Hi [[ session.user.profile.firstName ]]

Security Series Part 2: IAM as Cloud Services: Right Fit for Your Organization?

Cloud computing services offer significant potential economic and operational efficiencies. However, these efficiencies are often accompanied by new regulatory requirements around the security of applications and data that are stored in the cloud.

In addition, many organizations are seeing an explosion in the numbers of users that are interacting with their services, whether these are existing customers conducting transactions or ‘fans’ who are interacting with your services through social media. And while there are clear benefits from consuming IAM services from the cloud, there are important risk factors that have to be considered as well.

This session will review the pros and cons of IAM Cloud Services and provide guidance and best practices based on specific use cases to help guide organizations to a model that meets their risk profile.
Recorded Oct 24 2013 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Merritt Maxim, CA; David Mapgaonkar, CISSP, Deloitte
Presentation preview: Security Series Part 2: IAM as Cloud Services: Right Fit for Your Organization?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Don't Get Stung! Examining the OWASP Top 10 & Getting the Most from Advanced WAF Feb 1 2018 6:00 pm UTC 75 mins
    Nathan McKay, Solutions Marketing Manager, F5; Brandon Dunlap (Moderator)
    Web application security is complex, difficult, and costly. These issues are well known, but remain prevalent out in the real world. Most development teams do not have the time or resources to sufficiently protect against the myriad of attacks that are relevant to each vector, while the level of expertise required to address these issues are difficult to come by even if your project has the time and budget for it. The good news is that advanced WAF technology is more accessible and affordable than ever before. With the right tools, comprehensive WAF coverage can not only reduce your exposures and give you better control over your applications but also help optimize your resources and reduce overall operating costs. Join F5 and (ISC)2 for Part 1 of a 3 part Security Briefings Series on February 1, 2018 at 1PM Eastern where we’ll discuss the OWASP Top 10, defenses for everything it addresses and how to use WAF to optimize and filter unwanted traffic to cut costs in the cloud.
  • CA Briefings Part 2: How to Control Risk & Enable Trust in the Digital Economy Jan 11 2018 6:00 pm UTC 60 mins
    Speakers - David Duncan, VP, Security, CA Technologies; Brandon Dunlap, Moderator
    The application economy is altering the way we live, work, and interact. As a result, organizations are transforming the way they provide services to customers, employees, and partners. But no matter how these services are accessed, a fundamental concern remains: How does an organization protect sensitive data, while still allowing a frictionless and enjoyable user experience?Join David Duncan, VP, Security of CA Technologies and (ISC)2 on Thursday, January 11, 2018 at 1:00PM Eastern for examination of the cybersecurity risks that can result from application development and what it takes to future-proof business trust.
  • CA Briefings Part I: Privileged Access Management in a DevOps environment Recorded: Dec 7 2017 59 mins
    Steven McCullar, Advisor, Solution Strategy, CA; Scott Willson, Product Marketing Dir, Release Automation, CA; B. Dunlap,
    Access to and within DevOps environments have proliferated over the past few years, with both users and scripts (with embedded credentials). This privileged identity sprawl poses significant risks that need to be addressed.Join CA Technologies and (ISC)2 on December 7, 2017 at 1:00PM Eastern. In this session, we'll look at the technology and approach that CA takes to secure such environments.
  • Briefings Part 2: Email at the root of problems? Cyber Resilience is the answer Recorded: Dec 1 2017 56 mins
    Bob Adams; Brandon Dunlap (Moderator)
    Do you have a minute? 1 minute 40 seconds to be exact? That’s the median time-to-first-click in most phishing expeditions. While we celebrate all that humans can accomplish with the help of technology, we must also be cognizant of the dangers affiliated with humans and technology. How can you as a leader educate your people? How can you encourage them to take a minute to THINK before clicking? Join Mimecast and (ISC)2 as we explore how email is being used as entry point for multiple types of attacks, the negative impact these attacks have on organizations and how to enhance your email security and overall cyber resilience.
