Name: What's Real & What's Possible with Self-Service and Developer Speed Governance
Start: 2021-10-26T17:00:00Z
End: 2021-10-26T18:00:18.000Z
Location: BrightTALK
Rating: 3.83

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

By 2024, 75% of the global population will have its personal data covered under privacy regulations”', according to Gartner. 

Data security, governance and privacy are becoming increasingly complex for organizations operating in the cloud. Teams across security, privacy, data governance, and DevOps are struggling to implement programs that properly address these increasingly complex requirements and dynamic environments, with data sprawl as one of the biggest areas of risk.

Join Laminar and CDG to learn how to tackle the problem of keeping up with data security, privacy and governance by using the right people, processes, and technology.  During this webinar we’ll discuss who in the organization should be responsible for data security, what processes should be put into place to ensure you are doing what is required, and what tools can be used to help solve this complex problem.

What you’ll learn
• The most important areas to focus on for data security, governance, and privacy that meets compliance objectives
• Tools you should employ to automate data security and privacy as much as possible
• Tips on how data security teams should interact cross-functionally with Governance, Privacy, and DevOps
• Strategies for data mapping and data protection

How to Automate Security, Governance & Privacy for Cloud Data Innovation

The world’s data is under attack and cybercrime continues to be a persistent threat impacting every organization. No company, government, or industry is immune. In this fireside chat, Rubrik’s Steve Stone and John Murphy will share newly released research and insights from "The State of Data Security" by Rubrik Zero Labs. Based on conversations with 1,600+ global CISOs, CIOs, and VPs of IT and Security Operations, the findings explore what’s happening in cybersecurity and the human effects from cyberthreats. These insights will help you navigate the dynamic threat landscape and gain key learnings on how to prepare for and recover from a cyberattack to secure your business.

A Fireside Chat: The Human Effects of Cybercrime

Cloud Service Providers (CSPs) are often the first line of defense regarding new technology. CSPs support various financial services companies, including banks, insurance firms, asset managers, and investment funds. The role of a CSP is to provide the tools and infrastructure required to support these organizations' operations, whether it be a data center, disaster recovery site or any other IT requirements.

Our panel of CSP representatives will discuss how cloud providers support the financial services industry and what the industry needs from the cloud, and how using STAR as due diligence facilitates implementing good security posture for high-risk sectors.

This is an excellent opportunity for anyone who works in the financial services industry or wants to learn more about what it means for their business moving forward!

CSP Perspective Working with Financial Services

Cloud development has enabled amazing innovations and allowed our companies to move faster. It’s also completely broken the old methods for prioritizing risk remediations. 

With an infrastructure that changes day-to-day, minute-to-minute, a cloud’s perimeter is hard to define. Checking for open network access and CVEs doesn’t keep attackers out of your cloud. 

The number of software vulnerabilities present at any point in the cloud, particularly with open source-driven development, far outnumber what was typical in the data center world. And the explosion of identities - representing both real users and machine identities - has opened up the attack surface for credential abuse a hundred-fold. These massive changes in scale make it overwhelming to try and to answer the question, “what should I fix next?”

The sheer scale and ephemeral nature of cloud demands a new approach to risk prioritization. Beyond securing a perimeter, combinations of overlapping risks create a hidden blast radius that includes sensitive data. An attacker may enter the cloud via a vulnerability on a sandbox environment, but through subsequent indirect access abuse, be able to move laterally and access PII. The only way to stop this? Knowing where your sensitive data is, and how anyone or anything can access it - even if access requires a combination of workload, identity, and network-based risks.

We’ve brought together cloud security leaders responsible for securing many of the Fortune 100 enterprise clouds to discuss how to rebuild remediation prioritization, and how blast radius intel is critical to spending your team’s remediation efforts wisely. 

During this session, our panel of cloud security leaders will share:

• Ideas for building in the cloud fast and securely
• How to overcome the cloud complexity challenge
• What alignment between dev, security, and ops can do for your company
• Avoiding the common pitfalls around prioritization

Prioritizing Risk Among the Chaos of Cloud Development

Infrastructure as code (IaC) is the key to embedding cloud security earlier in the development lifecycle. In practice, adopting and implementing an IaC security program is a complex and iterative process – especially for large organizations. Your IaC security program path will depend on your current tooling and workflows, security and compliance requirements, and resources. And your IaC security rollout strategy should be deliberate, iterative, and measurable.

If you’re ready to get started with IaC security but aren’t sure where to start or if you’re in the process of adopting IaC security and need a strategy customized to meet your needs, this webinar is for you.

Join us as we walk you through how to roll out and operationalize an IaC security program based on your end goals and scale. You’ll also get best practices and milestones for each phase of your program rollout so you can optimize your IaC security program for efficiency and help your organization adopt a secure-by-default culture.

