Name: Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code
Start: 2020-11-03T11:15:00Z
End: 2020-11-03T11:15:22.000Z
Location: BrightTALK
Rating: 4.7

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Security teams are drowning in data. Alerts, findings, metrics, dashboards — all technically “useful,” yet often failing to answer the most important question: what actually matters right now, and why? As artificial intelligence becomes more accessible across security programs, many organizations are experimenting with AI-driven tooling in the hope that it will bring clarity. But used inefficiently, AI can often amplify existing problems rather than solving them.

This discussion explores how AI is reshaping data-informed security decision-making — not as a silver bullet, but as a force multiplier that depends heavily on human judgment, context, and intent. We’ll examine why most AI in use today more closely resembles advanced machine learning than true autonomous intelligence, and why outcomes are still largely driven by the quality of inputs, assumptions, and program maturity.

Through an operational and security lens, the speakers will unpack how teams can move from raw signal volume to meaningful narratives that support better prioritization and risk decisions. We’ll discuss common failure modes, including over-reliance on automation, misinterpreted insights, and resistance from skeptical stakeholders. The conversation will also address how organizations can responsibly incorporate AI into existing security workflows without compromising trust, transparency, or accountability.

To ground the discussion, we’ll walk through a practical vulnerability management example, illustrating how an AI assistant can help surface recommendations that improve efficiency and decision quality — while still keeping humans firmly in control of outcomes. Ultimately, this session aims to help security leaders separate signal from noise, hype from value, and automation from understanding as they navigate an evolving AI landscape.

From Noise to Narrative: How AI Is Reshaping Data-Informed Security Decisions

AI agents are rapidly becoming the most powerful “users” inside the enterprise. They provision infrastructure, move data, and call APIs with broader and more persistent access than human employees, yet they operate outside traditional safety nets. Unlike human access, there is currently no clear ownership, no certification process, and no accountability model for these machine identities.

In this session, we examine how agentic AI has quietly broken the assumptions identity governance (IAM/IGA) was built on. We will explore:

-The Velocity Gap: Why traditional controls fail at machine speed.
-Inherited Risk: How AI agents bypass oversight by inheriting "ghost" permissions.
-The Auditor’s Dilemma: The uncomfortable question CISOs will soon face from boards: “Who approved this access, and who is accountable for what the AI actually did?”.

Your AI Agents Have More Access Than Your Employees. No One Is Accountable

As AI adoption accelerates across organizations, traditional security approaches focused solely on license management and non-human identities are missing the bigger picture. This webinar explores a comprehensive framework for AI security that recognizes the full spectrum of AI identities in your environment, from AI users and builders to AI agents, and provides actionable strategies for discovery, protection, and defense.

We'll examine how AI security can be looked at through an identity security lens and demonstrate how runtime intelligence reveals dramatically more AI usage than static configuration approaches. Attendees will learn practical methodologies for inventorying their complete AI footprint, identifying risky access patterns, and implementing high-fidelity detection capabilities that enable faster SOC response.

Key Takeaways:
- Understand the three critical categories of AI identities: users, builders, and agents
- Learn why runtime detection reveals 5x more AI activity than static license tracking
- Discover how to identify shadow AI usage and over-privileged AI identities
- Implement a governance framework aligned with NIST AI security guidelines
- Build detection strategies that go beyond traditional NHI approaches

AI Users, Builders, and Agents: Securing the Next Generation of Identities

AI adoption in the cloud is surging, with over 70% of organizations using managed AI services—but security risks are growing just as fast. This latest report uncovers key trends, including the rapid rise of DeepSeek, widespread AI experimentation, and critical security gaps that organizations must address now.

AI Series: The State of AI in the Cloud

The cloud has redefined what is possible in technology, enabling organizations to move faster, scale effortlessly, and innovate without boundaries. Yet the cloud’s defining qualities of speed, scalability, and elasticity have outpaced traditional security models that were built for static, on-premises environments rather than dynamic digital ecosystems. The next phase of cloud security requires a mindset shift that embraces the cloud’s speed, scale, and ephemeral nature as the foundation of a more adaptive and intelligent defense strategy. 

This session explores the next stage in the evolution of cloud security, moving from fragmented visibility and static configuration checks toward real-time insight, automated investigation, and adaptive response. Attendees will learn how automation and AI can help teams embrace the ephemeral nature of the cloud, gaining clarity and control without slowing innovation. 

