Hi [[ session.user.profile.firstName ]]

Journey to the Cloud: What You Need to Prepare

Cloud computing brings with it many benefits such as cost savings, disaster recovery, resiliency, automatic software update just to name a few. And these benefits are driving adoption, it is estimated that by 2024 cloud services market will be worth US$661 billion with 59% of enterprises expecting usages to exceed prior pre-Covid19 numbers. As you start your journey to the Cloud, what are the preparations you will need to do? What is the #1 impediment today and how would you address it? Find out how you can address the #1 impediment when it comes to taking the first step in your journey to the Cloud, the tools that are available for you to begin the journey. As well as the type of migration which you can consider depending on your business, operational and IT needs.
Recorded Sep 3 2021 16 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ferdinand FONG (Sales Director, ASEAN, CSA)
Presentation preview: Journey to the Cloud: What You Need to Prepare
  • Channel
  • Channel profile
  • Transforming Enterprise Cloud Security to Supercharge Developer Velocity Nov 19 2021 5:00 pm UTC 60 mins
    Josh Stella, CEO and Co-Founder, Fugue, and Rajat Sharma, Co-Founder, CWS
    Security has become the rate-limiting factor for how fast software development teams can go in the cloud. Security reviews, remediations, and audits soak up valuable engineering resources and steal away the speed and agility that the cloud promises.

    That's because cloud security is still laden with inefficient and ineffective manual processes. But with automation using Policy as Code, enterprises can create a security-first culture that collapses the time and investment required to deliver secure infrastructure and applications much faster.

    In this session, Josh Stella (Founder, Fugue) and Rajat Sharma (Founder, CWS) will outline why cloud security isn't the same as datacenter security—it's about tuning your processes with policy-based automation rather than intrusion detection or network monitoring.

    Attendees will walk away with actionable insights and strategies on:

    * Assessing your current cloud security posture and developing a prioritized roadmap to bring your environment into compliance
    * Implementing automation using Policy as Code to build security into every aspect of cloud operations, from design to production
    * Empowering developers with tools that help them find and fix issues in infrastructure as code, when making changes is easier and faster
    * Putting guardrails in place that prevent dangerous misconfiguration vulnerabilities without slowing anyone down
    * Creating security awareness within your cloud engineering team to avoid costly technical debt and significant remediations

    If it takes your organization months to deploy new environments and weeks to update them because of security, this session is for you.
  • Standardize Identity Security: From On-Prem to Multi-Cloud Nov 16 2021 5:00 pm UTC 60 mins
    David Higgins, EMEA Technical Director, and Chris Maroun, Senior Director, Global Technology Office, CyberArk
    Modern organizations face an exponentially complex identity landscape – cloud migrations, remote work, and rapidly evolving security and compliance philosophies are creating a proliferation of identities across on-premises and multi-cloud environments.

    Standardization is the key to security at scale. By unifying Identity Security controls across siloed environments and risk boundaries, organizations can establish equally dynamic security processes that scale and continuously improve to meet the complex needs of their end users.

    Join the Directors of CyberArk’s Global Technology Office, David Higgins and Chris Maroun, for a discussion on establishing consistent controls at enterprise scale.

    Key topics will include:

    ● Reducing risk of data loss and leakage
    ● Standardizing and securing access for all hybrid and multi-cloud identities
    ● Least privilege access and Just-in-Time workflows
    ● Simplifying secrets management and secure application development
    ● Monitoring and auditing cloud operations.
  • Can security and usability co-exist in a remote working environment? Nov 10 2021 6:00 pm UTC 60 mins
    Michael Covington, VP of Product Strategy, Wandera
    Now that we’ve settled into the rhythm of remote working, companies need to transition from the bootstrapped survival plans that were implemented back in 2020 to mature(r) remote working strategies.

    The early gripes of remote working such as an improper desk setup, disconnect after disconnect from the corporate VPN or multiple 2FA prompts throughout the day may have been tolerable initially, but cannot persist in the long term.

    IT teams are now charged with provisioning technologies to eliminate productivity drain and enable employees to work effectively wherever they are. While business growth hinges on employee productivity, IT professionals will undoubtedly be mindful of the security-usability tradeoff.

