Name: Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments
Start: 2025-03-06T18:00:00Z
End: 2025-03-06T18:00:36.000Z
Location: BrightTALK
Rating: 4.2

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Navigate the complexities of securing your hybrid cloud. "Securing the Hybrid Cloud: Key Strategies for Network Security" tackles the critical challenges of achieving comprehensive application visibility, ensuring consistent rule alignment, and proactively managing evolving threats. Discover actionable strategies to fortify your network, optimize security posture, and gain unparalleled insight into your hybrid environment. Don't let the cloud's dynamic nature compromise your security—empower your team with the knowledge to protect your critical assets.

Securing the Hybrid Cloud: Key Strategies for Network Security

Geared towards security and IAM teams, this webinar will share insights into understanding and implementing a non-human identity solution effectively through key use cases, essential solution features and evaluation criteria that will help integrate NHI security into your broader identity strategy and strengthen your security posture.

How to Evaluate a Non-Human Identity (NHI) Security Solution

Organizations are navigating a rapidly evolving threat landscape, with hybrid and multi-cloud environments introducing fragmented visibility and complex data exposure risks. To better understand how enterprises are managing this challenge, Thales commissioned the Cloud Security Alliance (CSA) to investigate how organizations view risk to improve their data security posture. The study explores how organizations identify and prioritize data risks, the classification methods and monitoring tools they rely on, and the limitations they face in achieving a unified, real-time view of their data security posture. It also highlights how risk-based security solutions can improve response effectiveness, reduce downtime, and support compliance by delivering continuous visibility and actionable intelligence across diverse environments. 

Join Hillary Baron, AVP of Research at the Cloud Security Alliance (CSA), as she reveals the results of the Understanding Data Security Risk survey. Also participating is Krishna Ksheerabdhi, Vice President of Product Marketing for Cybersecurity & Digital Identity (CDI) at Thales Group. They will discuss how organizations are unifying fragmented tools into cohesive platforms while adopting proactive, risk-driven approaches to enhance resilience, protect critical data, and streamline compliance.

Data Security Risk Insights for Improving Data Security Posture

Join Eoghan Casey and Mark Wigham from Salesforce for an in-depth webinar on maintaining trusted and resilient data to deploy AI at scale. We will explore the essential steps to ensure that AI Agents have access to the data they need, don’t have access to data they shouldn’t, and perform optimally. 

Key topics include:
• Trusted Agentic AI: Understand how to implement robust data security measures to control and track what data Agents access, create, and modify.
• Data Reliability and Relevance: Learn how to maintain the accuracy and relevance of your data, ensuring it remains a valuable asset for your business.
• Data Security Measures: Discover best practices for tracking changes and encrypting sensitive data, including data created and changed by Agents.
• Robust Data Backup and Recovery: Understand the importance of reliable data backup and precision recovery processes in minimizing data loss and disruptions, ensuring business-critical data is easily recoverable and maintaining system integrity.
• Data Anonymization: Explore how data anonymization can enhance security and compliance, reducing the risk of data exposure in development, testing, and training environments.
• Automating Sandbox Seeding: Discover how automating sandbox seeding can speed up development cycles, improve developer productivity, and drive faster revenue growth and higher operating margins.

Walk away with actionable strategies to maintain resilient and trusted data to accelerate your AI projects with confidence.

How to Succeed at Agentic AI with Trusted & Resilient Data

As cloud adoption grows, managing identity access—especially for non-human identities (NHIs)—across multi-cloud environments is increasingly complex. Many organizations adopting Zero Trust focus on authentication but neglect what happens after login.

This webinar explores Zero Standing Privileges (ZSP), ensuring access is granted only when needed and revoked immediately after use. But Zero Trust is more than a technical challenge—it’s a cultural shift. By fostering a security-first mindset, organizations can integrate least privilege principles across all identities.

Key Takeaways:
• What Zero Standing Privileges (ZSP) is and its role in Zero Trust security
• Step-by-step roadmap to implementing ZSP in IAM
• Proven strategies to build a Zero Trust culture across your organization
• Expert solutions to common ZSP adoption challenges

Join us for practical insights and real-world strategies to strengthen identity access management and accelerate your Zero Trust journey.

Building a Zero Trust Culture with Zero Standing Privileges in IAM

In today’s digitally interconnected world, patch management is no longer a routine IT task—it’s a critical business imperative.

The complexity of modern IT environments, including hybrid clouds, diverse operating systems, and a multitude of third-party apps, has made patch management increasingly challenging.

In this webinar, Automox and GigaOM will share insights from the “GigaOM Radar Report for Patch Management v3.0” and discuss how organizations like yours can tackle these challenges in 2025 and beyond.

Join us to learn:
• How AI-powered threat assessment and patch orchestration are transforming patch management
• Why strategic patch management requires more than just applying patches and key factors to consider
• The evolving patch management landscape, highlighting key vendors and emerging trends
• Tips to help you choose the right solution for your needs

You’ll leave this webinar ready to strengthen your defenses and proactively mitigate cyber risks.