Participants will gain practical insight into assessing cloud security maturity, identifying visibility gaps, and understanding how intelligent automation enables security teams to analyze activity across thousands of assets, reconstruct events within minutes, and make faster, more confident decisions. We will also discuss how different layers of security, including posture management, threat detection, and incident response, work together to deliver a unified, adaptive approach to securing modern environments. 

The session will inspire participants to view the cloud’s dynamic nature as an opportunity to transform it into an ally in defense, rather than a source of endless complexity.

Redefining Cloud Security in the Era of AI and Automation

Security operations are entering a new era, where AI doesn’t just automate tasks, but understands context, collaborates, and learns. The foundation of this evolution is the Agentic System: a connected network of AI entities designed to make coordinated decisions in complex environments.

In this session, we’ll break down what an agentic system truly is—from its core components to how they operate in a dynamic security operations center. We’ll explore the architecture behind agentic personas, skills, tools, and memory, and show how their interplay leads to faster, smarter, and more predictive defense.

Through practical examples and security-specific use cases, you’ll see how agentic systems are transforming the way teams detect, analyze, and respond to threats, and how to start thinking about building agentic principles into your own environment.

Key Takeaways:
- What defines an Agentic System and why it represents a new model for SecOps
- What makes up an agentic persona and how they can collaborate for a greater outcome.
- How skills, tools, and memory operate in real-time as an agentic system and why this beats standalone automation.
- The outcomes agentic systems can deliver — speed, precision, foresight, and scalability
- Real-world examples of how agentic architectures are reshaping modern security operations

The Anatomy of an Agentic AI System: Understanding the Architecture Behind Faster, Smarter, and Predictive Security

The Cloud Security Alliance recently released the first independent benchmark study of AI agents in the SOC. With 148 analysts across two investigation scenarios, the study delivered hard evidence on how AI makes analysts faster, more accurate, and more consistent.

Hear from CSA CEO Jim Reavis, former Robinhood CISO Caleb Sima, and Dropzone AI CEO Edward Wu as they unpack the results for SOC leaders deciding how to adopt AI today.

What you’ll learn:

• What the data really shows about AI-augmented analysts’ performance in accuracy, speed, and consistency
• Where AI delivers the most value in the SOC today, from Tier 1 triage to Tier 2 investigations
• How analysts felt about AI after hands-on use—and why 94% said their opinion of AI improved
• What SOC leaders should do next to turn research insights into operational advantage

AI in the SOC: Expert Perspectives on the CSA Benchmark Study

As of May 2024, the Wiz Research team has analyzed over 200 cloud security incidents, identified 65 threat actors, and tracked 155 attack techniques alone. With cloud adoption on the rise, security teams now need to understand the threat landscape to stay ahead of evolving risks. Watch the Wiz Research team's insights in this on-demand webinar, featuring an in-depth look at today’s cloud landscape, the latest industry trends, and the most notable threats, including: 
- Who’s targeting the cloud 
- The top 5 most common cloud threats 
- What your organization should prioritize today

How to Find Your Most Critical Risks in the Cloud

MCP servers serve as the backbone that enables AI agents to access the tools, data, and context they need to operate.

By connecting these agents to everything from internal APIs and databases to third-party SaaS systems, MCP turns isolated AI models into fully capable, action-driven agents.

New research by Astrix Security analyzed more than 5,200 open-source MCP servers and surfaced systemic risks:
1. 53% rely on static API keys or PATs
2. Only 8.5% use OAuth applications
3. 79% pass keys via simple environment variables

In this webinar, we will unpack the data, methodology, and what it means for your attack surface.

To help tackle these challenges, Astrix introduces its new open-source MCP Secret Wrapper, a practical way to eliminate hardcoded credentials by fetching secrets from a vault at runtime.

In this session, you will learn how to apply the wrapper for quick wins, how to enforce least-privilege and short-lived access at scale, and how to align with compliance without slowing down your teams.

State of MCP Server Security 2025: What 5,200 Servers Reveal, and the Open-Source Fix You Can Use Today

“What do we actually own in the cloud?” It’s a question security leaders ask every day—yet answers are rarely clear. 

In today’s cloud-driven world, assets, identities, and resources change faster than manual tracking can keep up, creating critical blind spots that attackers can exploit through misconfigurations or overprivileged accounts. For security operations, this speed demands an equally fast response. However, legacy asset management and siloed security tools often fall short, leaving gaps in visibility and costing precious minutes during detection and response.

