Hi [[ session.user.profile.firstName ]]

Key Principles and Strategies for Securing the Enterprise Cloud

(The presentation is in Bahasa Indonesia)

Customers are turning to the cloud to reduce capital expenses and increase agility as part of their digital innovation (DI) initiatives. Despite the benefits, cloud migration results in business-critical data and services being scattered across clouds and data centers. This leads to an expanded attack surface and a corresponding increase in security risk.
Some organizations are unknowingly stumbling into a new security paradigm - the shared responsibility model, a model that is built on the assumption that the cloud infrastructure will be secured by cloud providers, while security for services used in the cloud are the responsibility of the organization.
The Fortinet Security Fabric was purpose-built to close these cloud-driven security gaps through native integration with public cloud infrastructures, a broad set of security services and products, and cross-cloud security management, automation, and analytics.
Recorded Dec 9 2020 36 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Edwin LIM (Country Director, Fortinet Indonesia)
Presentation preview: Key Principles and Strategies for Securing the Enterprise Cloud
  • Channel
  • Channel profile
  • Building a Data Visibility and Control Framework for The MultiCloud Jun 30 2021 4:00 pm UTC 60 mins
    Dimitri Sirota, Co-founder, and CEO of BigID
    Modern multi-cloud environments are complex, noisy, and full of sensitive data. It’s critical to gain visibility and control for data in the cloud - to reduce risk, get more value from your data, and take a strategic and scalable approach to data management.

    Join Dimitri Sirota, Co-founder, and CEO of BigID, to explore how to build a data visibility and control framework for the cloud. You’ll learn:
    - Challenges to data visibility and control across data centers in the cloud
    - How ML and automation will fuel next-generation data management that extends to privacy, security, and governance
    - Key steps to building a sustainable and scalable framework for cloud data management
  • Data Sovereignty - What’s the Big Fuss About? Jun 30 2021 8:30 am UTC 45 mins
    Dr. Hing-Yan LEE, Madhav CHABLANI, Stephanie King-Chung HUNG, Ts. Saiful Bakhtiar OSMAN
    Panel Discussion

    The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty.


    - Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
    - Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems,, ST Engineering)
    - Ts. Saiful Bakhtiar OSMAN (Head of IT, APAC, ASCENT Fund Services)
  • How Can We Grow the Pool of Cloud Security Professionals Jun 30 2021 7:30 am UTC 45 mins
    Dr. Hing-Yan LEE, Victor LO, Philip VICTOR, Ferdinand FONG
    Panel Discussion

    According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise in Malaysia. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists.


    - Victor LO (Head of Cyber Security, Malaysia Digital Economy Corporation (MDEC))
    - Philip VICTOR (MD, Welchman Keen)
    - Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
  • Auditing the Cloud Jun 30 2021 6:45 am UTC 30 mins
    Divakaren SIVAGURUNATHAN (BOD, ISACA Malaysia, Chapter)
    2020 was the year of cloud computing due to the COVID19 pandemic, which required more businesses to operate remotely, and the staff to Work From Home. Though it is the obligation of the cloud service provider to take responsibility for their infrastructure and ensure security and safety at all ends, sometimes it doesn’t quite happen. There have been several large-scale incidents this year, in some cases, stemming from a surge in usage.

    If there exists a gap between the requirements of the organization versus the capability of the cloud service provider, proper and formal steps must be put in place to successfully mitigate this risk to an acceptable level.

    The best method to identify these gaps and address them with stakeholders is via an audit of the cloud service provider. This presentation will briefly explain the controls which need to be audited, to provide the requisite assurance to the client organization and their stakeholders. Ignorance is not bliss when migrating to the cloud.
  • ​Establishing Cloud Audit Expertise Jun 30 2021 6:00 am UTC 30 mins
    Ekta MISHRA (APAC Membership Director & Country Manager - India)
    As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance.
  • Modeling Against the Top Threats in Cloud Jun 30 2021 5:15 am UTC 30 mins
    John Yeoh (Global Vice President of Research, CSA)
    Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.
  • Cloud Security in the Age of Hybrid Clouds Jun 30 2021 4:00 am UTC 45 mins
    Ferdinand FONG, Faisal YAHYA, FONG Choong Fook, Ian LOE, Narudom ROONGSIRIWONG
    Panel Discussion

    Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?