How To Effectively Manage and Automate the Evolving Landscape of Patch Management

Join us for a behind-the-scenes journey into how industry experts curated the definitive guide to the most critical risks in NHI Security: the OWASP Top 10 NHI Security Risks.

In this talk, we'll break down the methodology behind the rankings—explaining why specific risks were chosen and how they map to challenges engineers face in real-world production environments. We’ll also spotlight the growing role of AI agents—often hailed as the workforce of the future—and their profound impact on each risk. And we won’t stop at theory. Watch live demos of how attackers can exploit the top three risks, uncovering vulnerabilities in NHIs that expose organizations to privilege escalation, data theft, and supply chain attacks. Whether you’re new to NHI security or seeking deeper technical insights, this session promises a fun, engaging, and practical experience that will equip you to tackle the unique challenges of NHIs.

Behind the Scenes: OWASP Top 10 NHI Risks

Securing applications in today's dynamic cloud environments demands a new approach. This webinar explores the critical shift towards application-centric security, moving beyond traditional network-centric models to address the unique challenges of cloud-native architectures. We'll delve into how a deep understanding of application behavior and dependencies is essential for robust security posture. Attendees will learn how to leverage threat intelligence and analysis to proactively identify and mitigate risks, including vulnerabilities and malware. We'll discuss the importance of integrating vulnerability management, network security, and zero trust principles to create a comprehensive defense. Furthermore, we'll examine how application-centric security strengthens compliance efforts and streamlines security operations. Join us to discover how to unlock a more effective and efficient approach to cloud security, focusing on the applications that drive your business.

Unlocking Application-Centric Security in the Cloud

In this presentation we introduce the Data Center Security (DCS) domain, which consists of fifteen control specifications essential for Cloud Service Providers (CSPs) to secure the physical infrastructure and environment hosting Cloud Service Customers' (CSCs) data and applications. This domain focuses on protecting physical assets, such as infrastructure and equipment, from security threats like unauthorized access and environmental hazards.

According to the Shared Security Responsibility Model (SSRM), CSPs are exclusively responsible for securing the datacenter’s physical infrastructure, managing environmental controls, and ensuring overall facility security. While CSCs are not directly responsible for these aspects, they should verify CSPs’ compliance with DCS controls, especially within the Audit and Assurance (A&A) domain.

This presentation will provide insights into how effective physical security measures are key to maintaining a safe and compliant cloud physical infrastructure.

Datacenter Security

Generative AI is here to stay, and it’s transforming the way we use and protect data. But as AI adoption skyrockets, organizations are asking: How do we balance innovation with security?

This can be a tough question for many organizations to answer, but it all comes down to one thing – embracing a data-centric approach. 

In this webinar, we’ll cover:
• Risk and challenges that come with deploying advanced AI systems
• How to better understand the AI landscape and why data security, data usage, and AI-SPM are important elements
• A deep dive into the domains of AI security, which include AI copilots, chatbots, AI agents, and AI infrastructure
• What you can do to help address the security challenges posed by AI to keep your data safe, without slowing down business

Data Security Strategies for a Gen AI World

Join us for an unfiltered conversation on cloud data protection with Corey Quinn, the “Chief Cloud Economist” at The Duckbill Group and a well-known AWS commentator. In this candid discussion, Corey will provide clear and insightful perspectives on the important aspects of securing your data in the cloud. Whether you are new to the cloud or an experienced practitioner, this webinar is designed to help you navigate the complexities of cloud security and strengthen your data protection strategy.

Key Takeaways from Watching the Webinar:
• Understanding the common misconceptions about cloud data protection
• Implementing best practices for securing data in the cloud
• Leveraging insights from an industry expert to enhance your security strategy

Heads in the Cloud, Feet on the Ground: A No-Nonsense Discussion on Cloud Data Protection

Kubernetes has revolutionized how we build, deploy, and manage applications, but it also introduces new complexities. This webinar explores Kubernetes not only from a security perspective but from the lens of developers. We’ll dive into the challenges posed by containerized environments, from managing dependencies to securing CI/CD pipelines. Additionally, we’ll discuss how Kubernetes operates as a cloud in itself and how deploying and scaling it in public cloud environments adds layers of complexity. Whether you’re a developer or a security professional, this session will equip you with key insights to navigate the intersection of development and security in the cloud-native ecosystem.

Kubernetes: Development Challenges and Security Considerations in a Cloud-Native World

In this session, we’ll delve into how an industrial company tackled the challenge of securing non-human identities (NHIs) in their Azure environment. As the organization transitioned to cloud-first operations, it quickly faced the complexity of managing a growing number of NHIs. From APIs to service accounts and automated systems, these NHIs were critical to the company's operations, but their proliferation led to serious security and compliance risks.

