Name: Reining in Shadow Data: Move Beyond CNAPP
Start: 2024-07-17T18:00:00Z
End: 2024-07-17T18:00:32.000Z
Location: BrightTALK
Rating: 4

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Join Eoghan Casey and Mark Wigham from Salesforce for an in-depth webinar on maintaining trusted and resilient data to deploy AI at scale. We will explore the essential steps to ensure that AI Agents have access to the data they need, don’t have access to data they shouldn’t, and perform optimally. 

Key topics include:
• Trusted Agentic AI: Understand how to implement robust data security measures to control and track what data Agents access, create, and modify.
• Data Reliability and Relevance: Learn how to maintain the accuracy and relevance of your data, ensuring it remains a valuable asset for your business.
• Data Security Measures: Discover best practices for tracking changes and encrypting sensitive data, including data created and changed by Agents.
• Robust Data Backup and Recovery: Understand the importance of reliable data backup and precision recovery processes in minimizing data loss and disruptions, ensuring business-critical data is easily recoverable and maintaining system integrity.
• Data Anonymization: Explore how data anonymization can enhance security and compliance, reducing the risk of data exposure in development, testing, and training environments.
• Automating Sandbox Seeding: Discover how automating sandbox seeding can speed up development cycles, improve developer productivity, and drive faster revenue growth and higher operating margins.

Walk away with actionable strategies to maintain resilient and trusted data to accelerate your AI projects with confidence.

How to Succeed at Agentic AI with Trusted & Resilient Data

In today’s digitally interconnected world, patch management is no longer a routine IT task—it’s a critical business imperative.

The complexity of modern IT environments, including hybrid clouds, diverse operating systems, and a multitude of third-party apps, has made patch management increasingly challenging.

In this webinar, Automox and GigaOM will share insights from the “GigaOM Radar Report for Patch Management v3.0” and discuss how organizations like yours can tackle these challenges in 2025 and beyond.

Join us to learn:
• How AI-powered threat assessment and patch orchestration are transforming patch management
• Why strategic patch management requires more than just applying patches and key factors to consider
• The evolving patch management landscape, highlighting key vendors and emerging trends
• Tips to help you choose the right solution for your needs

You’ll leave this webinar ready to strengthen your defenses and proactively mitigate cyber risks.

How To Effectively Manage and Automate the Evolving Landscape of Patch Management

Join us for a behind-the-scenes journey into how industry experts curated the definitive guide to the most critical risks in NHI Security: the OWASP Top 10 NHI Security Risks.

In this talk, we'll break down the methodology behind the rankings—explaining why specific risks were chosen and how they map to challenges engineers face in real-world production environments. We’ll also spotlight the growing role of AI agents—often hailed as the workforce of the future—and their profound impact on each risk. And we won’t stop at theory. Watch live demos of how attackers can exploit the top three risks, uncovering vulnerabilities in NHIs that expose organizations to privilege escalation, data theft, and supply chain attacks. Whether you’re new to NHI security or seeking deeper technical insights, this session promises a fun, engaging, and practical experience that will equip you to tackle the unique challenges of NHIs.

Behind the Scenes: OWASP Top 10 NHI Risks

Securing applications in today's dynamic cloud environments demands a new approach. This webinar explores the critical shift towards application-centric security, moving beyond traditional network-centric models to address the unique challenges of cloud-native architectures. We'll delve into how a deep understanding of application behavior and dependencies is essential for robust security posture. Attendees will learn how to leverage threat intelligence and analysis to proactively identify and mitigate risks, including vulnerabilities and malware. We'll discuss the importance of integrating vulnerability management, network security, and zero trust principles to create a comprehensive defense. Furthermore, we'll examine how application-centric security strengthens compliance efforts and streamlines security operations. Join us to discover how to unlock a more effective and efficient approach to cloud security, focusing on the applications that drive your business.

Unlocking Application-Centric Security in the Cloud

Hybrid cloud environments offer flexibility and scalability, but managing security policies across diverse infrastructures and teams is a growing challenge.  