    MODERATOR: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)

    - Faisal YAHYA (Chairman, CSA Indonesia Chapter)
    - FONG Choong Fook (Director, LE Global Services, Malaysia)
    - Ian LOE (CTO, NE Digital)
    - Narudom ROONGSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)
  • Mitigation Measures for Risks,Threats & Vulnerabilities Hybrid Cloud Environment Jun 30 2021 3:15 am UTC 30 mins
    Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, CSA Hybrid Cloud Security WG)
    Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.
  • Hybrid Cloud and Its Associated Risks Jun 30 2021 2:30 am UTC 30 mins
    Narudom ROONSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)
    As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.
  • Keynote - New normal: Accelerating Business Digital Adoption Jun 30 2021 1:45 am UTC 30 mins
    Aiza Azreen AHMAD (Chief Digital Business Officer, MDEC)
    Acceleration of digital during new normal by catalysing digital business adoption with greater flexibility, productivity, improving customer experience and staying ahead with more innovative solutions
  • Introduction, Welcome Remarks & Opening Keynote Jun 30 2021 1:00 am UTC 30 mins
    Dr. Hing-Yan LEE (EVP APAC, CSA ) & Jim Reavis (CEO & Co-Founder, CSA)
    Introduction & Welcome Remarks
    ​Dr. Hing-Yan LEE (EVP APAC, CSA)

    Opening Address
    Jim REAVIS (Co-Founder & CEO, CSA)
  • 2021 State of Secure Identity Report Jun 29 2021 5:00 pm UTC 60 mins
    Duncan Godfrey, Kim Berry, & Matt Duench of Auth0
    Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security.

    The "2021 Auth0 State of Secure Identity" report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies.

    During this webinar, we’ll provide greater insight into which industries are:
    - Most highly targeted by credential stuffing attacks
    - Most highly targeted by SQL injection attacks
    - Leading the way in MFA adoption to improve overall security posture

    We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.
  • Better AppSec with Secure Blocks Jun 24 2021 5:00 pm UTC 60 mins
    Gurpartap Sandhu, Manager, Secure Software Engineering, Adobe
    When developers build security into services at Adobe, we make it to where they don’t have to start from scratch. We provide a set of core building blocks for use such as identity service, API platform, event-based messaging system, and others. Traditionally, Adobe security has relied on manual reviews and checklists to make sure these components are being used securely. However, as the number of services grew, we found it hard to scale manual reviews. With the help of automation and “secure-by-default” settings we have created “secure blocks” – application components that have necessary security controls built-in. We’ve not only been able to keep up with the growth but also managed to improve our overall coverage. In this webcast you will learn more about our ongoing development and deployment of our “secure blocks” methodology that helps improve security and compliance across our products and services.
  • Enabling Software Security With DevSecOps Jun 22 2021 5:00 pm UTC 60 mins
    Cindi Carter, CISO, IntSights
    A lot of folks talk about the “what” behind DevSecOps, but few have mastered the “how” that makes it a success. With Development and Operations functions fused together in most organizations, Security must become a first-class cultural component in software engineering practices. In this talk, IntSights CISO Cindi Carter will share the story of how her team at a health IT company succeeded in implementing the secure Software Development Lifecycle for an organization with more than 3500 reluctant developers worldwide.

    In this session, you will learn how to build in cybersecurity rather than bolting it on later:
    - Understand the developer’s mindset and motivation
    - Exploit the company culture and incentivize developers to desire security
    - Expand from a few crazy early adopters to thousands of developers
    - Overcome the roadblocks that arise along the way
  • Securing the Cloud via CCSK Recorded: Jun 18 2021 22 mins
    Ekta MISHRA (APAC Membership Director & Country Manager - India)
    As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security.
  • 5 Steps to Streamline Third-Party Due Diligence and Business Continuity Recorded: Jun 17 2021 33 mins
    Justin Harrison, Third-Party Risk Consultant, OneTrust
    Recent events have created uncertainty around the viability of the third parties you depend on. Suddenly, third-party risk and business continuity have become the top priority of many board members.

