As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security.
"A Call to Action with CSA Vietnam Chapter” [in Vietnamese language]
Philip Cao HUNG (Advisor, CSA Vietnam Chapter)
RecordedMay 27 202134 mins
Your place is confirmed, we'll send you email reminders
Matt Ambroziak, Director of Security Engineering, Virsec
Each time a person or company deploys a new application, there is an additional surface for attackers to hack into systems. As we have seen in recent cyberattacks, software flaws continue to be at the center of data breaches. The National Vulnerability Database maintains statistics on new products and new vulnerabilities being added into the database monthly – and the numbers are skyrocketing. As the attack surface of applications increases, new technologies, processes, and procedures need to be put in place to better protect cloud environments. In this webinar, Virsec Director of Security Engineering Matt Ambroziak will present new ways for security professionals to reduce the attack surface in the cloud.
Tia Hopkins, Vice President, Cyber Risk Advisory and Solutions Architecture, eSentire
Whether it’s cloud, multi-cloud, or hybrid cloud, there is no end to cyber risk. So, organizations must be confident in their ability to protect their cloud environments and prepare for emergency scenarios. In most cases, this preparation comes in the form of hardening your security defenses and becoming cyber resilient by adopting the technologies, processes, and expert-level support. While many business leaders verbally declare the importance of reducing cyber risk, only a few understand that there are varying approaches to managing cyber risk – some far more successful than others. Key takeaways:
- Evolution of security management - Actively manage your cloud security posture
- Risk management vs risk reduction - Stop attackers and mitigate risk
- Challenges with assessing risk - Detect emerging threat tactics
In this presentation, Tia Hopkins will explore the challenges of maturity-based security programming and outline how leveraging security operations and incident response can help your organization transition to a risk-based approach that enables true quantification of cyber risk in the cloud.
John Jacobs, Chief Information Security Officer, Fortinet
Cloud computing has ushered in an explosion of tools and resources to swiftly adapt applications, business processes, and even create entire industries. With this rapid growth comes an expanded compute surface and an exponentially increased challenge to maintain user, device, and data security. Cybersecurity can no longer adequately scale by adding another analyst, tool, or console.
Machine Learning can ingest and act upon correlated information from multiple sources, saving time and money, and most importantly: reducing exposure and closing security gaps. Security orchestration, automation, and response (SOAR) is a growing technology that can help scale burdened staff while improving the time-to-resolve, measured results and efficiency of repetitive and known tasks.
Jigar Shah, Head of Products, Valtix, and Roy Long, Founder & Cloud Architect, skyPurple
This webinar will look at the top 10 most impactful network security mistakes for organizations deploying apps on AWS today. For many organizations, apps were deployed in AWS quickly – as lines of business moved to realize the business benefit of AWS-deployed apps. Which often meant that apps were deployed with a variety of assumptions about security – which were not always correct. Join Jigar Shah, Head of Products for Valtix, and Roy Long, Founder & Cloud Architect at skyPurple, for a discussion on the Top 10 most impactful network security mistakes, to include errors and myths across:
• Native Controls
• Dynamic vs. Static capabilities
The team will also cover something equally important – what can organizations do to fix those mistakes? We'll have two perspectives reflecting our speaker's expertise: technology-oriented and real-world use. Suggested remedies will include immediate, tactical fixes, as well as longer-term solutions.
Please join us for a lively discussion on one of the more relevant topics in security today – one that we are sure you’ll walk away from with actionable information!
Mike Bykat, Senior Solutions Engineer and Sam Flaster, Product Marketing Manager, CyberArk
Distributed IT environments require unified security controls. As your organization unlocks the operational advantages of cloud-hosted infrastructure and applications, it’s essential that you take a consistent approach to securing the diverse range of identities that need access to sensitive resources.
Everyone from CISA to AWS, Azure and GCP stress the importance of least privilege access. But in today’s increasingly complex IT landscape, consistent least privilege is easier said than done.
Join CyberArk Solutions Engineers Mike Bykat and Hamza Tariq for a discussion on:
• Defending against identity-related attacks by right-sizing IAM policies
• Eliminating Identity Security siloes with consistent controls for shared and federated identities
• The operational promise of emerging technologies like Cloud Infrastructure Entitlements Management (CIEM)
• Enabling safe, rapid cloud expansion with unified Identity Security
Prasun Srivastava (Senior Solutions Architect – India and SAARC region, Cloud Protection and Licensing, Thales)
The latest cybersecurity incidents affecting government agencies and organizations as well as large enterprises around the world, who have invested heavily in digital and cloud initiatives, have demonstrated the urgent need for businesses to segregate their security duties from those of cloud service providers, and own their own data security to avoid cyber threats and prevent criminals. The most important security consideration is knowing exactly who is responsible for what in any given cloud project. It’s less important if any particular cloud provider offers a specific security control, as long as you know precisely what they do offer and how it works.
The CSA provides two tools to help meet these requirements: The Consensus Assessments Initiative Questionnaire (CAIQ). A standard template for cloud providers to document their security and compliance controls. & the CCM, which lists cloud security controls and maps them to multiple security and compliance standards. The CCM can also be used to document security responsibilities.
In this session we would take a look into the above and talk about some of the controls critical to owning you data on the cloud.
