Hi [[ session.user.profile.firstName ]]

Taking Control of IoT: An Enterprise Perspective

IoT devices are being used at higher rates in our enterprises due to their numerous potential benefits. However, with these benefits come security challenges. Manufacturers aren’t prioritizing secure features. The devices are also more difficult to secure due to the small size. Hackers and malware are attacking these devices at higher rates. For all these reasons the CSA IoT Working Group developed the CSA IoT Security Controls Framework. In this webinar we’ll cover…

- the current state of IoT and the need for a security framework on IoT for the enterprise
- unique security components of the IoT ecosystem
- a roadmap for future needs in security for the IoT
Recorded Jul 8 2019 40 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Hillary Baron, Program Manager, CSA & John Yeoh, Global VP of Research, CSA
Presentation preview: Taking Control of IoT: An Enterprise Perspective

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • CCSK Training and Certification Guidelines & Introduction to the CCM Mar 11 2021 5:30 pm UTC 60 mins
    Eleftherios Skoutaris, Innovation Analyst, CSA EMEA
    Join the CSA South Florida Chapter as we explore the Certificate of Cloud Security Knowledge (CCSK). The Certificate of Cloud Security Knowledge (CCSK) enables everyone the ability to utilize cloud services more securely and speak with confidence about cloud security concerns. The CCSK gives a broad overview of cloud security and affords critical insights into issues such as data security, key management and identity and access management.

    This event will introduce Cloud Controls Matrix (CCM), a cloud security controls framework specifically designed to provide fundamental security principles that guide cloud service vendors toward the most secure practices and to assist prospective cloud customers in assessing the overall security of cloud providers.
  • Level Up Your Detection and Response in SaaS Apps Recorded: Jan 27 2021 49 mins
    Ben Johnson, CTO & Co-Founder, Obsidian Security
    Presented by: CSA Washington DC Metro Chapter

    SaaS powers the modern workplace, as organizations move their critical business systems such as email, collaboration, sales and marketing to third-party SaaS applications. With more and more of the business data sitting in these cloud applications, threat-focused teams need to figure out how to run detection and incident response workflows on systems they don’t own and control. Obsidian CTO and former NSA engineer Ben Johnson will discuss how you can get better at detecting, investigating, and responding to unwanted behavior such as unauthorized access across multiple SaaS platforms using native cloud capabilities and third-party systems.

    Speaker: Ben Johnson, CTO & Co-Founder, Obsidian Security

    Speaker Bio: Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company's Chief Security Strategist. As the company's original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community. Ben is active in the cybersecurity community, where he is a technical advisor to the US FISA Court and sits on the boards of multiple security startups.

    Ben earned a bachelor's degree in computer science from the University of Chicago and a master's degree in computer science from Johns Hopkins University. He lives in Newport Beach, CA with his wife and three sons.
  • Come posso fidarmi di un fornitore Cloud ? Recorded: Jan 27 2021 69 mins
    Alberto Manfredi, Mauro Palmigiani, Umberto Pirivano
    Dalla qualifica AGID alla nuova iniziativa CSA Trusted Cloud Provider.
    Nel 2020 abbiamo assistito ad un’ulteriore conferma della crescita del mercato cloud italiano, in particolare dei modelli di servizio SaaS grazie anche alla riconversione di applicazioni precedentemente sviluppate, ed installate, on-premise. Stanno inoltre acquisendo un’importanza rilevante le conformità a leggi e norme sulla cyber security e privacy. Alcune delle domande a cui si è chiamati a rispondere in un dialogo cliente-fornitore sono pertanto:
    ho ancora il controllo delle mie informazioni ?
    Il fornitore ha esperienza nella gestione in sicurezza del nuovo servizio in cloud ?
    Come valuto la fiducia del fornitore cloud ?
    CSA propone dal 2021 un percorso di qualifica per Fornitori Cloud chiamato CSA Trusted Cloud Provider. Ne parleremo con il nostro partner Palo Alto Networks alla luce della loro esperienza nell’ambito della qualificazione dei loro servizi SaaS sul marketplace AGID dei fornitori Cloud per la PA italiana (cloud.italia.it). Nell'ottica del modello di shared responsibility per la cloud security, PaloAlto Networks ci mostrerà le best practice che i clienti dovrebbero considerare per ottenere una postura di sicurezza adeguata qualunque sia il loro grado di maturità nell'adozione di IT in cloud.
  • Dealing with an Adolescent Cloud Recorded: Dec 15 2020 40 mins
    Ross Young, CISO of Caterpillar Financial Services Corporation
    Summary: Would you like to learn how to secure the cloud? This webcast will go in depth on AWS's 7 secure design principles and walk you through a variety of open source tools that your organization can deploy to secure a cloud environment. For each principle we will demonstrate a Fundamental and Advanced approaches to transform any organization

