumption is skyrocketing, and cloud transformations are booming. In order to achieve a sustainable cloud experience, it is now more important than ever, that security & compliance are not sacrificed for the speed of migration.

In this talk, we will not only investigate the current state of cloud security, but we will also elaborate on scenarios and capabilities that support organizations in rapidly and securely adopting the cloud, and in maintaining compliance once operating in the cloud.
Recorded Nov 3 2020 38 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Carlo Gebhardt, Managing Director, Accenture Security
Presentation preview: Cloud Security post Covid-19, Where to Go Next
  • Channel
  • Channel profile
  • Cloud Security Must: Ensuring Least Privilege Dec 17 2020 5:00 pm UTC 60 mins
    Josh Kirkwood, Solutions Engineering Manager, CyberArk
    The principle of least privilege access – in which all human and machine identities should have only the permissions essential to perform their intended function – is a cloud security best practice promoted by cloud providers like Azure, GCP and leading industry frameworks like MITRE ATT&CK and Cloud Security Alliance’s Cloud Controls Matrix. In this webinar, attendees will learn about the risks of overly broad permissions and how to address them.

    What you’ll walk away with:

    - Discover the role of excessive permissions in data breaches
    - Learn best practices for identifying and remediating excessive permissions in cloud environments
    - Explore free and open source tools to gain visibility across multiple cloud environments
    - Develop a plan to continuously verify least privilege and meet regulatory + Industry compliance objectives
  • Working From Home: NSFW Dec 15 2020 6:00 pm UTC 60 mins
    Etay Maor, CSO, IntSights
    The biggest shift due to COVID-19 was the immediate move of the workforce to the “home office.” But the "home office" is really just your home environment and your organization’s computer. This leaves employees vulnerable without the comprehensive cyber defense protocols corporate office networks provide. Threat actors have identified this and are actively taking advantage of the situation.

    In this session, we will cover the various attacks targeting the “home office,” how attackers can easily collect data about their targets, and what type of data cybercriminals have been selling in underground forums in the past year.
  • Five Lean Principles of Collaboration for Enhanced Product Security Dec 10 2020 5:00 pm UTC 60 mins
    Sandhya Narayan, Principal Program Manager, Adobe
    Engage early, engage often. Continuously delivering products with enhanced security capabilities in a cross-functional, multi-platform environment is no easy task; It takes a lot of commitment to collaborate and communicate on the part of every individual involved throughout the development process, especially when working with globally dispersed teams.  To overcome these challenges, organizations should leverage five principles of collaboration to help their security and compliance teams collaborate more effectively and efficiently with their product development and operations teams. By adhering to these collaboration principles, organizations can improve efficiencies throughout their products and services while keeping their internal stakeholders happy.

    Join Sandhya Narayan, Principal Program Manager at Adobe, as she discusses these principles and how Adobe applies them to improve collaboration between their security, engineering, and operations teams throughout the company.
  • Driving a Stake in the Heart of the 2020 Beast Dec 9 2020 7:00 pm UTC 60 mins
    Jim Reavis, CEO, Cloud Security Alliance
    In this CloudBytes webinar, Cloud Security Alliance CEO Jim Reavis will go into a hypnotic trance and summons otherworldly forces to banish 2020 and all of its evil incarnations into an endless pit of fire, freeing humanity from its evil clutches. Jim will also review the current state of cybersecurity, how the industry has coped with the unexpected events, how cloud has functioned, how businesses are pivoting and what meaningful lessons we take from the year.
  • Cloud Security Threat Landscape in the New Normal Dec 9 2020 5:15 am UTC 60 mins
    Budi Hermawan, Hana ABRIYANSYAH, Andri PURNOMO, Fransiskus INDROMOJO, Muhammad SUHADA, Densi REFWALU
    Panel Discussion : Cloud Security Threat Landscape in the New Normal
    The pandemic has accelerated the digital transformation initiatives of many organizations in the Indonesia. Local companies jumped to the cloud with survival response as the prime consideration. Join our fellow panelists in this panel discussion on the business impact of the top threats on the Cloud. We will also discuss on the cloud-security-first mindset and how CSA can help the industries in Indonesia in their cloud security journey.

    Moderator: Budi Hermawan (Education Director, CSA Indonesia Chapter)
    Panelists:
    Hana ABRIYANSYAH (CISO of Midtrans and VP of Information Security at GO-JEK)
    Andri PURNOMO (VP IT Security, Dana Indonesia)
    Fransiskus INDROMOJO (Senior Technical Specialist, Microsoft Indonesia)
    Muhammad SUHADA (VP Information Technology, PT Blue Bird Tbk)