  • Briefings Part 2: Effectively Exposing Hidden Threats and Malware Recorded: Nov 28 2017 54 mins
    Tom Clavel, Senior Manager, Security Product Marketing, Gigamon; Brandon Dunlap, Moderator
    As the volume and variety of network data increases, security tools in high-speed networks are unable to keep pace with the explosion of encrypted threats, from malware incursion to data exfiltration. The standard approach of decryption of traffic by each security tool no longer works. Additionally, this approach can result in performance degradation, massive inefficiencies and unnecessary expenditures by security teams. In this webcast, we’ll examine how to eliminate tool overload and high latency as well as how a “decrypt once and inspect many” approach to managing SSL traffic effectively detects hidden threats and provides greater security infrastructure resiliency.
  • Briefings Part 1 Using Metadata Generation to Supercharge your Incident Response Recorded: Nov 27 2017 48 mins
    Greg Mayfield, Senior Director, Product Marketing, Gigamon; Brandon Dunlap, Moderator
    Managing the increasing volumes of network data across expanding physical, virtual and cloud networks is a growing challenge for Enterprise IT organizations. Likewise, the increase in malware, data breaches and ransomware challenges SecOps teams to build a stronger, scalable security posture while mitigating risk. This effort overloads network security, monitoring and analysis tools, as well as the Infosecurity staff. How can an organization access and utilize critical network information and use the metadata generated to turbo charge incident detection and response? In this webcast, we’ll examine how to reduce time-to-threat detection by analyzing metadata traffic, using proactive, real-time traffic monitoring vs. reactive forensics, to protect increasingly complex networks.
  • Briefings Part 3: Extending Your Security Posture to the Public Cloud Recorded: Nov 21 2017 47 mins
    Diana Shtil, Senior Manager, Cloud Security Product Marketing, Gigamon; Brandon Dunlap, Moderator
    Organizations continue to move to the public cloud in large numbers, but they often do not understand the implications of the shared responsibility model. The question is: “who is responsible for security of the cloud versus security in the cloud”? This webcast will address this question, look at SLAs for mission-critical workflows to the cloud, as well as how to assure compliance and accelerate the on-boarding of critical applications.
  • Briefings Part 2 - How Government Agencies Can Harness the power of A. I. Recorded: Nov 17 2017 39 mins
    Ian Doyle, Executive Security Advisor, U.S. Govt, IBM; John McCumber, Dir, Cybersecurity Advocacy, (ISC)2 (Moderator)
    With the eruption of connected devices and the Internet of Things, cybersecurity professionals have a lot on their plates. More connected devices equates to more traffic, more attack routes, more attempts at cybersecurity breaches, and a lot more data that needs to be analyzed. As the volume of intrusions and breaches multiple, Artificial Intelligence (A.I.) may be able to provide a tool to gain defensive advantage for government agencies. Join John McCumber, (ISC)2’s Director of Cybersecurity Advocacy and Ian Doyle, IBM’s Executive Security Advisor for the U.S. Government as they discuss how to leverage these collaborative and cognitive solutions to help prevent, detect, and respond to today’s cybersecurity threats impacting your agency.
  • Briefings Part 1 - Using A.I. to Find the Needle in the Federal Haystack Recorded: Nov 17 2017 41 mins
    Ian Doyle, Executive Security Advisor, U.S. Govt, IBM; John McCumber, Dir, Cybersecurity Advocacy, (ISC)2 (Moderator)
    A recent research study conducted by Meritalk on the use of Artificial Intelligence (A.I.) asked federal cybersecurity professionals to share their views on the use of AI to enhance a cybersecurity analyst’s ability to identify and understand sophisticated threats, by tapping into unstructured data and correlating it with local cybersecurity offenses. What are the cybersecurity implications within the Federal Government for the rise of A.I.? What role can A.I. play in incident response? Can it help prepare agencies for real-world cyber attack scenarios? Join John McCumber, (ISC)2’s Director of Cybersecurity Advocacy and Ian Doyle, IBM’s Executive Security Advisor for the U.S. Government for an examination of the recent study and results.
  • Briefings Part 1: Anatomy of a Large Scale Email-borne Attack Recorded: Nov 16 2017 59 mins
    Bob Adams; Brandon Dunlap
    Your organization and people are being targeted by cyber criminals, hackers and even state-sponsored threat actors and learn how email is a key vector at the heart of this new threat. Join Mimecast and (ISC)2 for an intriguing presentation when you’ll discover and view examples of the various tools attackers leverage to expose your organization with a combination of technology, psychology, and the simplest of methods to "Hack a Human." We’ll also examine the current threat landscape using email attacks and how social engineering has become “malware-less”.