Crawl, Walk, Run: Operationalizing IaC Security

Ransomware continues to have a significant impact on enterprises, and shows no signs of abating. Zero Trust security promises to improve organizations’ resilience and effectiveness. So what happens when these two trends intersect? Join us as we examine how a Zero Trust approach helps organizations prevent, detect, respond to, and mitigate Ransomware attacks. Attendees will gain an understanding of common security and networking weaknesses commonly exploited by ransomware, and how specific Zero Trust approaches will help.

Using Zero Trust to Mitigate Ransomware Threats

Software supply chains are the backbone of our digital connections. Unsecured software supply chains are becoming one of the biggest opportunities for hackers to strategically compromise mass amounts of victims with one entry point.    

How can you ensure and prove the code your organization develops does not contain vulnerabilities from open-source or third-party dependencies? That your development tools and practices are also secure and aren’t creating gaps for hackers to exploit? Most importantly, that the software you set out to develop, is not going to cause a customer to become compromised…   

In this talk we will answer these questions and look at the best frameworks and guidelines that can prevent software supply chain attacks and improve security posture.

Confidence in Software Supply Chains with Continuous Security

With a US economic recession looming, tech layoffs hitting the news, and security incidents continuing to climb at record rates, it’s a tough time to be a CISO. But experienced security leaders have dealt with economic pressures before, and in this discussion will share their insights into how new CISOs and security leaders should prepare to ‘recession-proof’ their security strategy for 2023 and beyond. Specifically, we’ll cover:

• Security trends from past recessions 
• How 2022 is different from past recessions
• What CISOs and security leaders can do to prepare
• Where to consolidate and where to invest for the best possible security outcomes 
• How to adjust your security strategy if you face resource constraints

Panel: CISO’s Guide to Security Strategy During a Recession

Moving to the cloud changes how we think about security, but we still want the most sophisticated detection and response systems money can buy. What’s the right formula for the best coverage against new threats?

In this session, we will:
-Learn about the nuances of machine learning in security
-Identify security use cases where ML shines or falls short
-Show how cryptojacking can be mitigated with carefully tailored ML

The Right Time and Place for Machine Learning Pixie Dust

Billions of financial transactions are routed digitally all over the world each day, requiring many third-party service providers to protect not only the confidentiality and integrity of the information but also be able to clearly demonstrate to their cloud customers adherence to regulatory expectations.

This session will explore the Top 5 risks for third-party cloud services and recommend risk-management best practices for successfully protecting financial data.

Best Practices for Effective Third-Party Management

The ever-changing nature of today's threat landscape, and the hyper-connected environments that today's businesses operate in, require that companies take a continuous approach to security that encapsulates their own environments as well as those belonging to the third parties they rely on to run their businesses. Moreover, continued migration to the cloud has created a need for a framework that accounts for requirements and controls necessary for running a business in a cloud first environment. Join CSA and SSC as we discuss the importance of continuously monitoring first and third parties, and how businesses can leverage CCM to guide and benchmark their security practices.

Continuously Monitoring First and Third Parties against the CCM Framework

Data security is arguably among the top concerns for anyone who uses cloud-based services – this is especially true for governments who are responsible for protecting nation-wide security. Prior to the creation of Federal Risk and Authorization Management Program (FedRAMP), cloud service providers had to conduct evaluations for each individual agency, often resulting in redundant and inconsistent efforts from both ends. Now, with FedRAMP, the U.S. government has established a standardized baseline of security assessment criteria for cloud services. This “authorize once, use many” approach ultimately helps to ensure government data is consistently secured in the cloud. 

 

At Adobe, we strongly believe that FedRAMP is an instrumental program in gaining customer trust for federal organizations and customers. To further support our ongoing compliance efforts, Adobe has also developed an open-source foundational framework of security processes and controls known as the Common Controls Framework (CCF). In this webcast, I will cover Adobe’s experience and continued success with FedRAMP, including how we’ve leveraged our CCF and the benefits we’ve uncovered. I will also share tips and best practices on how you can kickstart your organization’s own FedRAMP journey and how you can ensure all requirements are met.

Adobe CCF & FedRAMP Moderate: Building a Secure Compliant Environment

SaaS solutions have enabled healthcare organizations to better share EHRs (electronic health records) and similar PHI with patients, clinicians, and business partners involved in providing exceptional care. 

But is your organization using SaaS securely? Data breaches, misconfigurations, and 3rd party app integrations can potentially expose sensitive data across a healthcare organization’s SaaS ecosystem to the public and threat actors. On top of these risks, abiding by compliance considerations for PHI stored and accessed in the cloud adds additional configuration, permissions management, and audit complexity to SaaS within healthcare settings. 