Join us to see how modern SecOps can outpace attackers by unifying on-prem and cloud telemetry, identifying exposures inside and outside their firewall, and leveraging agentic AI and automation throughout detection, investigation, and response—ensuring cloud blind spots never become entry points.

Key Learnings:
• Why legacy asset management and manual processes can’t keep up with the speed of cloud
• The real risks behind inaccurate cloud inventories, invisible SaaS assets, and cloud exposures
• How AI and automation enable continuous discovery, faster detection, and smarter response in cloud security operations

Cloud Asset Blind Spots: Closing Gaps Before They're Exploited

You’re juggling multiple endpoints. Your remote workforce is creating security gaps. And identity attacks jumped 442% last year alone. In this webinar, you'll hear from Jason Kikta (CISO/SVP, Product at Automox) and Dmitri Alperovitch (Automox Chairman of the Board, co-founder of Crowdstrike) discuss pressing security concerns and real solutions, like:
- What’s actually happening in the current threat landscape
- How autonomous endpoint management eliminates security gaps
- Where Automox is headed next (Spoiler alert: It’s game-changing.)

State of Cybersecurity: A Reality Check

Every day, another AI “agent” for security operations emerges: a playbook runner, a data enricher, a script executor. But stitching together a few task-specific bots doesn’t solve the complex problems facing the SOC—it exacerbates them. On the other side, there’s this promise of an “Autonomous SOC” leveraging agents, but these generic systems don’t have the best understanding or oversight about your environment.

In this webinar, we’ll explore a more effective evolution: Autonomous, role-based, agentic AI personas. Join ReliaQuest President of Field Operations Colin O’Connor, ReliaQuest CTO Joe Partlow and guest speaker Forrester Principal Analyst Allie Mellen for a forward-looking conversation that cuts through the noise to uncover how agentic teammates reframe what’s possible for AI in the SOC. 

In this webinar, you'll learn:
• What distinguishes a task-based agent from a true teammate—and why that matters 
• The architecture of a hybrid human + AI SOC (and what it’s not: autonomous) 
• How to evaluate when to use agentic teammates—and when not to 
• What a future-ready operating model looks like in live use-case walkthroughs

The Case for Agentic Teammates: Moving Beyond Task Bots

The 2025 Identity Automation Crisis: What 500+ Leaders Exposed
Enterprises have never had more identity tools—SSO, password managers, privileged access controls, and governance platforms. On paper, the identity stack looks mature. But beneath the surface, a critical problem persists: the last mile of identity still runs on manual execution.

The new 2025 Identity Automation Gap Report, based on insights from 500+ IT and security leaders, shows just how wide the gap really is:
• 58% of former employees keep access to systems after leaving
• 41% still share passwords manually (yes, spreadsheets)
• Fewer than 4% of enterprises have fully automated core identity workflows

Join Matt Chiodi, CSO at Cerby, and Aaron Turner, Faculty at IANS, as they unpack what the data reveals and share practical ways to:
• Spot and close your biggest identity blind spots
• Extend automation to disconnected apps (without ripping out your stack)
• Turn manual execution into automated protection that’s secure, scalable, and resilient

The 2025 Identity Automation Crisis: What 500+ Leaders Exposed

The transformative power of AI is undeniable, yet unlocking its full potential requires enterprises to secure their enterprise data to safely scale AI systems. Building trustworthy AI Assistants and Agents necessitates a comprehensive understanding of your organization's data landscape – especially unstructured data – coupled with fine grained access controls to protect against accidental leakage of sensitive data, clever cyber attacks and inappropriate internal access.

Join Nikhil Girdhar from Securiti and Shanmugam Kandaswamy from AWS  as they discuss how to apply Securiti DSPM to accelerate the safe deployment of enterprise AI assistants and agents with Amazon Q Business. Gain technical insights on how to establish proactive data security and governance, and mitigate emerging AI risks, such as OWASP Top 10 for LLMs.