    Users need to be granted an appropriate level of access without making authentication arduous. Devices need to be thoroughly analyzed for threats and vulnerabilities regardless of ownership and management status. Access to corporate applications needs to be brokered whether hosted on-premise or in the cloud.

    In our upcoming session, we’ll discuss how to balance security and usability in the context of remote working:
    Usability: employees shouldn’t have to worry about how they’re going to get their work done; it should be as simple as flipping open a laptop and logging on. We’ll discuss how an SDP can eliminate the productivity problems associated with remote working without compromising security.

    Performance: an architecture that scales and adapts to the growing needs of your business is important for manageability. We’ll go over how an SDP reduces the management burden of traditional access technologies while eliminating the need to adopt point solutions to deal with niche security use cases.

    Privacy: employees are more mindful of the blur between work and personal lives, mainly because there hasn’t been a division for the past two years. How can IT teams overcome the privacy concerns of employees while making sure that they have the needed observability?
  • Automating and Orchestrating the Top 3 Cloud Security Use Cases Nov 8 2021 6:00 pm UTC 60 mins
    Harrison Parker, Senior Solutions Architect, Siemplify
    As security operations teams manage rapidly evolving and increasingly complex cloud infrastructures, there is more need than ever to reduce an organization's attack surface, increase speed and reliability by automating as many processes as possible, and bridge the gap between on-premise and cloud security.

    Security orchestration, automation and response (SOAR) platforms can help streamline detection and response workflows with repeatable and custom dynamic playbooks for a litany of cloud-related security alerts.

    In this webinar, we'll cover how you can easily address the following cloud security use cases, including:
    - Automatically respond to compromised developer breaches and data exfiltration on multi-cloud applications.
    - Detect and remediate hybrid malware via novel file synchronization attack vectors.
    - Systematically investigate and patch cloud vulnerabilities and misconfigurations.
  • Key Considerations to Get Buy-in for a SaaS Data Security Program Nov 3 2021 4:00 pm UTC 60 mins
    Izak Mutlu, former CISO, Salesforce and Arnaud Treps, CISO, Odaseva
    Despite increased calls to action from cloud experts, many IT leaders still believe SaaS data security is not their responsibility. A recent study by analyst firm ESG found that more than ⅓ of IT leaders rely solely on SaaS applications to protect data. Meanwhile, security threats are becoming bolder and more advanced, also targeting SaaS applications. While SaaS vendors' security efforts actually relieves customers from some concerns, a SaaS data security program remains a must-have to avoid security breaches that could result from user errors, misconfigurations, technical issues, bugs in custom code or even an advanced attack on the SaaS vendor itself.

    But first, you need buy-in from Security, IT, Legal & Compliance stakeholders. This webinar will feature SaaS data security experts Izak Mutlu, former CISO of Salesforce, and Arnaud Treps, CISO of Odaseva, breaking down key considerations security professionals can use to reinforce the need for SaaS security with their colleagues.

    Join this webinar to learn about the top considerations to get buy-in for a SaaS data security program which include:
    - Why typical SaaS security controls like MFA are not silver bullets
    - Why SaaS platforms are the ideal target for motivated hackers
    - Why SaaS data is much harder to restore in the event of a data loss
    - Why customers remain accountable for regulatory compliance
  • Are we losing or gaining control of SaaS Data Access? Nov 2 2021 4:00 pm UTC 60 mins
    Justin Somaini, Chief Security Officer, Unity, and Adam Gavish, CEO, DoControl
    Organizations use SaaS apps to drive business enablements across all departments and workforce. Collaboration with 3rd party vendors, customers, and partners over SaaS data is the new normal - and we just love it when things get done quickly right?