  • Security Briefings Part 3: Compliance Checkup - HIPAA & the Cloud Recorded: Nov 2 2017 61 mins
    Rich Campagna, CEO, Bitglass; Brandon Dunlap, Brightfly
    Organizations in the healthcare industry handle data more sensitive (and valuable) than that of companies in perhaps any other sector. Because of this, those organizations need to demonstrate a heightened standard of data security and privacy. To ensure this, the U.S. has enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). While use of the cloud affords organizations greater efficiency, it also complicates issues of security and regulatory compliance. But the good news is that solutions that enable cloud and security are available. Join Bitglass and (ISC)2 on November 2, 2017 at 1:00PM Eastern to learn about the requirements of HIPAA and the specific security capabilities that healthcare firms need in order to meet compliance requirements.
  • Security Briefing On Demand - Redefining Security: Data Protection On Demand Recorded: Oct 26 2017 50 mins
    Gary Marsden, Senior Director, Data Protection Services; Gemalto; Brandon Dunlap (Moderator)
    Faced with more stringent compliance requirements, driven by GDPR and other regulations, coupled with the difficulties to maintain an effective security profile in dynamic threat environment, many organizations are looking for a new way to manage their data protection. Guided by the ease of use and affordability of as-a-service offerings, organizations are looking to the cloud for answers. Proven efficient for a range of solutions from authentication to networking, the next cloud-based security frontier is revolutionizing the way companies and their service providers manage complex key management and encryption solutions. Simpler, more cost-effective, on-demand options that allow the organization to focus on its business, knowing that their data is securely under control, and only they have the keys to their kingdom, is set to redefine the way organizations do data protection today.
  • Briefing on Demand Part 3 - Talking to Your Developer about Security Recorded: Oct 18 2017 51 mins
    Ryan Potter, Director of Cloud Strategy and Alliances, Imperva; Brandon Dunlap (Moderator)
    More and more enterprises are moving their applications into public and private cloud infrastructure. The cloud is becoming more appealing for enterprises as it facilitates business growth due its agility, resiliency and scalability. The advent of a variety of technologies and processes such as containers, micro-services, and DevOps has made rolling out new applications into the cloud very quick and desirable for development teams. Join Imperva and (ISC)2 for an examination of how enterprises move applications to the cloud without forgetting to put security first.
  • Briefings On Demand Part 2 - Security Across Cloud Platforms Recorded: Oct 18 2017 59 mins
    Nabeel Saeed, Imperva; Brandon Dunlap (Moderator)
    With the proliferation of cloud deployment options and platforms, management of application security across platforms has become a major problem for security teams. In this webinar, we address challenges posed by cloud proliferation, and how to approach development of a consistent security posture across platforms to better manage risks.
  • Briefing On Demand Part 1 - Rethinking Security for Hybrid Environments Recorded: Oct 17 2017 58 mins
    Bo Kim, Sr. Director of Information Security, Imperva; Brandon Dunlap (Moderator)
    As more workloads are moved to cloud infrastructure, unique security challenges arise. Join Imperva and (ISC)2 for this webinar where we'll discuss some of the tradeoffs for on-prem and cloud app security, strategies for approaching security in hybrid environments, and the importance of flexible deployment models.
  • Security Briefings Part 2: Compliance Checkup - GLBA & the Cloud Recorded: Oct 5 2017 60 mins
    Jacob Serpa, Product Marketing Manager, Bitglass; Brandon Dunlap (Moderator)
    Financial services firms face a unique set of challenges. Not only do they store large amounts of sensitive personal data, but they also face heavier regulations than many other verticals. In particular, these organizations must reach compliance with regulations like the Gramm-Leach-Bliley Act (GLBA). As cloud adoption continues to spread within the industry, financial firms must be particularly focused on achieving cybersecurity in ways that ensures compliance. Join Bitglass and (ISC)2 on October 5, 2017 at 1:00PM Eastern as we discuss the different aspects of GLBA that financial services organizations need to know and how different tools that can help with compliance.