Using advanced technologies, the company was able to uncover and classify all NHIs across their Azure landscape, enabling a clear understanding of ownership and access control.

Key issues tackled in the session include:
• Discovering and managing NHIs in a complex Azure environment
• Automating the remediation of high-risk identities with excessive privileges
• Ensuring continuous compliance with industry regulations
• Achieving significant reductions in security incidents and operational inefficiencies

By the end of the session, attendees will gain valuable insights on how to integrate NHI security into their own cloud environments and move from reactive to proactive management of these critical assets. The discussion will feature expert commentary on overcoming common challenges and implementing best practices to ensure secure, scalable, and compliant NHI management.

How an Industrial Company Optimized NHIs in their Azure Environment

AI Copilots such as M365 Copilot bring transformative potential, empowering your company employees to access and analyze vast amounts of enterprise data within SaaS applications. While this significantly boosts employee productivity, it introduces new data security and governance risks. In the rush to adopt Copilot adoption, many organizations have overlooked essential data controls, leading to unintended exposure of sensitive information. Employees may unknowingly query confidential data, such as salary details, M&A plans, or even passwords—information they should not be able to access.In this webinar, we will discuss a framework for enforcing best practices for safely adopting AI Copilots such as Microsoft 365. By putting in place robust data security and governance measures, we will explore how to prevent unauthorized data access and ensure that sensitive data remains protected when using Microsoft 365 Copilot within the company.

Key Takeaways:
• Understand the security implications of an unplanned AI Copilot rollout
• How to evaluate your organization’s readiness for AI Copilot adoption
• Implementing a 6-step framework for automating data security and using Copilot safely

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

In this presentation we focus on the Logging and Monitoring domain, which includes thirteen control specifications that help both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) collect, store, analyze, and report on activities and events in their cloud environments. These controls are essential for detecting and responding to security incidents, addressing operational issues, identifying system anomalies, complying with regulatory requirements, auditing security controls, and improving overall security posture and performance.

Under the Shared Security Responsibility Model (SSRM), both CSPs and CSCs share responsibilities for implementing logging and monitoring controls. CSPs are typically responsible for logging and monitoring the underlying cloud infrastructure, such as network and system operations. CSCs, on the other hand, manage logging and monitoring within their deployed applications and services to ensure their specific security needs are addressed.

This presentation will help you understand how the implementation of logging and monitoring controls ensures enhanced visibility, accountability, and transparency of cloud operations. These practices are essential for identifying and mitigating security risks, optimizing cloud usage and performance, and maintaining secure, efficient, and compliant cloud environments.

Logging and Monitoring

Service accounts are everywhere, but their overprivileged, multi-use, and often unmanaged nature makes them a security liability. Managed identities (and other “passwordless” NHIs) are considered a safer alternative, yet they come with their own set of vulnerabilities attackers can exploit.

Join this 30-minute webinar to learn from NHI security researchers:
• The types and common pitfalls of service accounts.
• How to convert service accounts into managed identities in Azure.
• The downsides of managed identities - and a live demo of how attackers exploit them.
• Best practices to avoid common misconfigurations.

*Bonus* Get a practical tool to map all managed identities in your Azure environment (IYKYK).

Service Accounts vs. Managed Identities: Real Exploits & Best Practices

Results from InformationWeek’s State of Endpoint Management Automation survey show that even with endpoint management budgets on the rise, organizations remain mired in manual tasks, legacy technologies, and a distributed technology stack that hinder effective and secure management of endpoint devices.

Register for this webinar to hear from experts discuss the findings from the recent research report and share strategies and tech to help improve the secure patching of your organization's devices in the year ahead.

How to Prep Your ITOps Team for Secure Endpoint Management in 2025

Hybrid cloud environments offer flexibility and scalability, but managing security policies across diverse infrastructures and teams is a growing challenge.  

Join us for an engaging webinar, Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments, where we’ll explore how organizations can achieve unified security policy management, improve operational efficiency, and maintain compliance across hybrid and multi-cloud environments. 

Our featured speaker, Kat Romanov, Product Manager at Tufin, brings extensive expertise in network and cloud security. Kat will share actionable insights and strategies for navigating the complexities of hybrid security management. 

What You’ll Learn: 
• The top challenges organizations face in hybrid cloud security and how to address them. 
• How unified policy visibility from ground to cloud and to the edge enhances security posture and reduces risks. 
• The role of automation and orchestration in simplifying policy management and improving efficiency. 
• Best practices for continuous compliance across regulatory frameworks. 
 
Don’t miss this opportunity to gain expert insights and practical strategies for securing tomorrow’s hybrid cloud environments today!

Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments

Hybrid Cloud

Cyber Security

Cloud Security

IT Security

Network Security

Enterprise Applications

Compliance

Multi Cloud

Automation

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments

Presented by

About this talk

More from this channel