    This poses two threats for security practitioners:

    1. Insider threats
    • Leaving employees share SaaS data with their personal accounts which not only exfiltrate company data with personal accounts but also pose extra risk since personal account in most cases don’t have multi-factor authentication set up
    • Employees overexpose sensitive data internally (finance and engineering can consume each other’s information)
    • Sensitive data is being shared with the wrong 3rd party

    2. External threats
    • 3rd party collaborators have access to your company data forever
    • Your vendors share your company data with their vendors, who were never gone through a 3rd party risk assessment by you
    • 3rd party collaborators with your company data with their personal accounts which in most cases don’t have multi-factor authentication set up

    This is a candid discussion on the threat models above and beyond. Our goal is to raise awareness on what’s going on as well as suggest industry best practices and “war stories” so that you will walk away with better knowledge and tools to remediate such risks in your organization.
  • Impact of Digital Transformation on Security Strategy Oct 28 2021 5:00 pm UTC 60 mins
    Jason Hicks, Coalfire, Jerome Bell, IBM Cloud, James Carder, LogRhythm, and Elad Yoran, Cloud Security Alliance
    As companies shift their people, processes, and technologies into the digital age, cybersecurity strategy is sometimes an afterthought instead of an integrated part of planning. In fact, a recent survey of C-level executives* showed that nearly one-third of security controls and management are still siloed from a functionality standpoint.

    At the organizational level, this siloing can result in policy decisions that fail to address critical security gaps within a strategic plan, resulting in an increase in time and resources dedicated to retroactively addressing these gaps. Transformation can also mean disruption to teams, exposing skill gaps that hamper progress.

    This panel discussion features seasoned cyber executives who will share their lessons learned and best practices for harnessing cyber strategy to improve the digital transformation journey.

    You’ll hear:
    • The top challenges when aligning security strategy to cloud migration and other digital transformation steps.
    • Best practices throughout the digital transformation journey, including:
    o Creating efficiencies in a hybrid environment.
    o Getting into a DevSecOps mindset from the start.
    o Securing Board and leadership buy-in on cybersecurity strategy.
    • How best to transition your team to minimize disruption and staff turnover.
    • How to message the business value of the transformation to the Board and other key stakeholders.
    • How to effectively monitor your new environment and proactively respond in a cloud-forward way.

    * Survey sponsored by Coalfire and completed by Dark Reading.
  • Cloud First Cryptography and Virtualization. Securing Fragmented Data. Oct 28 2021 5:00 pm UTC 60 mins
    Guy Peer, VP R&D & Co-Founder, Unbound Security, Dr. Jurlind Budurushi, Cloudical, and Dominik Pickhardt, White & Case
    White & Case is an international law firm with locations that expand across 3 continents, in support of multinational and multi-global organizations. Cloudical is at the forefront of cloudification and helps organizations conceptualize, create and utilize cloud-based applications to scale their businesses via the adoption of cutting-edge technology and processes. Unbound Security enables organizations to adopt modern cryptographic technology that mitigates risk and centralizes encryption key management. Join these three innovative companies on a virtual case study of the challenges that organizations face today when needing to leverage existing infrastructure, achieve FIPS 140-2 Level 2 validation, while securely accelerating their business via virtualization.

    During the Virtual Case Study, you will learn:

    - What challenges did White & Case aim to address in respect to the data that they are encrypting, sharing, decrypting and storing
    - Why they are shifting to the cloud and the impact it has had on their existing cryptographic infrastructure
    - Can enterprises be future-ready and still leverage their existing, on-premise investments 
    - Why is centralized management of cryptographic key material so critical for organizations that have sensitive data on-premise, hybrid or in one to multiple clouds?
    - What are the 5 critical factors any enterprise should consider when driving a cloud first cryptographic initiative?
  • What's Real & What's Possible with Self-Service and Developer Speed Governance Oct 26 2021 5:00 pm UTC 60 mins
    John Steven, Chief Technology Officer, Concourse Labs
    Security, Cloud, Operations, and Product/Development groups are all building out their versions of the next cloud platform and governance controls. As each considers overlapping approaches including automated enforcement, shift left, and other posture management approaches one question dominates: "How can security keep pace with delivery?"

    Expect insight on how to:
    - Create security as code (SAC);
    - Integrate SAC into existing software delivery and governance lifecycles;
    - Evolve from 'guardrails' to preventative controls; and
    - Navigate follow-on action from monitoring and drift detection activities.