    We're actively working with organizations to help them execute on plans to better assess their suppliers and service providers to avoid significant operational disruptions. In this webinar, we'll share what we've learned and provide examples of what organizations are doing in practice to navigate these disruptions.

    Join this webinar to learn:
    - How to streamline rapid due diligence of your suppliers
    - How to develop and execute business continuity plans as it relates to third parties
    - Best practices on how to prepare for these incidents in the future
  • Fragmented Security and Threat Management: We seriously can’t go on like this. Recorded: Jun 16 2021 41 mins
    Patrick Vowles, Team Lead - Security, IBM Security
    Many of today's organizations have as many staff resources integrating security tools and data sources as they do actually running their security programs. This is a tragic duplication of effort and not the most productive use of precious talent that often fail to create the expected value and ROI.

    Join this webinar to hear how some key alliances are pushing the industry towards open, standards based interoperability, and see some tangible examples of what those gains in efficiency and efficacy look like today.
  • Live Hack: Securing Privileged Access to Stop Attackers in Their Tracks Recorded: Jun 15 2021 62 mins
    Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
    See why endpoints are the favored targets of attackers in this live hack simulation and how cyber criminals use compromised credentials to escalate privileges and access your cloud applications.

    Join Thycotic Chief Security Scientist Joseph Carson as he demonstrates how an attacker captures an employee password on an endpoint, gets hold of an email account, and escalates the exploit to access a critical cloud application—all undetected by typical security controls. Then, see how you can stop these endpoint attacks and protect privileged access to critical cloud applications with PAM security solutions.
  • AWS Security: Practical Tips for Compliance Managers Recorded: Jun 11 2021 60 mins
    Ayman Elsawah, Founder and CEO, Cloud Security Labs
    AWS is releasing new services all the time, yet it seems like a blackbox to many people. Compliance managers need to be highly attuned to the work that happens inside their organization’s AWS environments. Given the flexibility provided by AWS and ease with which developers can spin up new services, compliance managers need to work with their engineers to put guardrails in place to prevent accidents from happening.

    Join this presentation by Ayman Elsawah, Founder of Cloud Security Labs and AWS Security Expert, to learn what to look for in AWS and how to put proper guardrails around your organization’s AWS usage to ensure security and compliance.

    What you will learn:
    - What to look for in your AWS environments and specific questions to ask your engineers.
    - Prioritized approach towards securing your AWS Accounts
    - How to utilize AWS Organizations and native AWS Service to setup guardrails on your accounts at scale whether it’s 10 accounts or 100 accounts.
    - How you can more easily collect and manage evidence of your security and compliance measures for your next audit
  • Getting to Secure DevOps Recorded: Jun 8 2021 56 mins
    Gavin Matthews, Senior Technical Product Manager, Red Canary
    DevOps established infrastructure that is fast, and easy to deploy and maintain. And it is increasingly complex. Further, many DevOps programs face a high risk of threats as security has not been successfully integrated into the infrastructure and workflows. Achieving a secure infrastructure as code state would reduce the risk of threats, improve visibility and reduce alert fatigue for security operations teams.

    There are some basic investments that security teams can make in collaboration with DevOps to improve security without compromising the speed and ease of infrastructure-as-code deployments. These include:
    1) Security awareness and training,
    2) Setting standards through code,
    3) Automating as much as possible,
    4) Reimaging and redeploying frequently,
    5) Taking runtime threats seriously.
    A combination of security tools and services - including open source tools - can help organizations take these steps to reduce their risk and work towards secure infrastructure as code.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Key Principles and Strategies for Securing the Enterprise Cloud
  • Live at: Dec 9 2020 3:00 am
  • Presented by: Edwin LIM (Country Director, Fortinet Indonesia)
  • From:
Your email has been sent.
or close