    Closing Remarks
    Densi REFWALU (Marketing Director, CSA Indonesia Chapter)
  • Threat Intelligence and Cyber Incidents Exchange Dec 9 2020 4:30 am UTC 30 mins
    Setiaji (Head Of Department at ICT - Digital Services of West Java Province)
    CSA Indonesia Virtual Summit 2020
  • Which Threat Intel Should we be Aware of? Dec 9 2020 3:45 am UTC 30 mins
    Rudi LUMANTO (Chairman, Cyber Security Incident and Resilience Team of Indonesia)
    Cyber Threat Intelligence is known as cyber threat knowledge or information which is expected to help implement more effective security controls to provide us with various advantages in building a safe cyber environment. Organizations are then become more proactive rather than reactive to cyber attacks, they are also quicker to mitigate risks and respond to incidents. However, with the rapid development of cyber space and our entry into the industrial era 4.0, threat information become abundant, the biggest challenge for CTI is to provide right information in the right time, so that it will not only technically help but also be useful in decision-making. CTI that only provides non-selective information will eventually become regular news that will not have an impact on increasing cybersecurity awareness. This presentation tries to provide some information on the CTI in Indonesia and see whether it is effective or not to bring awareness to the public or its decision makers. Which intel threat can make us more concerned about our cyber situation?
  • Key Principles and Strategies for Securing the Enterprise Cloud Dec 9 2020 3:00 am UTC 30 mins
    Edwin LIM (Country Director, Fortinet Indonesia)
    (The presentation is in Bahasa Indonesia)

    Customers are turning to the cloud to reduce capital expenses and increase agility as part of their digital innovation (DI) initiatives. Despite the benefits, cloud migration results in business-critical data and services being scattered across clouds and data centers. This leads to an expanded attack surface and a corresponding increase in security risk.
    Some organizations are unknowingly stumbling into a new security paradigm - the shared responsibility model, a model that is built on the assumption that the cloud infrastructure will be secured by cloud providers, while security for services used in the cloud are the responsibility of the organization.
    The Fortinet Security Fabric was purpose-built to close these cloud-driven security gaps through native integration with public cloud infrastructures, a broad set of security services and products, and cross-cloud security management, automation, and analytics.
  • Introduction, Welcome Remarks & Opening Keynote Dec 9 2020 2:00 am UTC 45 mins
    Faisal YAHYA, Dr. Hing-Yan LEE, Semeul Abrijani PANGERAPAN
    CSA Indonesia Virtual Summit 2020

    Introduction
    Faisal YAHYA (Chairman, CSA Indonesia Chapter)

    ​Welcome Message
    Dr. Hing-Yan LEE (EVP APAC, CSA)

    Cloud Computing & Cloud Security Landscape in Indonesia: Challenges & it's Possible Solutions
    Semeul Abrijani PANGERAPAN (Director General of ICT Applications, Ministry of Communication and Information Technology, Indonesia)​
  • The Security Automation Stack Dec 8 2020 6:00 pm UTC 43 mins
    Vinay Venkataraghavan, Technical Director, Office of the CTO - Prisma Cloud, Palo Alto Networks
    Infrastructure as Code and Security Automation for Container Native Applications

    Competition and the pursuit for business superiority is shortening product to market cycles, requiring enterprises to reevaluate current application architectures. It doesn’t take long to come to the conclusion that the “right” solution requires embarking on a journey of digital transformation, involving the rapid adoption of the cloud, containers, microservices and devops processes. However, the combination of deploying container native applications at scale, as immutable infrastructure and frequent deploy and tear down cycles, has required DevOps to automate all aspects of the infrastructure as well as security.

    In this talk we introduce the “Cloud Security Automation Stack”, which is a framework for representing all aspects of infrastructure and security as code, coupled with automation, applied throughout the build, deploy and run phases. In this manner DevOps and Security teams leverage automation and infrastructure as code with security natively injected at the appropriate points, in order to secure critical cloud native assets. Additionally, in this talk we will demo the adoption of the Cloud Security Automation Stack to comprehensively secure microservices running as containers on the Kubernetes platform.
  • Weathering the Storm: Immune System Technology for Cloud & SaaS Dec 3 2020 6:00 pm UTC 60 mins
    Nabil Zoldjalali, Director of Cloud Security, Darktrace
    As workforces look to remain remote for the long term, the cloud has become ubiquitous. Yet human security professionals relying only on conventional security tools continue to struggle to secure the complexity of today’s hybrid and multi-cloud topologies - in fact, only 22% of organizations feel they have adequate visibility into their cloud applications and infrastructure.

    Businesses are increasingly turning to AI as a uniquely dynamic solution to detect and defend from novel threats that emerge on cloud and SaaS environments – which the global workforce continues to rely on in today’s remote working landscape.

    Discussion will include exploration of the latest cloud and SaaS real-world threat trends including:
    - A malicious file download in Box.com
    - Crypto-mining malware inadvertently installed
    - Developer misuse of AWS cloud infrastructure
  • Best Practices for Implementing a Secure DevOps Toolchain Dec 1 2020 6:00 pm UTC 60 mins
    Randy Franklin, VP and Market GM, and William Kokolis, DevOps Practice Lead, Terazo & Bryan Jones, Solutions Architect, Cloud
    Shifting security left empowers DevOps teams to create secure software and infrastructure by giving them the tools and indicators to detect and mitigate potential security problems prior to release. Learn how your DevOps teams can take ownership of your security posture by implementing gating functions that prevent insecure software from being promoted to production.