Join healthcare SaaS security experts Mark Butler and Joshua Smith, along with AppOmni’s Michelle Jones as moderator, for an in-depth look at healthcare, SaaS security, and PHI. This panel discussion will cover topics such as:
• Controlling SaaS environments that store or touch PHI or EHRs
• Maintaining appropriate access roles that limit visibility to sensitive data 
• Considerations for data sharing and 3rd party integrations, such as Salesforce backend portals
• Policies and user education for phishing scams, ransomware, and other breach threats
• Regulatory requirements, increased audit diligence and compliance concerns across healthcare

Is PHI Secure in SaaS Applications — And Their  Ecosystems?

Achieving Zero Trust and securing multicloud infrastructure is an always-moving target. With more than 95 percent of human and workload identities using less than five percent of the permissions granted, this “permissions gap” has become the biggest roadblock to organizations protecting their critical multicloud infrastructure. 

Join us to learn about Cloud Infrastructure Entitlement Management (CIEM), a new approach to closing the gap by managing permissions with continuous and automated enforcement of least privilege across multicloud.

Achieving the Principle of Least Privilege Across Multicloud with CIEM!

With the rise in cyber threats, your cloud infrastructure growing and devops demanding privileged access, you can no longer approach cloud security opportunistically.

Surprisingly, a recent study by Osterman Research found that 84% of organizations had only rudimentary cloud security capabilities, while 80% of companies reported they lack a dedicated security team responsible for protecting cloud resources from threats.

In this webinar, we will look at the key findings of the Osterman study and introduce a Cloud Security Maturity Model to help organizations assess their maturity level and plan an actionable roadmap to incrementally improve on it.

In participating in this session find out:
● How applying a maturity model to your organization can help you set cloud security priorities and build a security roadmap
● How to close surprising gaps in perception and reality of organizations’ security practices as revealed by the study
● Which security practices, when prioritized, lead to higher maturity levels, and other actions to build into a continuous maturity improvement program

How Does Your Cloud Security Compare, and Where Do You Go From Here?

When moving to the cloud, people often rely on their cloud service provider (CSP) for security and other baseline configurations, assuming that the cloud is secure by default. However, that’s an incorrect – and potentially dangerous – assumption. While CSPs provide features and platforms to build, deploy, and manage secure applications, certain configurations are still the customer’s responsibility. Customers need to apply the shared responsibility model provided by many leading CSPs and understand what security and compliance controls they are responsible for implementing and managing. 

In this webcast, Manik will cover typical customer responsibilities in the shared responsibility model, including data governance, access management, network management, logging and monitoring, backup management, encryption, and more. Manik will also touch on the major security tools provided by AWS and Azure and how customers can leverage them to satisfy compliance requirements. Also, Manik will talk a bit about Security-driven compliance and compliance-driven security in a cloud world.

Responsible Compliance for Cloud Security

Today’s attackers have become cloud security experts, abusing cloud APIs to deploy ransomware, mine cryptocurrency, or steal data. Andre Rall, former Head of Account Takeover for AWS Fraud Prevention, has seen it happen first hand and has some surprising stories to share.

Join a lively conversation with Rall, now Director of Cloud Security at Uptycs, as we dive into:
• The different types of data that AWS makes available to cloud security practitioners 
• Why the reconnaissance phase of a cloud attack is where you should prioritize detection efforts
• How attackers abuse the AWS API to perform discovery, privilege escalation, and data exfiltration
• Offer advice on how organizations can defend their AWS estates from sophisticated threat actors

Threat Detection in AWS: Cloud security secrets from my time at AWS

Security, Cloud, Operations, and Product/Development groups are all building out their versions of the next cloud platform and governance controls. As each considers overlapping approaches including automated enforcement, shift left, and other posture management approaches one question dominates: "How can security keep pace with delivery?" 

Expect insight on how to:
-  Create security as code (SAC);
-  Integrate SAC into existing software delivery and governance lifecycles;
-  Evolve from 'guardrails' to preventative controls; and 
-  Navigate follow-on action from monitoring and drift detection activities.

Join John Steven, Concourse Labs CTO and co-author of the BSIMM study, as he shares his hands-on experience implementing security-as-code architectures and demonstrates best practices for developing security policy and controls, to automate DevSecOps and runtime cloud security.

What's Real & What's Possible with Self-Service and Developer Speed Governance

Application Security

Cloud Security

Compliance

Cyber Security

Data Security

DevOps

Multi Cloud

Risk Management

SecOps

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

What's Real & What's Possible with Self-Service and Developer Speed Governance

Presented by

About this talk

More from this channel