Hi [[ session.user.profile.firstName ]]

Introduction to the Cloud Controls Matrix v4.0

The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4, a greater insight into its development and new components, the current activities of the CCM WG (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0.
Live online Jul 29 3:15 am UTC
or after on demand 30 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Lefteris SKOUTARIS (Program Manager, CSA)
Presentation preview: Introduction to the Cloud Controls Matrix v4.0
  • Channel
  • Channel profile
  • Securing IoT Ecosystem leveraging CSA's IoT Framework Jul 29 2021 4:00 am UTC 30 mins
    Renu BEDI (IT Security Manager, PwC, India)
    The internet of Things (IoT) brings increased connectivity to all industries and business markets, enabling a wide range of services for customers, stakeholders, and service providers. IoT security risks could result in loss of business or life. Device manufacturers and organizations can leverage CSA's IoT framework to reduce risk to an acceptable level by implementing end-to-end security controls. ​
  • Introduction to the Cloud Controls Matrix v4.0 Jul 29 2021 3:15 am UTC 30 mins
    Lefteris SKOUTARIS (Program Manager, CSA)
    The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4, a greater insight into its development and new components, the current activities of the CCM WG (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0.
  • Data Provenance and Cloud Security: Challenges & Opportunities Jul 29 2021 2:30 am UTC 30 mins
    Prof. Ryan KO (Chair & Director, UQ Cyber Security, University of Queensland, Australia)
    At the heart of all cyber and cloud security attribution challenges is the problem of data provenance tracking and its reconstruction. In this talk, I will cover past, present and developing provenance research in computer science, and cover its relation and usefulness to accountability, traceability, trust, forensics and proactive cloud and cyber security. It will feature some of the cloud data provenance research I have conducted in the past decade, discussed unsolved (or seemingly unsolvable) problems, and will discuss some of the recent developments in academia, industry, and international standards.
  • The Key Role of Training and Education for a Secure Approach to Cloud Computing Jul 29 2021 1:45 am UTC 30 mins
    Daniele CATTEDDU (CTO, CSA)
    Keynote - Introducing the CCAK

    Developed by CSA and ISACA to meet the unique demands of evaluating and auditing cloud based environments, the Certificate of Cloud Auditing Knowledge (CCAK) is the first credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing and assessment cloud computing systems.
    In his presentation Daniele Catteddu will describe the rationales behind the creation of the CCAK and offer an overview of the CCAK body of knowledge, including cloud security components based on CSA’s Security, Trust, Assurance & Risk (STAR) and Cloud Controls Matrix (CCM), as well as highlight key differentiators from other IT audit certification programs and illustrate the benefits of earning your CCAK.
  • Welcome Remarks & Opening Address Jul 29 2021 1:00 am UTC 30 mins
    Dr. Hing-Yan LEE (EVP APAC, CSA) & Jim Reavis (CEO & Co-Founder, CSA)
    ​Welcome Remarks
    ​Dr. Hing-Yan LEE (EVP APAC, CSA)

    Opening Address
    Jim REAVIS (CEO & Co-Founder, CSA)
  • Best Practices for Managing Secrets in Multi-cloud Environments Jul 27 2021 5:00 pm UTC 60 mins
    Shikha Chawla and Scott Webster, Adobe
    The need to properly manage secrets is an essential part of the software development lifecycle. It can also be a tedious and time-consuming, not to mention error-prone, effort. Having a strong, enforced policy on secret rotation is essential. But it can also be complicated. First, you need to determine where all of your secrets are used, then you need to generate new ones, document this happened and why, put new secrets wherever they are supposed to be used, and also document the entire process in the end — preferably without breaking everything.

    You are likely wondering with all of this complication if it is even possible to come up with a way to properly manage secrets, especially in diverse, multi-cloud environments. The key is to look at this as a coding problem with a coding solution. Join Shikha Chawla, lead architect for Adobe I/O, and Scott Webster, cloud engineer, for insight into best practices for implementing an automated approach to secrets management. They will discuss what we have learned here at Adobe that works best for our application development and security teams that we hope will provide solid guidance you can use to implement your own automation program for secrets management.
  • Moving from Cyber Security to Cyber Resiliency in the Cloud Recorded: Jul 22 2021 48 mins
    Yuval Shchory, Head of Product Management, Cloud Security
    How can cybersecurity catch up to the business, while still maintaining a dynamic, resilient, and secure operation? Transitioning and operating in the cloud is no longer just about moving from your on-premises data centers. It’s about optimizing connections between branch offices to home offices, and accelerating the development and deployment of applications – all while remaining secure and compliant!

    Join us and find ways to squeeze the full business benefits out of the cloud through consolidation, visibility, automation, and intelligence.
  • Publicly Exposed Databases: The #1 Cloud Security Risk Today Recorded: Jul 21 2021 52 mins
    Alon Shindel, Product Architect, Wiz
    The most common cloud security issue facing organizations today is a database containing sensitive data that’s inadvertently accessible to the internet. It seems every week another brand is in the headlines because attackers exploited this situation to steal data. So why is it so hard for security teams to answer the simple question, “do we have a publicly exposed database?” In this session, we’ll dive into the complexity of cloud and Kubernetes networking that gives rise to this problem and what security teams can do to break through this complexity and discover the at-risk database in their own cloud environments.
  • The Rise of Ransomware: Time to Expand Your Defense Beyond Data Backups Recorded: Jul 13 2021 55 mins
    Yotam Katz and Andrey Yakovlev, IntSights
    Join IntSights to see first hand, recent intelligence on how threat actors deploy ransomware against various industry targets, as well as how the sophistication of ransomware continues to evolve.