  • Security Briefings Part 1: GDPR - Using Technology for Compliance Recorded: Aug 31 2017 63 mins
    Jacob Serpa, Product Marketing Manager, Bitglass; Brandon Dunlap, Moderator
    The General Data Protection Regulation (GDPR) is designed to ensure the privacy and security of European citizens’ personal data. The regulation takes a comprehensive approach to guaranteeing that organizations protect personal data completely and consistently as it is collected, stored, and used. As GDPR comes into effect May 2018, organizations are scrambling to reach compliance with its many requirements - particularly as they relate to the cloud. Fortunately, there are technology solutions that can address a breadth of GDPR-related concerns. Join Bitglass and (ISC)2 on August 31, 2017 at 1:00PM Eastern for the first in a three part Security Briefings series where we will discuss how the components of a cloud access security broker (CASB) can help organizations meet the regulation’s various requirements.
  • Prepping for May 2018: A Guide to Complying with GDPR’s Data Security Regs Recorded: Aug 28 2017 62 mins
    Alexander Hanway, Product Marketing Mgr, Encryption, Gemalto; Brandon Dunlap (Moderator)
    With less than a year to go before it takes effect, GDPR is everywhere in security and privacy news. Much of that coverage treats GDPR at a high-level, addressing topics such as implementation timeline, potential fines and catchy articles like the ‘right to be forgotten’. While important, these topics just scratch the surface of a mandate that is so broad in scope it affects everything from corporate governance to consent rights. Those that fall under GDPR’s scope, find it can be daunting to know where to start and what is really of concern. And, with so much high-level information out there, administrators and compliance teams may find it hard to get the more detailed guidance they need to map their path forward. We aim to fix that.

    This webcast will examine the privacy legislations’ security mandates, the core themes that span articles, and offer constructive, practical ways to comply using encryption and key management. Right now, organizations are spread widely across the readiness spectrum from basic awareness to the advanced stages of meeting their compliance obligations. Wherever you are on your compliance journey, we’ll help you understand GDPR’s security themes as they relate to you, and we’ll lay out solutions to put you in full control of your data and your compliance destiny.

    Join us to learn more about how encryption and key management can get you ready for May 2018 when GDPR takes effect.
  • Part 3: Future of SIEM—Remediate Malware & Spear Phishing w/Automated Playbooks Recorded: Aug 3 2017 59 mins
    Barry Shteiman, Director of Research and Innovation, Exabeam; Brandon Dunlap (Moderator)
    It’s not uncommon for security teams to see upwards of 17,000 malware alerts per week and only investigate a third of them. Each incident detected requires investigation and eventually remediation before it can be laid to rest. Unfortunately, the security talent capable of performing these tasks is scarce, which leaves most security operations teams spread thin, a symptom of sparse coverage compounded by the drain of low fidelity security alerts and false positives. Join Exabeam and (ISC)² on August 3, 2017 at 1:00PM Eastern to learn how SIEM technologies must evolve to include automated playbooks and orchestration for common attacks such as malware and spear-phishing.
  • Part 2: Future of SIEM—Sniff Out Malware & Spear-Phishing w/Behavioral Analytics Recorded: Jun 29 2017 50 mins
    Orion Cassetto, Sr. Product Marketing Manager, Exabeam. Anne Saita (Moderator)
    Malware and spear-phishing continue to cause the most headaches for IT security teams. Over the years, attackers have become more sophisticated and SIEM systems have failed to keep up. Key indicators of emerging threats include lateral movement, where the attacker silently attempts to access multiple servers on the network, and account management, where the attacker escalates privilege or creates new privileged accounts. Detection of advanced threats like these require real time analytics and the ability to find signals within the very noisy security environment. Join Exabeam and (ISC)² on June 29, 2017 at 1:00PM Eastern to learn how user behavior analytics automatically analyzes and scores activity for escalated risk allowing for quick attack detection.
(ISC)2 Security Briefings - Deep dive in infosecurity topics
(ISC)2 Security Briefings brings attendees multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security Series Part 2: IAM as Cloud Services: Right Fit for Your Organization?
  • Live at: Oct 24 2013 5:00 pm
  • Presented by: Merritt Maxim, CA; David Mapgaonkar, CISSP, Deloitte
  • From:
Your email has been sent.
or close