Join us for an engaging webinar, Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments, where we’ll explore how organizations can achieve unified security policy management, improve operational efficiency, and maintain compliance across hybrid and multi-cloud environments. 

Our featured speaker, Kat Romanov, Product Manager at Tufin, brings extensive expertise in network and cloud security. Kat will share actionable insights and strategies for navigating the complexities of hybrid security management. 

What You’ll Learn: 
• The top challenges organizations face in hybrid cloud security and how to address them. 
• How unified policy visibility from ground to cloud and to the edge enhances security posture and reduces risks. 
• The role of automation and orchestration in simplifying policy management and improving efficiency. 
• Best practices for continuous compliance across regulatory frameworks. 
 
Don’t miss this opportunity to gain expert insights and practical strategies for securing tomorrow’s hybrid cloud environments today!

Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments

Generative AI is here to stay, and it’s transforming the way we use and protect data. But as AI adoption skyrockets, organizations are asking: How do we balance innovation with security?

This can be a tough question for many organizations to answer, but it all comes down to one thing – embracing a data-centric approach. 

In this webinar, we’ll cover:
• Risk and challenges that come with deploying advanced AI systems
• How to better understand the AI landscape and why data security, data usage, and AI-SPM are important elements
• A deep dive into the domains of AI security, which include AI copilots, chatbots, AI agents, and AI infrastructure
• What you can do to help address the security challenges posed by AI to keep your data safe, without slowing down business

Data Security Strategies for a Gen AI World

Join us for an unfiltered conversation on cloud data protection with Corey Quinn, the “Chief Cloud Economist” at The Duckbill Group and a well-known AWS commentator. In this candid discussion, Corey will provide clear and insightful perspectives on the important aspects of securing your data in the cloud. Whether you are new to the cloud or an experienced practitioner, this webinar is designed to help you navigate the complexities of cloud security and strengthen your data protection strategy.

Key Takeaways from Watching the Webinar:
• Understanding the common misconceptions about cloud data protection
• Implementing best practices for securing data in the cloud
• Leveraging insights from an industry expert to enhance your security strategy

Heads in the Cloud, Feet on the Ground: A No-Nonsense Discussion on Cloud Data Protection

Kubernetes has revolutionized how we build, deploy, and manage applications, but it also introduces new complexities. This webinar explores Kubernetes not only from a security perspective but from the lens of developers. We’ll dive into the challenges posed by containerized environments, from managing dependencies to securing CI/CD pipelines. Additionally, we’ll discuss how Kubernetes operates as a cloud in itself and how deploying and scaling it in public cloud environments adds layers of complexity. Whether you’re a developer or a security professional, this session will equip you with key insights to navigate the intersection of development and security in the cloud-native ecosystem.

Kubernetes: Development Challenges and Security Considerations in a Cloud-Native World

In this session, we’ll delve into how an industrial company tackled the challenge of securing non-human identities (NHIs) in their Azure environment. As the organization transitioned to cloud-first operations, it quickly faced the complexity of managing a growing number of NHIs. From APIs to service accounts and automated systems, these NHIs were critical to the company's operations, but their proliferation led to serious security and compliance risks.

Using advanced technologies, the company was able to uncover and classify all NHIs across their Azure landscape, enabling a clear understanding of ownership and access control.

Key issues tackled in the session include:
• Discovering and managing NHIs in a complex Azure environment
• Automating the remediation of high-risk identities with excessive privileges
• Ensuring continuous compliance with industry regulations
• Achieving significant reductions in security incidents and operational inefficiencies

By the end of the session, attendees will gain valuable insights on how to integrate NHI security into their own cloud environments and move from reactive to proactive management of these critical assets. The discussion will feature expert commentary on overcoming common challenges and implementing best practices to ensure secure, scalable, and compliant NHI management.