Attendees will learn how to:

• Create comprehensive Data+AI mapping with full data lineage and provenance
• Prevent unintended data access by users of AI Assistants by enabling stronger data access controls
• Mitigate emerging AI risks such as prompt injections and sensitive data exposure
• Improve the efficacy of AI responses by minimizing redundant, obsolete, and trivial (ROT) data

From Data to Deployment: Safeguarding Enterprise AI with Security and Governance

Conquering Cloud Security Pain Points addresses the critical security challenges enterprises face in the cloud. The agenda includes a discussion of the promise versus the reality of cloud security and a deep dive into six key pain points. The session will also present strategic approaches to overcome these challenges, such as fostering unified visibility and control, implementing consistent policy enforcement, and streamlining security change workflows. The presenter, David Geffen, CMO at AlgoSec, will also cover achieving continuous compliance, bridging the cloud security expertise gap, and embracing proactive risk prevention. The presentation concludes with key takeaways and next steps for a holistic security strategy.

Conquering Cloud Security Pain Points

Securing your organization is no longer just an IT issue; it's a financial necessity. This webinar explores how identity security can help companies reduce global cyber losses by billions. We'll discuss how these findings are reshaping corporate budgets and influencing how insurers assess risk.

Key Takeaways
• Financial Impact: Learn how strong identity security directly reduces your financial exposure to cyber threats.
• Evolving Threats: Discover how the changing the threat landscape and the security strategies needed to combat it.
• Actionable Advice: Get practical guidance on where to start with identity security and how executives can use this data to justify critical investments.

Join us to learn how to turn identity security from a cost into a competitive advantage.

From Risk to ROI: The business case for identity security

Generative AI tools like ChatGPT are rapidly being adopted across enterprises to drive efficiency, but they come with real and immediate security implications.

Recent studies show that 15% of employees are pasting data into GenAI tools, and 1 in 3 are unknowingly sharing sensitive information. These behaviors create a new layer of risk: inadvertent data leaks, compliance violations, and exposure of confidential assets.

As a result, most organizations face a blunt choice: block GenAI entirely or allow it unchecked. Neither option is valid in today’s world. But GenAI security and productivity shouldn’t be an “either-or” choice.

In this webinar, LayerX security leaders will break down how to secure GenAI usage without sacrificing its value. You’ll get a clear understanding of how these tools are being used, what risks they create, and what practical steps you can take to mitigate them.

Register for this webinar to learn:
• Industry Insights: See how and where GenAI is being used across the enterprise—by whom, for what, and how often.
• Risk Breakdown: Learn what kinds of sensitive data are being exposed, and what that means for your security and compliance posture.
• Protective Actions: Walk away with specific policies, controls, and tools to reduce risk while enabling safe GenAI adoption.
• Real World Lessons: Hear how leading security teams are addressing these challenges in real-world environments.

Whether you’re a CISO, a security architect, or part of the compliance team, this session will give you clear, actionable guidance to secure your organization’s GenAI usage—before it becomes a problem.

Register now and take control of GenAI security before it takes control of you.

Preventing GenAI Data Leakage: Enabling Innovation Without Compromising Security

This webinar offers cloud network security experts an in-depth look at the paradigm shift from traditional perimeter-based security to a modern application-centric approach. Discover why conventional data center security models, relying on static policies and firewalls, are ill-suited for the dynamic nature of cloud environments, which are characterized by the explosive growth of IaaS, PaaS, and SaaS. We will explore the critical challenges posed by vanishing perimeters, lack of visibility into cloud environments, and the complexities of securing highly dynamic resources like VMs, containers, and microservices. The session will detail the core principles of application-centric security, including achieving granular visibility into application dependencies, implementing Zero Trust frameworks with verification and validation checkpoints, and leveraging microsegmentation for enhanced isolation. Furthermore, learn how automation and orchestration are essential for consistent policy enforcement, faster response times, and increased efficiency in managing cloud security at scale across diverse multi-cloud and hybrid infrastructures.

The Evolution of Cloud Network Security: From Silos to Service-Centricity

Developed by CSA and ISACA to meet the unique demands of auditing cloud based environments, the Certificate of Cloud Auditing Knowledge (CCAK) is the first credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing cloud computing systems. This session will provide a preview of the CCAK body of knowledge, including cloud security components based on CSA’s Security, Trust, Assurance & Risk (STAR) and Cloud Controls Matrix (CCM), as well as highlight key differentiators from other IT audit certification programs and illustrate the benefits of earning your CCAK.