    Speaker Name: Ross Young

    Speaker info: CISO of Caterpillar Financial Services Corporation, SANS Instructor, Johns Hopkins University Instructor, CISO Tradecraft Podcast Co-Host, and Creator of the OWASP Threat and Safeguard Matrix (TaSM)

    Speaker profile: https://www.linkedin.com/in/mrrossyoung/
  • Le principali minacce nel Cloud: analisi di 9 attacchi e cosa abbiamo imparato Recorded: Dec 14 2020 55 mins
    Paolo Foti, CSA Italy e Marco Rottigni, EMEA Qualys
    Il webinar e’ organizzato da CSA Italy e Qualys con l'obiettivo di analizzare le best practice di cloud security sulla base di 9 attacchi rilevati verso aziende importanti a livello internazionale, valutando successivamente l'applicabilità di alcuni approcci e soluzioni disponibili che aiutino ad identificare la superficie vulnerabile, arricchire il contesto , prioritizzare il rimedio e mantenere una visione dinamicamente aggiornata sull’inventario delle risorse cloud e la postura di sicurezza.
  • The Shift to Cloud-Based, Intelligent Ecosystems Recorded: Oct 28 2020 60 mins
    Paul Kurtz, Bob Gourley, Chase Cunningham,& John Yeoh (moderator)
    In a document titled “Cloud-Based, Intelligent Ecosystems” CSA proposes a call to action for security executives to break the endless cycle of iterative tool adoption and, instead, move to data-centric security operations, driving integration and automation leveraging cloud-based fusion. Here, we break down the white paper and open discussion on redefining intelligence, sharing data, today’s overabundance of security tools, and more.

    What you’ll learn:
    - How “intelligence” is being redefined in the industry
    - The challenges of integrating data from internal security tools and external threat feeds.
    - How to build a Cloud-based, secure, intelligent ecosystem
  • Pandemic lessons: opportunities and challenges with contact tracing in Canada Recorded: Sep 25 2020 61 mins
    CSA Canada Chapter
    Like never before, the Pandemic of 2019 has pitched the needs of public health, technology and privacy laws against each other. Canada, like many countries around the world, is struggling to implement efficient contact tracing without violating the privacy of its citizens. Does cloud-enabled contact tracing work? Is modern privacy-preserving technology efficient given the massive scale of tracing and the vast amounts of collected data? What can Canada learn from other countries, and how is it different? Our panel of technology and privacy experts will ponder these and other questions in a lively and frank discussion orchestrated by the CSA Canada Chapter.

    •Tim Grayson – panel moderator, Institute-X Inc. CEO and Transformation Leader
    •Dr. Ann Cavoukian – Executive Director of the Global Privacy & Security by Design Centre, and former 3-term Privacy Commissioner of Ontario
    •Dr. Khaled El Emam is a Professor at the University of Ottawa, eHealth Info Laboratory
    •Michael Geist - Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa and a member of the Centre for Law, Technology and Society
    •John Weigelt - National Technology Officer at Microsoft Canada
  • Top Cloud Threats: Understanding and Responding to the Egregious Eleven Recorded: Aug 19 2020 58 mins
    Jon-Michael Brook, Top Threats Co-chair, CSA & Dan Frey, Sr. Cloud Product Marketer, ExtraHop
    The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. If you’re concerned about security vulnerabilities in the cloud, you won’t want to miss this conversational deep dive into the Cloud Security Alliance’s annual “Egregious Eleven” report on the top threats to cloud computing.