How an Industrial Company Optimized NHIs in their Azure Environment

AI Copilots such as M365 Copilot bring transformative potential, empowering your company employees to access and analyze vast amounts of enterprise data within SaaS applications. While this significantly boosts employee productivity, it introduces new data security and governance risks. In the rush to adopt Copilot adoption, many organizations have overlooked essential data controls, leading to unintended exposure of sensitive information. Employees may unknowingly query confidential data, such as salary details, M&A plans, or even passwords—information they should not be able to access.In this webinar, we will discuss a framework for enforcing best practices for safely adopting AI Copilots such as Microsoft 365. By putting in place robust data security and governance measures, we will explore how to prevent unauthorized data access and ensure that sensitive data remains protected when using Microsoft 365 Copilot within the company.

Key Takeaways:
• Understand the security implications of an unplanned AI Copilot rollout
• How to evaluate your organization’s readiness for AI Copilot adoption
• Implementing a 6-step framework for automating data security and using Copilot safely

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

In this presentation we focus on the Logging and Monitoring domain, which includes thirteen control specifications that help both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) collect, store, analyze, and report on activities and events in their cloud environments. These controls are essential for detecting and responding to security incidents, addressing operational issues, identifying system anomalies, complying with regulatory requirements, auditing security controls, and improving overall security posture and performance.

Under the Shared Security Responsibility Model (SSRM), both CSPs and CSCs share responsibilities for implementing logging and monitoring controls. CSPs are typically responsible for logging and monitoring the underlying cloud infrastructure, such as network and system operations. CSCs, on the other hand, manage logging and monitoring within their deployed applications and services to ensure their specific security needs are addressed.

This presentation will help you understand how the implementation of logging and monitoring controls ensures enhanced visibility, accountability, and transparency of cloud operations. These practices are essential for identifying and mitigating security risks, optimizing cloud usage and performance, and maintaining secure, efficient, and compliant cloud environments.

Logging and Monitoring

Service accounts are everywhere, but their overprivileged, multi-use, and often unmanaged nature makes them a security liability. Managed identities (and other “passwordless” NHIs) are considered a safer alternative, yet they come with their own set of vulnerabilities attackers can exploit.

Join this 30-minute webinar to learn from NHI security researchers:
• The types and common pitfalls of service accounts.
• How to convert service accounts into managed identities in Azure.
• The downsides of managed identities - and a live demo of how attackers exploit them.
• Best practices to avoid common misconfigurations.

*Bonus* Get a practical tool to map all managed identities in your Azure environment (IYKYK).

Service Accounts vs. Managed Identities: Real Exploits & Best Practices

Results from InformationWeek’s State of Endpoint Management Automation survey show that even with endpoint management budgets on the rise, organizations remain mired in manual tasks, legacy technologies, and a distributed technology stack that hinder effective and secure management of endpoint devices.

Register for this webinar to hear from experts discuss the findings from the recent research report and share strategies and tech to help improve the secure patching of your organization's devices in the year ahead.

How to Prep Your ITOps Team for Secure Endpoint Management in 2025

As AI-powered solutions for security become more commonplace, organizations need to understand where human expertise remains crucial. While automation can identify issues, remediation is trickier - the context and business requirements often demand more nuanced solutions that only experienced professionals can provide.

Join Michael St.Onge, Head of Technical Services at Tamnoon, as he opens up the AWS Console and walks through remediating a public S3 bucket.

Does that sound simple enough to let automation handle it? Of course, but we’ll show you why this seemingly easy-to-automate fix requires careful consideration of business needs and user access patterns to implement an effective security solution that goes beyond the standard automated recommendations.

In this session, you're going to learn:
• Real-world demonstration of when to use AI & where humans come into play to remediate a real AWS S3 security issue 
• How to evaluate security findings given a broader organizational context (and when to use AI)
• When to use automation and when to intervene to avoid missing critical business context

Hands-On Cloud Security: AI Remediations vs Human Verification

Make your ephemeral environments as secure as they are fast!

Ephemeral environments enable rapid scaling, efficient testing, and quicker go-to-market times. But they also expand your attack surface, making them prime targets for sophisticated threats.