    Join John Steven, Concourse Labs CTO and co-author of the BSIMM study, as he shares his hands-on experience implementing security-as-code architectures and demonstrates best practices for developing security policy and controls, to automate DevSecOps and runtime cloud security.
  • CSA Continuous Recap Oct 20 2021 11:15 pm UTC 30 mins
    Speaker to be Announced
    Session Details to be Announced
  • Cloud is code... oops did I say that? Oct 20 2021 10:45 pm UTC 31 mins
    Larry Whiteside Jr., Co-Founder & President, Cyversity
    We are all aware of the digital transformation many organizations are undergoing. What’s not being said is that basically means a rush to utilize services that organizations are not prepared to secure. This new digital frontier is not just pushing technology forward, it's pushing security away from its origin in infrastructure to a new code-based infrastructure of which old security paradigms will no longer work. Here we will discuss this new paradigm and what security practitioners must now adapt to in order to protect it.
  • A Conversation About Threat Modeling in Today's Cloud Oct 20 2021 9:30 pm UTC 53 mins
    Jon-Michael Brook, Principal Security Architect, Starbucks and Alexander Getsin, CISO, RiseUp
    Threat modeling is an essential practice for software and systems security. Cloud threat modeling expands on standard threat modeling practices to account for unique cloud services and an application’s qualities and consideration. The CSA Threat Model applies standard threat modeling methodologies to today’s unique cloud threat landscape, such as ransomware. Organizations will learn to develop a structured and repeatable approach for modeling threats in order to successfully anticipate and mitigate the latest threats to cloud computing.
  • Hiding In Plain Sight - An Untapped Path to Cloud Security Oct 20 2021 9:00 pm UTC 24 mins
    Yaniv Bar-Dayan, CEO and Co-Founder, Vulcan Cyber
    All major cloud providers now offer a native vulnerability scanning service to help their customers identify potential cloud security issues. But is your team taking full advantage of these tools, and how are you using scan data to drive remediation outcomes and reduce the risk of cloud surfaces? Attend this session to learn what tools are available to you today from AWS, Azure and Google Cloud. More importantly, attend this session to learn how to integrate these tools into your cloud security programs for a more confident and scalable approach to cloud and multi-cloud risk remediation.
  • The Techonomic Cold War Oct 20 2021 8:30 pm UTC 30 mins
    Kris Lovejoy, Principal, EY
    We are entering a prolonged phase of state interventionism which will blur the lines between government and business and give rise to new risks.

    What lies ahead is a “future of war” in which war is constantly being waged by state and non-state actors (using cyber-attacks, misinformation campaigns, etc.). Companies will often be collateral damage in this process, and will also face more volatility and risk from interventionist leaders. In many instances, the borders between government and business will become blurred as states engage in “digital mercantilism”.