    Register today to learn more about the top threats from security experts at ExtraHop and the Cloud Security Alliance. You’ll get real-world examples of how those threats can affect your business, as well as steps you can take now to strengthen your security posture. You’ll also see how visibility into network traffic and the ability to analyze full packets speeds incident response and helps make you less vulnerable to new and evolving threats.
  • Banking on the Cloud: Real-World Use and Challenges Across Financial Services Recorded: Aug 5 2020 41 mins
    Craig Balding, FSSP Co-chair, CSA and Founder of Resilient Security & Lianne Caetano, Dir of Cloud Marketing, McAfee
    In this webinar, we will share analysis around cloud usage of financial institutions across three main areas of interest: security concerns, regulatory requirements and governance aspects.

    In this webinar, we will discuss:
    1. Current cloud use in the Financial Sector
    2. Main security concerns such risk management, threat monitoring and technical controls, ie, key management
    3. Best practices for secure and compliant cloud adoption
  • Serverless Security in 2020 and what is the future for Serverless Recorded: Jun 12 2020 32 mins
    Vishwas Manral
    Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to Cloud native services without having to manage infrastructure - including container clusters or virtual machines. This presentation covers security for the serverless applications, focusing on best practices and recommendations for security professionals. We will also talk briefly of the need for CICD and to help secure serverless workloads.
    As part of the presentation we will also talk of the evolution of serverless and what we think the future of serverless security holds.
  • "Security as code" for automated development pipelines Recorded: Jun 12 2020 45 mins
    Andrey Pozhogin Senior Product Marketing Manager, Hybrid Cloud Security Kaspersky
    How to avoid letting supply chain attack compromise your most sensitive machines.
    Supply-chain attacks affecting software development when a malicious code is introduced into legitimate software through supply chain poisoning is an effective tool for cybercriminals. It has been used many times in the wild, successful attacks generating hundreds of thousands of downloads leading to successful pipeline compromise and backdoored software distribution. Such attacks tend to target the most sensitive production environments and are enabled and augmented by sub-par security practices and miscommunication between DevOps and InfoSec. The results are long-lasting, impacting the company image, relations and often bottom line. Let’s discuss how DevOps can introduce on-demand security to their CI/CD pipelines without hindering their KPIs.
  • Emerging Trends Impacting the European Union Recorded: Jun 12 2020 69 mins
    Daniele Catteddu (CSA) Raj Samani (McAfee), Rich Mogull (Securosis).
    Ten years after the formation of the Cloud Security Alliance, cloud computing is a proven and globally accepted enterprise delivery and operational technology model. According to a January 2019 IDC report, the spending on Cloud IT infrastructure may have reached a tipping point in the third quarter of 2018 by surpassing traditional IT revenues with slightly more than a 50% market share.
    Looking at the European market, on one hand cloud computing appears not to have achieved maturity and expressed its full potential, yet on the other we see several new emerging and converging trends (Industrial IoT, Blockchain and AI). This session will address emerging technology trends and the risk and opportunities in the aftermath of the COVID 19 pandemic.
  • Panel Discussion: GDPR with the CSA Center of Excellence Recorded: Jun 11 2020 54 mins
    Linda Strick (CSA), Nathaly Rey (Google), Marc Lueck (Zscaler), Neil Thacker (Netskope), Blake Brannon (OneTrust)
    This session hosted by the CSA EMEA Privacy Center of Excellence will address accountability under GDPR and how Codes of Conduct and certifications are being leveraged by organizations to drive transparency, compliance, and trust.
  • Introduction to the Code of Conduct Recorded: Jun 11 2020 22 mins
    Paolo Balboni
    GDPR Fundamentals & CSA Code of Conduct: Objectives, Scope and Methodology.
  • Oh $*!%: Security Doesn’t Have to Be a Four-Letter Word for Developers Recorded: Jun 10 2020 58 mins
    Chris Hertz VP Cloud Security Sales DivvyCloud by Rapid7 Jeremy Snyder, Sr. Director DivvyCloud by Rapid7
    Join Chris Hertz, VP, and Jeremy Snyder, Sr. Director, DivvyCloud by Rapid7 to learn how to achieve full lifecycle cloud security. They will discuss how cloud security challenges manifest in DevOps and how cloud security and developer misalignment creates friction and makes security a four-letter word. Additionally, they will provide guidance on how to integrate cloud security into DevOps with pipelines and Infrastructure as Code to improve developer productivity and cloud security.