CCAK: The industry's first global cloud auditing credential

Enterprise-ready cloud services and hybrid solutions have made it easier for users to complete their work wherever they are, but this flexibility expands the attack surface admins are expected to secure. Many organizations today are using zero-trust principles in their IAM (Identity & Access Management) strategy to solve this challenge, not just authenticating users but also checking if they meet the security policy at the point of access each time they log in.
Join Advisory CISO Richard Archdeacon from Duo Security learn how to develop your IAM programme while avoiding the top implementation pitfalls, and how Duo can help support your team’s zero-trust journey.

Zero Trust: The Key to your IAM Success

Due to the rapid growth of IoT and mobile devices, both fog computing and edge computing technologies were hastily developed, which resulted in security and privacy related challenges that could impact the integrity of information in the cloud. Fog computing and Edge computing are often confused for each other although minor difference exist, which change the security threat landscape and potential attack vectors. Come learn about security challenges, potential attacks and solutions, of Fog Computing and Edge Computing and their impact on the future of IoT device integration with the Cloud!

The Impact of Fog Computing and Edge Computing on Cloud Security

The world of third-party risk management is rapidly changing. Each day, organizations like yours face new security, privacy, and compliance threats when working with third parties. The good news is there are world-class teams around the world that are paving the way with new best practices for the next generation of third-party risk management. In working with hundreds of these organizations, we’ve seen first-hand what it takes to be successful and secure when working with third parties.​
​
So, is your third-party risk management program ahead of the curve? Attend this webinar to find out and learn more about:​
​
- New trends in the third-party risk industry​
- What emerging threats you can expect and how to address them​
- How to find and leverage assessment communities and shared due diligence data​

A How-To Guide: Navigating the Top 7 Trends in Third-Party Risk Management

Since its debut in 2013, the Cloud Control Matrix (CCM) v3.0.1 has been greatly successful and received wide adoption around the globe. Nevertheless, as new technologies emerge and the cloud certification landscape continuously evolves, so must the CCM. To this end, the upgrade of CCMv3.0.1 to the next CCMv4.0 has been imperative. A CCMv4.0 task force has been put together,  consisting of a total number of 18 teams led by highly experienced cloud security experts, that is currently driving CCM v4.0 development and is expected to conclude its works by end of Q4 2020.

This session will provide a presentation and overview of:
- CCMv4 domains and new control requirements,
- A draft version of the new CCMv4 “implementation guidance”,
- The new Shared Security Responsibility Model (SSRM) controls for helping CSPs and CSCs delineating CCM controls implementation responsibilities,
- The enhanced Consensus Assessment Initiative Questionnaire (CAIQ) v4.0 following the upgrade to CCMv4.0,
- Mapping exercises of CCMv4.0 to other well known standards, as performed by the CCM WG,
- The latest activities for the development of CCMv4.0-Lite.

Cloud Control Matrix V4

As a central authentication service that processes billions of logins a month, credential stuffing attacks are the most common threats we observe. These attacks can lead to fraud, loss of reputation, and ultimately, loss of revenue.

In credential stuffing attacks, threat actors use stolen credentials from one breach to takeover users’ other accounts. This is effective because 65% of people reuse passwords across multiple accounts, according to Google. On some days, these attacks originate from more than 50,000 IP addresses and may account for as much as half of all login attempts using our platform. Even the most mature companies are vulnerable if they don’t have the right preventative measures in place.

Join Auth0's session to learn:
- How credential stuffing attacks work
- What effect they can have on your company
- How a multifaceted response can help detect and rapidly resolve these attacks

What You Need to Know About Credential Stuffing Attacks

Awaken your approach to cloud with a reference architecture that modernizes your enterprise. John covers the foundational components of the CSA Enterprise Architecture and shares how it is used to to secure multiple cloud implementations. Overlayed onto existing architectures or leveraged on its own, the model helps organizations identify existing security gaps and redundancies in a cloud environment. The approach is also used to roadmap and create key progress indicators for securing your organization’s cloud strategy.

A Referenced Architecture to Modernize Your Approach to Cloud

As more workloads move to the cloud, it is critical to secure those workloads against known vulnerabilities.  The benefits of the cloud allow for agility, speed and innovation, but the cloud also can pose a challenge for vulnerability management.  This session will review best practices for cloud-vulnerability management, with a strong focus on automation. The session also will demonstrate options for asset-management, vulnerability-detection, remediation and reporting surrounding cloud vulnerabilities.

Unveiling the Wonder of Automated Vulnerability Management in the Cloud

The CSA has recently celebrated the 1000 entries into the STAR Registry. This was confirmation of the value and relevance of the STAR program in the cloud community.  