    Attend this session to hear IntSights Yotam Katz and Andrey Yakovlev review:

    • The latest trends in ransomware
    • Best practices and practical steps for considering and countering threats
    • How threat intelligence can be used to contextualize indicators of compromise
    • Insights into threats beyond the horizon...
  • Building a Data Visibility and Control Framework for The MultiCloud Recorded: Jun 30 2021 49 mins
    Dimitri Sirota, Gary Patterson, and Sarah Hospelhorn of BigID
    Modern multi-cloud environments are complex, noisy, and full of sensitive data. It’s critical to gain visibility and control for data in the cloud - to reduce risk, get more value from your data, and take a strategic and scalable approach to data management.


    Join Dimitri Sirota, Co-founder, and CEO of BigID, to explore how to build a data visibility and control framework for the cloud. You’ll learn:
    - Challenges to data visibility and control across data centers in the cloud
    - How ML and automation will fuel next-generation data management that extends to privacy, security, and governance
    - Key steps to building a sustainable and scalable framework for cloud data management
  • Data Sovereignty - What’s the Big Fuss About? Recorded: Jun 30 2021 41 mins
    Dr. Hing-Yan LEE, Madhav CHABLANI, Stephanie King-Chung HUNG, Ts. Saiful Bakhtiar OSMAN
    Panel Discussion

    The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty.

    MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)

    PANELISTS:
    - Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
    - Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems,, ST Engineering)
    - Ts. Saiful Bakhtiar OSMAN (Head of IT, APAC, ASCENT Fund Services)
  • How Can We Grow the Pool of Cloud Security Professionals Recorded: Jun 30 2021 43 mins
    Dr. Hing-Yan LEE, Victor LO, Philip VICTOR, Ferdinand FONG
    Panel Discussion

    According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise in Malaysia. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists.

    MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)

    PANELISTS:
    - Victor LO (Head of Cyber Security, Malaysia Digital Economy Corporation (MDEC))
    - Philip VICTOR (MD, Welchman Keen)
    - Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
  • Auditing the Cloud Recorded: Jun 30 2021 27 mins
    Divakaren SIVAGURUNATHAN (BOD, ISACA Malaysia, Chapter)
    2020 was the year of cloud computing due to the COVID19 pandemic, which required more businesses to operate remotely, and the staff to Work From Home. Though it is the obligation of the cloud service provider to take responsibility for their infrastructure and ensure security and safety at all ends, sometimes it doesn’t quite happen. There have been several large-scale incidents this year, in some cases, stemming from a surge in usage.

    If there exists a gap between the requirements of the organization versus the capability of the cloud service provider, proper and formal steps must be put in place to successfully mitigate this risk to an acceptable level.

    The best method to identify these gaps and address them with stakeholders is via an audit of the cloud service provider. This presentation will briefly explain the controls which need to be audited, to provide the requisite assurance to the client organization and their stakeholders. Ignorance is not bliss when migrating to the cloud.
  • ​Establishing Cloud Audit Expertise Recorded: Jun 30 2021 23 mins
    Ekta MISHRA (APAC Membership Director & Country Manager - India)
    As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance.
  • Modeling Against the Top Threats in Cloud Recorded: Jun 30 2021 30 mins
    John Yeoh (Global Vice President of Research, CSA)
    Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.
  • Cloud Security in the Age of Hybrid Clouds Recorded: Jun 30 2021 41 mins
    Ferdinand FONG, Faisal YAHYA, FONG Choong Fook, Ian LOE, Narudom ROONGSIRIWONG
    Panel Discussion

    Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?

    MODERATOR: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)

    PANELISTS:
    - Faisal YAHYA (Chairman, CSA Indonesia Chapter)
    - FONG Choong Fook (Director, LE Global Services, Malaysia)
    - Ian LOE (CTO, NE Digital)
    - Narudom ROONGSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)
  • Mitigation Measures for Risks,Threats & Vulnerabilities Hybrid Cloud Environment Recorded: Jun 30 2021 32 mins
    Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, CSA Hybrid Cloud Security WG)
    Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.
  • Hybrid Cloud and Its Associated Risks Recorded: Jun 30 2021 37 mins
    Narudom ROONSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)
    As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.
  • Keynote - New normal: Accelerating Business Digital Adoption Recorded: Jun 30 2021 12 mins
    Aiza Azreen AHMAD (Chief Digital Business Officer, MDEC)
    Acceleration of digital during new normal by catalysing digital business adoption with greater flexibility, productivity, improving customer experience and staying ahead with more innovative solutions
  • Introduction, Welcome Remarks & Opening Keynote Recorded: Jun 30 2021 21 mins
    Dr. Hing-Yan LEE (EVP APAC, CSA) & Jim Reavis (CEO & Co-Founder, CSA)
    Introduction & Welcome Remarks
    ​Dr. Hing-Yan LEE (EVP APAC, CSA)

    Opening Address
    Jim REAVIS (Co-Founder & CEO, CSA)
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Introduction to the Cloud Controls Matrix v4.0
  • Live at: Jul 29 2021 3:15 am
  • Presented by: Lefteris SKOUTARIS (Program Manager, CSA)
  • From:
Your email has been sent.
or close