  • European Banking Federation on Cloud Recorded: Jun 10 2020 32 mins
    Alexandra Maniati, European Banking Federation
    Alexandra will share insights on the multi-level work of the European Banking Federation (EBF) to facilitate the adoption of cloud computing in the European banking sector. The EBF supports the efforts of European institutions and agencies to promote security for cloud usage, contributing the banking industry's input in shaping processes and standards. Emphasis is attributed on the need for a future-proof risk-based approach, alleviation of fragmentation and establishment of a common security level.
  • Establishing a Modern Foundation for Advanced Insight Recorded: Jun 10 2020 65 mins
    Scott Bridgen GRC Consulting Director OneTrust GRC
    An effective governance, risk and compliance program should enable all stakeholders across business units to break down traditionally siloed risk areas and replace them with a connected, holistic view of risk that spans their organization and relationships. However, the data sprawl and scope of GRC initiatives can make this seem like a daunting or unattainable task. When reviewing today's roles, responsibilities and technology across today’s data driven landscape, there are three key aspects that set the foundation for establishing an insightful GRC program. In this session, we’ll review modern day GRC-drivers as well as the challenges of operating in the age of digital enterprises. We’ll breakdown practical applications and lessons learned in building a risk-based culture, proactively monitoring compliance, and mapping digital enterprises for GRC success.
    −Define business outcomes to own risk within each line of business and encourage support across leadership
    −Understand how to harmonize regulatory obligations and business objectives to effectively balance compliance and risk
    −Learn how to eliminate overlap across systems to work together and add greater business value to every layer of an organization.
  • Panel: Risk Management and Governance Recorded: Jun 10 2020 69 mins
    Daniele Catteddu (CSA); Steven Mezzio (Director Lubin School), David Frei (Capital One Audit), Craig Balding
    Cloud Computing is entering a mature phase from both the market share and technical evolution standpoint. However, one area that could achieve better results is security and privacy governance. Modernizing the risk management approach, improving the organizational accountability program and streamlining compliance are to be considered key goals for companies that want to optimize their cloud investments and reduce the likelihood of security and privacy incidents.
    Two of the foundational pieces for this optimization process are compliance with solid standards and a skilled and knowledgeable workforce.
    In this session Daniele Catteddu, Global CTO at CSA, will moderate a panel of key experts on cloud auditing, risks management and governance from the Financial Services sector and Accademia.
  • Cybersecurity Certification Framework under the EU Cybersecurity Act Recorded: Jun 9 2020 24 mins
    Andreas Fuchsberger
    This talk will look at the Cybersecurity Certification Framework under the EU Cybersecurity Act (2019), give an overview of the new European cybersecurity certification schemes under development and offer an outlook on the implementation and use of such schemes for 2021 and beyond.
  • Continuous Audit-based Certification Recorded: Jun 9 2020 24 mins
    Alain Pannetrat Senior Researcher Cloud Security Alliance
    Certifications or attestations championed through the CSA STAR program, ISO/IEC, or AICPA, have been a critical driver in the adoption of cloud service across the globe. However, for some cloud customers in sensitive or highly-regulated industries such as banking or healthcare, these certifications or attestations are not sufficient because they do not provide a continuous level of assurance as they rely on annual or bi-annual audits only.
    To address the concerns of this segment of the industry, the Cloud Security Alliance (CSA) is building a continuous auditing framework designed to provide assurance to customers on a monthly, daily, or even hourly basis. This framework can be applied either to self-assessments or third-party certifications.
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Taking Control of IoT: An Enterprise Perspective
  • Live at: Jul 8 2019 6:25 pm
  • Presented by: Hillary Baron, Program Manager, CSA & John Yeoh, Global VP of Research, CSA
  • From:
Your email has been sent.
or close