The STAR Program has evolved into a framework that provides a flexible, incremental and multi-layered cloud provider system that is being recognized as the international certifiable harmonized GRC solution, starting with its rich history through development, implementation and the three levels of the Open Certification Framework that makes up the STAR Program. As any successful program, STAR will keep on maturing and evolving over time to better serve the cloud ecosystem and its need for trust. 

Join us as Daniele Catteddu; CTO and John DiMaria; Assurance Investigatory Fellow provide you with insight into the STAR Program Roadmap, on the reasons behind the development of the new components and what’s their state of development.

STAR Future Roadmap

When talking about cloud it’s easy to fallback to that old joke that cloud is just someone else’s computer. Unfortunately it’s also easy to see it as Someone Else’s Problem (SEP). Ford Prefect, from The Hitchhiker's Guide to the Galaxy, said “An SEP is something we can't see, or don't see, or our brain doesn't let us see, because we think that it's somebody else's problem.”  In this session we examine what that means in the cloud and how we can avoid assuming our security is good enough.

Shared Responsibility: Someone Else’s Problem

Introduction to CSA's Quantum Safe Security Working Group and its goals and objectives. Quantum computers continue to strengthen and soon will be able to break traditional forms of asymmetric encryption and weaker symmetric ciphers. Attend this session to learn about the coming quantum crypto break and what your organization can do now to prepare. It will cover the state of post-quantum cryptography and quantum key distribution. If you don't know much about what is going on in the quantum computing world, the threats, and what we are doing to prepare, this is a good presentation to attend.

Get Quantum Safe

Over recent years, security and compliance have been some of the top considerations when moving to the cloud. However, as Covid-19 has served as a transformation accelerator in many aspects of our digital life, cloud consumption is skyrocketing, and cloud transformations are booming. In order to achieve a sustainable cloud experience, it is now more important than ever, that security & compliance are not sacrificed for the speed of migration.
 
In this talk, we will not only investigate the current state of cloud security, but we will also elaborate on scenarios and capabilities that support organizations in rapidly and securely adopting the cloud, and in maintaining compliance once operating in the cloud.

Cloud Security post Covid-19, Where to Go Next

The key objectives of GAIA-X, Community Engagement and participation via the GAIA-X Association. European Data Infrastructure as part of NextGenerationEU - based on GAIA-X.

GAIA-X: Current Status and Outlook – What to Expect and How to Engage

What is the value of security ratings when it comes to predicting breaches? What are the indicators that breached companies are showing that non-breached companies don’t express?  This session will examine breaches that have occurred in 2020 and present those security issues most commonly found in breached companies versus control groups of companies in the finance and healthcare that have not experienced publicly notified breaches. We will look at overall ratings, factor ratings and specific security issues which are more predominant in breach groups and illustrate the correlation to breach likelihood.

The Correlation Between Security Ratings and Breach Likelihood

This session is designed to introduce the publication of CSA’s unique insights into the challenges of mastering the widespread adoption of cloud technologies. More importantly, CSA will help members understand the importance of translating identified cloud and technology risks into those risks that are crucial to achieving business success and prosperity - the true rationale for the widespread growth of cloud computing. The presentation will also reveal those hidden technical risks that can expose organizations to operational failure, regulatory non-compliance, data breaches, external attacks and supply chain disruption.

CSA’s Perspective on Cloud Risk Management

Cloud Security Alliance EMEA Congress 2020

Cloud security is a software engineering problem, not a security analysis one. The engineers that build and maintain cloud infrastructure need policy-as-code tools to ensure cloud security and compliance.
Open Policy Agent is an open source standard for policy-as-code that’s ideal for cloud infrastructure. 

In this talk, Josh Stella, cofounder and CTO at Fugue, will walk through how OPA works and how cloud engineering teams can leverage it for their use cases, including validating infrastructure-as-code and integrating cloud security into CI/CD pipelines.

• How OPA and the Rego policy language work for a variety of cloud security use cases
• How developers can check Terraform against policy with Regula, an open source tool that uses OPA
• How to use OPA with CI/CD tools to integrate cloud infrastructure security into automated delivery pipelines

Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code

Cloud Security

Information Security

IT Security

Cloud Computing

IT Governance

Cloud Infrastructure

Cloud Compliance

Cloud Applications

Data Breach

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code

Presented by

About this talk

Cloud Security Alliance: CloudBytes