    Join this webinar, as Terazo covers the governance and technical aspects of implementing DevSecOps. They will discuss the stages and actions they take to improve the resiliency of software development and delivery, including:

    Continuous Integration
    ● Developer Training
    ● Static/Dynamic Application Security Testing
    ● Software Composition Analysis

    Continuous Deployment
    ● Infrastructure Provisioning
    ● Secrets Management

    Continuous Configuration Automation
    ● Automated Release Automation
    ● Configuration State Reporting

    Continuous Monitoring
    ● Penetration testing
    ● Runtime Application Protection

    This webinar will include a demonstration of integrating a cloud security platform into a CI/CD pipeline.
  • Journey to Cloud Adoption Recorded: Nov 25 2020 32 mins
    Ou PHANNARITH, Mok KHEMERA, Dr. Hing-Yan LEE , Nipaul LONG
    Panel Discussion

    Moderator: ​Ou PHANNARITH (Director of ICT Security, MPTC, Cambodia)

    Panelists :
    ​Mok KHEMERA (Director of E-Government)
    Dr. Hing-Yan LEE (EVP, CSA APAC) ​
    Nipaul LONG (CTO, PlasGate Co., Ltd.)
  • Securing the Cloud via CCSK Recorded: Nov 25 2020 21 mins
    Ekta MISHRA (APAC Membership Director & Country Manager - India)
    Securing the Cloud via CCSK
  • Cloud Security 101 Recorded: Nov 25 2020 25 mins
    Sarbojit M BOSE (Education Director, CSA Singapore Chapter & CCSK Instructor)
    Cloud Security 101
  • ICT Development in Cambodia Recorded: Nov 25 2020 17 mins
    ​Mok KHEMERA (Director of E-Government, Ministry of Post and Telecommunications, Cambodia)
    ICT Development in Cambodia
  • Towards a Secure Cloud Ecosystem in Cambodia Recorded: Nov 25 2020 23 mins
    Dr. Hing-Yan LEE (EVP APAC, CSA )
    Towards a Secure Cloud Ecosystem in Cambodia
  • Welcome Remarks & Opening Keynote Recorded: Nov 25 2020 23 mins
    ​Ou PHANNARITH & Dr. Sang SINAWONG
    Welcome Remarks
    ​Ou PHANNARITH (Director of ICT Security, Ministry of Post and Telecommunications (MPTC), Cambodia)

    Opening Keynote
    Dr. Sang SINAWONG (Under Secretary of State, MPTC, Cambodia)
  • Top Cloud Attack Paths You Should Worry About Recorded: Nov 24 2020 46 mins
    Brandon Traffanstedt, Global Director - Solutions Engineering, ‎CyberArk
    Security pros detail the common ways bad actors attack your cloud environments

    As organizations just like yours transition to cloud environments, so do the cyber criminals. An inherent lack of visibility across cloud environments and workloads is masking security threats, undermining compliance and governance and compromising the value of cloud adoption. Individual cloud vendors, point security solutions and siloed teams address just one piece of the puzzle, increasing the risk of misconfigurations and inhibiting the ability to prioritize the most serious threats.

    It can be overwhelming for security teams when organizations rush headfirst into the cloud without consulting them, putting data and processes at risk.

    To effectively mitigate risk, you need to know what bad actors are after. This webinar will guide you through the main compromise points and attacks paths in the cloud.

    You will understand:
    - How attack paths in the cloud are different from the ones typical for on-premises infrastructure and resources
    - The danger of privileged credentials compromise in the cloud
    - Understand 3 to 4 of the most common cloud attack paths and potential mitigation tactics and tools
    - The role of cloud identities and permissions in the overall cloud security posture

    Join this webinar and learn how to combat bad actors in the cloud.
  • Using KPIs To Build Confidence in Your Cloud Security & Compliance Posture Recorded: Nov 19 2020 52 mins
    Nikhil Girdhar, Product Line Marketing Manager & Shrivatsa Upadhye, Sr Technical Marketing Architect, CloudHealth by VMware
    How confident are you that your developers are avoiding the mistakes in public cloud usage that can lead to critical security risks?

    Most security breaches in the cloud are the result of simple configuration errors, and many organizations struggle to enforce policies on secure usage to avoid these mistakes. Oracle and KPMG’s 2020 Cloud Threat Report found that 92% of respondents believe their organization has a gap between the rate of cloud adoption and the maturity of their cloud security and compliance processes.

    This session will share some practical examples to showcase how to:
    ● Get the right security visibility and context to educate developers
    ● Quantify cloud security and compliance posture through KPIs
    ● Detect Day 2 misconfiguration mistakes
    ● Remediate misconfigurations before a criminal exploits them
    ● Proactively integrate Day 0 security and compliance into DevOps process
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Security post Covid-19, Where to Go Next
  • Live at: Nov 3 2020 10:30 am
  • Presented by: Carlo Gebhardt, Managing Director, Accenture Security
  • From:
Your email has been sent.
or close