In this webinar you'll discover:

• Why short-lived environments don't guarantee safety.
• Actionable strategies for securing containers, Kubernetes, and serverless applications.
• Real-world examples of modern ephemeral attacks and how to prevent them.

Make your ephemeral environments as secure as they are fast and don’t leave your cloud infrastructure vulnerable.

Securing Ephemeral Environments

As organizations rapidly embrace AI to drive innovation and competitive advantage, explore the critical intersection of enterprise AI adoption and data governance. Learn how leading enterprises are balancing the transformative potential of AI with the imperative to maintain robust security and compliance guardrails. 

We'll explore the unique challenges of protecting sensitive data in AI workflows, from securing training data and model outputs to ensuring responsible AI development practices. Learn how forward-thinking organizations are adapting their governance frameworks to address emerging AI-specific risks while fostering innovation. We’ll discuss practical approaches to building AI governance programs that satisfy security, privacy, and ethical requirements without stifling the agility needed for successful AI initiatives. Join us for this essential conversation about navigating the complex landscape of enterprise AI security and governance.

Enterprise AI Intro & Risk/Governance Implications

The AI supply chain is becoming increasingly intricate, with multiple components—data sources, models, APIs, and infrastructure—interconnected within dynamic cloud environments. Understanding these relationships and securing the full pipeline is critical to prevent vulnerabilities from being exploited. In this webinar, we will explore the key components of the AI pipeline, how they are linked, and where security risks are most likely to arise.

In this webinar:
• Breakdown of the AI supply chain: how data, models, APIs, and infrastructure are connected.
• Understanding the potential risks in the AI pipeline and how vulnerabilities can propagate through interconnected components.
• Best practices for securing the AI supply chain and ensuring that every component is protected from exploitation.

Unfolding the Complexity of the AI Supply Chain: Securing the Pipeline

Security teams everywhere are feeling the squeeze, with limited resources to tackle ever-growing challenges. The good news? IT, Operations, and Infrastructure teams can be powerful allies in building a stronger security posture. In this webinar, we’ll dive into practical ways to turn these teams into key partners, giving them the tools and confidence to take on security tasks. We’ll share real-world examples of how organizations are fostering collaboration, breaking down silos, and building a shared sense of responsibility that drives better results without overburdening anyone. Let’s explore how to work smarter, not harder, in 2025.

Own, now a Salesforce company, empowers organizations of all sizes to ensure the availability, security, and compliance of mission-critical data, while unlocking new ways to gain deeper insights faster.

Breaking Down Silos: How IT, Ops, and Infrastructure Teams Can Be Force Multipliers for Security in 2025

Understanding your cloud security posture does not necessarily mean understanding your data posture. Organizations adopting a Cloud-Native Application Protection Platform (CNAPP) to protect cloud-native applications are at risk of leaving data assets exposed. One such risk is shadow data resulting from dynamic changes to data pipelines and services across cloud service providers (CSPs) creating hidden repositories where the data is unknown, undiscovered, or unidentified. Due to the complexity of securing multicloud environments, this can pose significant security gaps leaving cloud teams in the lurch.

In this session, Terry Ray, SVP and Imperva Fellow, and Krishna Ksheerabdhi, VP of Product Marketing, Thales Data Security will discuss how organizations are overcoming these blind spots by effectively leveraging in-depth observability, meaningful analytics, and solid data protection practices to reduce data risk from information that drives business growth.

Join to learn:
• How the rapid growth of cloud-native applications is creating shadow data 
• Why CNAPP falls short for data security, posture, and sensitive data management 
• What challenges do organizations face in gaining complete visibility and control across on-premises and multicloud platforms
• How organizations are leveraging a data-centric approach to protect data at scale

Reining in Shadow Data: Move Beyond CNAPP

Security

Cyber Security

Risk Management

Data Protection

Data Security

CNAPP

Shadow Data

Compliance

Cloud Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Reining in Shadow Data: Move Beyond CNAPP

Presented by

About this talk

More from this channel