    Are you prepared for the cyber risks of tomorrow, such as weaponized disinformation and deepfakes?
  • Catching Cloud Misconfigurations in Code Before They Manifest as Security Risks Oct 20 2021 7:45 pm UTC 19 mins
    Yoni Leitersdorf, CEO & Founder, Indeni
    A recent study suggests that misconfiguration is the number one risk to cloud environments in 2021. With infrastructure-as-code (IaC), we have the opportunity to catch security issues within the CI/CD before they manifest themselves in the cloud. In this talk, we will dive into techniques for IaC threat modeling. This includes static and dynamic analyses that can prevent supply chain attacks due to overly permissive IAM roles, exposing sensitive data inadvertently, detect privilege escalation, drift, etc. We will also describe the various stages of implementing IaC security automation.
  • Managing and Measuring Risk on the Cloud Oct 20 2021 7:15 pm UTC 33 mins
    John Yeoh, Cloud Security Alliance
    A recent CSA study evaluated over 600 security professionals and 25 enterprise security executives to better understand the challenges and effectiveness of current risk management practices towards the public cloud. This report shares the top benefits and challenges for risk practices towards cloud including the evaluation, assessment, and procurement of cloud services to the understanding of risk tolerance and why cloud is different.
  • Psychology of the Phish: Leveraging the Seven Principles of Influence Oct 20 2021 6:15 pm UTC 24 mins
    Sourya Biswas, Technical Director, Risk Management & Governance (RM&G), NCC Group
    According to the X-Force Threat Intelligence Index 2020, produced by IBM X-Force Incident Response and Intelligence Services, phishing is still the number one attack vector in use today. Security professionals often overlook the "social" aspect of "social engineering", focusing on tool deployment instead. The success of phishing is predicated on exploiting normal human behavior for nefarious purposes. This session looks at phishing through this psychological lens, specifically on how the Seven Principles of Influence as expounded by Robert Cialdini are leveraged by attackers.
  • CxO Panel Discussion: Lessons Learned from our Journey to the Cloud Live 46 mins
    Stacey Halota, Graham Holdings; Pratyush Rai, Kaplan North America
    Moving to the cloud is a big decision and encompasses areas including scope, risk, cost and many others. The benefits of a successful migration can be significant, but there is risk to any large project that must be managed. In this fireside chat we will speak to a CISO and CTO who made this journey (and are still on it) and get their insight into what went into the planning process, lessons learned along the way, what is working well, and what they would have done differently. During the journey three business units under different leadership combined into one that now encompasses two different cloud varieties and traditional data centers. In addition, the migration has spanned several years and is still taking place, so the evolution of their planning process and future roadmap will be discussed.

    Specific topics include:
    · Factors considered when moving to the cloud
    · Major factors affecting the initial and subsequent decisions
    · Information security considerations
    · Applying privacy law in the cloud
    · Managing risk in the cloud
    · Efficiency gains
    · Running cloud concurrently with traditional data centers
    · Tool selection process for a diverse environment
    · Cloud and the remote workforce
    · Lessons learned
    · Future plans and roadmap ahead
  • Ransomware Prevention with a Zero Trust Architecture Recorded: Oct 20 2021 26 mins
    Brad Moldenhauer, Sr. Director, Office of the CISO, Zscaler, Inc.
    The evolving threat landscape requires a different approach to defeating ransomware. Cybercriminals are getting bolder and more sophisticated, and no industry is off-limits. It's time to rebalance the equation in favor of enterprise defenders, with an agile security architecture that automatically learns and adapts to new attacks as they emerge. Join Zscaler Chief Security Officer Brad Moldenhauer as he shares his front-line experience implementing a zero trust architecture to holistically minimize the attack surface, prevent compromise, eliminate lateral movement, and top data theft to defeat today's most advanced ransomware attacks
  • The Impact of Cloud on the Landscape of Rapid Change Recorded: Oct 20 2021 34 mins
    Erik Avakian, CISSP, CRISC, CISA, CISM, CGCIO, ITIL v3, Chief Information Security Officer, Commonwealth of Pennsylvania
    The advent of cloud has transformed from what was once just a buzzword several years ago, into the fundamental way that the IT organizations of today and tomorrow are supporting the business objectives and critical operations of the entire organization. Whether public or private sector, all have either made the transition into the cloud, or are in some state of change or advancement to it. During this keynote we'll explore these fundamental changes in IT and how “cloud” has transformed the landscape of rapid change. But with this change, come new challenges that organizations are faced with as they make their journey to the cloud. Particularly, rapid changes in the security threat landscape and challenges with multi-cloud environments while organizations retain legacy systems. As such, must there be considerations for planning, data protection, risk management, compliance, visibility, regulatory controls, legal implications, and long term resiliency of the business during these transitions. We'll explore these challenges and various solutions that businesses are taking to manage their cloud environments and to keep costs in line with expectations. We’ll delve into some of the key ways to ensure all teams across the entire organization are working in tandem to make the entire technical business structure stay up and running reliable. And explore the long-term and more immediate security and privacy needs to consider including rapidly evolving threats like ransomware, insider threats, and supply chain risks.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Journey to the Cloud: What You Need to Prepare
  • Live at: Sep 3 2021 7:30 am
  • Presented by: Ferdinand FONG (Sales Director, ASEAN, CSA)
  • From:
Your email has been sent.
or close