Panel Discussion : "Hybrid Cloud Security: Risks & Mitigation"
Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? What are the risks in a hybrid cloud environment compared to on-prem and how does one go about mitigating each of these risks. How does one assess the effectiveness of these mitigation measures? And finally how would these mitigation measures benefit organizations/businesses?
With Special Focus on Impact of Quantum Computing on Crypto Assets
The speaker will be sharing CSA Blockchain Working Group research papers on "Securing Crypto assets, can Blockchains survive the Quantum Computing Threat" & then extending conclusions of those papers to the Cryptocurrency Security Standard (CCSS) and showing how to effectively map the CCSS with the CSA's CCM 4.0 framework for Enterprise deployments of secure Crypto assets".
The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4.0, a greater insight into its development and new components, the current activities of the CCM working group (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0.
Dr. Lopa Muddra BASUU (APAC Research Advisory Council Member, CSA)
IoT Cloud Convergence Elevated the Smart Vehicle Ecosystem boosted by Mobility. With enhanced experience, security challenges increased manifold. Striking a balance between risks & user experience became the most challenging ball game. Secure Cloud capabilities can be strategically used to address technology risks.
Ekta MISHRA (APAC Membership Director & Country Manager - India)
As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance.
While the Cloud has been gaining in adoption for the last decade, the pandemic challenges of the last 2 years has made the move to the Cloud inevitable. The last 2 years have seen massive adoption of Cloud, Mobile Computing and telecommuting. Organizations went into an overdrive to move workloads to the Cloud and equip the workforce with laptops and remote access. This trend will only continue and a hybrid working environment will develop. However, this hybrid environment has widespread ramifications on information security, privacy and business continuity. This hybrid working environment has increased the attack surface and has forced organizations to be more "elastic" yet secure in meeting security demands. New approaches are required to meet these new challenges in information security, privacy and business continuity. Organizations will have to embrace concepts of Zero Trust and Cloud Security Controls. The increasing focus on privacy would need more emphasis on implementation of privacy by design. Organizations will have to move to the more mature model of "resilience" rather than the current model "business continuity".
The advent of Mobile Apps, as a default and mandatory requirement, with every service has caused an explosion in usage of smart mobile devices. The use of mobile applications over cloud have surpassed websites as the avenue of choice when it comes to consuming services and hence the rise in mobile application testing services market (valued at USD 13.6 billion by 2026 growing at 20.32% CAGR during the forecast period 2019–2026). CSA aims to continuously improve and increase open-source security standards and thereby enhance mobile applications security. The Mobile Application Security Testing (MAST) whitepaper by CSA provides best practices for the security testing of mobile applications.
This session covers its application approach to MAST landscape to overcome growing application security challenges.
Raj SHASTRAKAR (Serverless Working Group Member, CSA)
The presentation will cover how continuous compliance can be achieved in a multi-cloud environment, in near real-time. It will also cover the strategy on anti-drift pattern, mitigation at scale, and mitigation-as-code approach.
The internet of Things (IoT) brings increased connectivity to all industries and business markets, enabling a wide range of services for customers, stakeholders, and service providers. IoT security risks could result in loss of business or life. Device manufacturers and organizations can leverage CSA's IoT framework to reduce risk to an acceptable level by implementing end-to-end security controls.
The cyber threat landscape is changing and evolving, the notion that enterprises are safe and that one needs to protect against future threats has changed to a position where enterprises could be at threat with adversaries in their midst. One needs to change to an adversarial mindset and adopt a security posture to be able to positively adapt within this context.
In this session we will discuss about the changing nature of digital transformation and how it is altering the thinking in the security landscape. It will cover the ways to integrate security at every step of development life cycle.
Gartner Research recently predicted that “through 2025, more than 99% of cloud breaches will have a root cause of customer misconfigurations or mistakes.” Now that we know where we should focus our efforts to secure the enterprise cloud services we use, we should be able to move quickly to address mistakes and mitigate risk. Right?
It's never that easy. But if we understand where our cloud security weaknesses exist and if we effectively prioritize risk and mitigate self-induced vulnerabilities, we'll be way ahead of the game.
Cloud security is almost never the cloud service provider's problem and the sooner we take responsibility for the security of our cloud application infrastructure, the quicker we can mitigate risk.
Unfortunately, cyber security initiatives too often fall short of objectives to actually secure cloud infrastructure. Lots of scanning and configuration checks, but not a lot of mitigation and remediation. There are so many moving parts in modern cloud application infrastructure, with dozens of stakeholders, and a crush of vulnerabilities and misconfigurations that are growing exponentially.
Join Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO, to learn from the top mistakes we've seen time and again in enterprise cloud security. Join us to learn about:
• The top five mistakes in cloud security.
• How to avoid these mistakes.
• The latest native AWS, Azure, and Google Cloud security tools available today to help you enforce cyber hygiene across your multi-cloud surfaces.
Ami Luttwak, Chief Technology Officer, and Alon Schindel, Product Architect, Wiz
Supply chain attacks are on the rise with high-profile breaches such as Mimecast and Kaseya changing the way we approach supply chain risk. Cloud environments are particularly exposed because cloud identities are complex and even innocent looking privileges requested by third-party vendors can lead to unexpected levels of access. Research from Wiz Labs recently found that 82% of companies unknowingly provide third-party vendors highly privileged roles in their cloud environment. In this session, we will explore supply chain risks in the cloud and how to mitigate them to harden your cloud environment against attack.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa