Hi [[ session.user.profile.firstName ]]

Toward a European Certification Scheme for Cloud Services

In 2019, the Cybersecurity Act became a law in Europe, establishing a European Certification Framework. In November 2019, the European Commission tasked ENISA with designing a candidate scheme for cloud services. This work is currently underway. This presentation will first describe the Cybersecurity Act's Certification Framework, and then provide a high-level status on the ongoing work on the scheme for cloud services.
Recorded Jun 9 2020 24 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Eric Vétillard Lead Certification Expert ENISA
Presentation preview: Toward a European Certification Scheme for Cloud Services

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Shift to Cloud-Based, Intelligent Ecosystems Oct 28 2020 7:30 pm UTC 60 mins
    Paul Kurtz, Bob Gourley, Chase Cunningham,& John Yeoh (moderator)
    In a document titled “Cloud-Based, Intelligent Ecosystems” CSA proposes a call to action for security executives to break the endless cycle of iterative tool adoption and, instead, move to data-centric security operations, driving integration and automation leveraging cloud-based fusion. Here, we break down the white paper and open discussion on redefining intelligence, sharing data, today’s overabundance of security tools, and more.

    What you’ll learn:
    - How “intelligence” is being redefined in the industry
    - The challenges of integrating data from internal security tools and external threat feeds.
    - How to build a Cloud-based, secure, intelligent ecosystem
  • Pandemic lessons: opportunities and challenges with contact tracing in Canada Recorded: Sep 25 2020 61 mins
    CSA Canada Chapter
    Like never before, the Pandemic of 2019 has pitched the needs of public health, technology and privacy laws against each other. Canada, like many countries around the world, is struggling to implement efficient contact tracing without violating the privacy of its citizens. Does cloud-enabled contact tracing work? Is modern privacy-preserving technology efficient given the massive scale of tracing and the vast amounts of collected data? What can Canada learn from other countries, and how is it different? Our panel of technology and privacy experts will ponder these and other questions in a lively and frank discussion orchestrated by the CSA Canada Chapter.

    Speakers:
    •Tim Grayson – panel moderator, Institute-X Inc. CEO and Transformation Leader
    •Dr. Ann Cavoukian – Executive Director of the Global Privacy & Security by Design Centre, and former 3-term Privacy Commissioner of Ontario
    •Dr. Khaled El Emam is a Professor at the University of Ottawa, eHealth Info Laboratory
    •Michael Geist - Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa and a member of the Centre for Law, Technology and Society
    •John Weigelt - National Technology Officer at Microsoft Canada
  • Top Cloud Threats: Understanding and Responding to the Egregious Eleven Recorded: Aug 19 2020 58 mins
    Jon-Michael Brook, Top Threats Co-chair, CSA & Dan Frey, Sr. Cloud Product Marketer, ExtraHop
    The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. If you’re concerned about security vulnerabilities in the cloud, you won’t want to miss this conversational deep dive into the Cloud Security Alliance’s annual “Egregious Eleven” report on the top threats to cloud computing.

    Register today to learn more about the top threats from security experts at ExtraHop and the Cloud Security Alliance. You’ll get real-world examples of how those threats can affect your business, as well as steps you can take now to strengthen your security posture. You’ll also see how visibility into network traffic and the ability to analyze full packets speeds incident response and helps make you less vulnerable to new and evolving threats.
  • Banking on the Cloud: Real-World Use and Challenges Across Financial Services Recorded: Aug 5 2020 41 mins
    Craig Balding, FSSP Co-chair, CSA and Founder of Resilient Security & Lianne Caetano, Dir of Cloud Marketing, McAfee
    In this webinar, we will share analysis around cloud usage of financial institutions across three main areas of interest: security concerns, regulatory requirements and governance aspects.

    In this webinar, we will discuss:
    1. Current cloud use in the Financial Sector
    2. Main security concerns such risk management, threat monitoring and technical controls, ie, key management
    3. Best practices for secure and compliant cloud adoption
  • Serverless Security in 2020 and what is the future for Serverless Recorded: Jun 12 2020 32 mins
    Vishwas Manral
    Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to Cloud native services without having to manage infrastructure - including container clusters or virtual machines. This presentation covers security for the serverless applications, focusing on best practices and recommendations for security professionals. We will also talk briefly of the need for CICD and to help secure serverless workloads.
    As part of the presentation we will also talk of the evolution of serverless and what we think the future of serverless security holds.
  • "Security as code" for automated development pipelines Recorded: Jun 12 2020 45 mins
    Andrey Pozhogin Senior Product Marketing Manager, Hybrid Cloud Security Kaspersky
    How to avoid letting supply chain attack compromise your most sensitive machines.
    Supply-chain attacks affecting software development when a malicious code is introduced into legitimate software through supply chain poisoning is an effective tool for cybercriminals. It has been used many times in the wild, successful attacks generating hundreds of thousands of downloads leading to successful pipeline compromise and backdoored software distribution. Such attacks tend to target the most sensitive production environments and are enabled and augmented by sub-par security practices and miscommunication between DevOps and InfoSec. The results are long-lasting, impacting the company image, relations and often bottom line. Let’s discuss how DevOps can introduce on-demand security to their CI/CD pipelines without hindering their KPIs.
  • Emerging Trends Impacting the European Union Recorded: Jun 12 2020 69 mins
    Daniele Catteddu (CSA) Raj Samani (McAfee), Rich Mogull (Securosis).
    Ten years after the formation of the Cloud Security Alliance, cloud computing is a proven and globally accepted enterprise delivery and operational technology model. According to a January 2019 IDC report, the spending on Cloud IT infrastructure may have reached a tipping point in the third quarter of 2018 by surpassing traditional IT revenues with slightly more than a 50% market share.
    Looking at the European market, on one hand cloud computing appears not to have achieved maturity and expressed its full potential, yet on the other we see several new emerging and converging trends (Industrial IoT, Blockchain and AI). This session will address emerging technology trends and the risk and opportunities in the aftermath of the COVID 19 pandemic.
  • Panel Discussion: GDPR with the CSA Center of Excellence Recorded: Jun 11 2020 54 mins
    Linda Strick (CSA), Nathaly Rey (Google), Marc Lueck (Zscaler), Neil Thacker (Netskope), Blake Brannon (OneTrust)
    This session hosted by the CSA EMEA Privacy Center of Excellence will address accountability under GDPR and how Codes of Conduct and certifications are being leveraged by organizations to drive transparency, compliance, and trust.
  • Introduction to the Code of Conduct Recorded: Jun 11 2020 22 mins
    Paolo Balboni
    GDPR Fundamentals & CSA Code of Conduct: Objectives, Scope and Methodology.
  • Oh $*!%: Security Doesn’t Have to Be a Four-Letter Word for Developers Recorded: Jun 10 2020 58 mins
    Chris Hertz VP Cloud Security Sales DivvyCloud by Rapid7 Jeremy Snyder, Sr. Director DivvyCloud by Rapid7
    Join Chris Hertz, VP, and Jeremy Snyder, Sr. Director, DivvyCloud by Rapid7 to learn how to achieve full lifecycle cloud security. They will discuss how cloud security challenges manifest in DevOps and how cloud security and developer misalignment creates friction and makes security a four-letter word. Additionally, they will provide guidance on how to integrate cloud security into DevOps with pipelines and Infrastructure as Code to improve developer productivity and cloud security.
  • European Banking Federation on Cloud Recorded: Jun 10 2020 32 mins
    Alexandra Maniati, European Banking Federation
    Alexandra will share insights on the multi-level work of the European Banking Federation (EBF) to facilitate the adoption of cloud computing in the European banking sector. The EBF supports the efforts of European institutions and agencies to promote security for cloud usage, contributing the banking industry's input in shaping processes and standards. Emphasis is attributed on the need for a future-proof risk-based approach, alleviation of fragmentation and establishment of a common security level.
  • Establishing a Modern Foundation for Advanced Insight Recorded: Jun 10 2020 65 mins
    Scott Bridgen GRC Consulting Director OneTrust GRC
    An effective governance, risk and compliance program should enable all stakeholders across business units to break down traditionally siloed risk areas and replace them with a connected, holistic view of risk that spans their organization and relationships. However, the data sprawl and scope of GRC initiatives can make this seem like a daunting or unattainable task. When reviewing today's roles, responsibilities and technology across today’s data driven landscape, there are three key aspects that set the foundation for establishing an insightful GRC program. In this session, we’ll review modern day GRC-drivers as well as the challenges of operating in the age of digital enterprises. We’ll breakdown practical applications and lessons learned in building a risk-based culture, proactively monitoring compliance, and mapping digital enterprises for GRC success.
    −Define business outcomes to own risk within each line of business and encourage support across leadership
    −Understand how to harmonize regulatory obligations and business objectives to effectively balance compliance and risk
    −Learn how to eliminate overlap across systems to work together and add greater business value to every layer of an organization.
  • Panel: Risk Management and Governance Recorded: Jun 10 2020 69 mins
    Daniele Catteddu (CSA); Steven Mezzio (Director Lubin School), David Frei (Capital One Audit), Craig Balding
    Cloud Computing is entering a mature phase from both the market share and technical evolution standpoint. However, one area that could achieve better results is security and privacy governance. Modernizing the risk management approach, improving the organizational accountability program and streamlining compliance are to be considered key goals for companies that want to optimize their cloud investments and reduce the likelihood of security and privacy incidents.
    Two of the foundational pieces for this optimization process are compliance with solid standards and a skilled and knowledgeable workforce.
    In this session Daniele Catteddu, Global CTO at CSA, will moderate a panel of key experts on cloud auditing, risks management and governance from the Financial Services sector and Accademia.
  • Cybersecurity Certification Framework under the EU Cybersecurity Act Recorded: Jun 9 2020 24 mins
    Andreas Fuchsberger
    This talk will look at the Cybersecurity Certification Framework under the EU Cybersecurity Act (2019), give an overview of the new European cybersecurity certification schemes under development and offer an outlook on the implementation and use of such schemes for 2021 and beyond.
  • Continuous Audit-based Certification Recorded: Jun 9 2020 24 mins
    Alain Pannetrat Senior Researcher Cloud Security Alliance
    Certifications or attestations championed through the CSA STAR program, ISO/IEC, or AICPA, have been a critical driver in the adoption of cloud service across the globe. However, for some cloud customers in sensitive or highly-regulated industries such as banking or healthcare, these certifications or attestations are not sufficient because they do not provide a continuous level of assurance as they rely on annual or bi-annual audits only.
    To address the concerns of this segment of the industry, the Cloud Security Alliance (CSA) is building a continuous auditing framework designed to provide assurance to customers on a monthly, daily, or even hourly basis. This framework can be applied either to self-assessments or third-party certifications.
  • Cybersecurity Certification Framework under the EU Cybersecurity Act (2019) Recorded: Jun 9 2020 24 mins
    Andreas Fuchsberger, International Standards Officer, Microsoft
    This talk will look at the Cybersecurity Certification Framework under the EU Cybersecurity Act (2019), give an overview of the new European cybersecurity certification schemes under development and offer an outlook on the implementation and use of such schemes for 2021 and beyond.
  • Toward a European Certification Scheme for Cloud Services Recorded: Jun 9 2020 24 mins
    Eric Vétillard Lead Certification Expert ENISA
    In 2019, the Cybersecurity Act became a law in Europe, establishing a European Certification Framework. In November 2019, the European Commission tasked ENISA with designing a candidate scheme for cloud services. This work is currently underway. This presentation will first describe the Cybersecurity Act's Certification Framework, and then provide a high-level status on the ongoing work on the scheme for cloud services.
  • Toward a European Certification Scheme for Cloud Services Recorded: May 28 2020 42 mins
    Eric Vétillard, ENISA
    In 2019, the Cybersecurity Act became law in Europe, establishing a European Certification Framework. In November 2019, the European Commission tasked ENISA with designing a candidate scheme for cloud services. This work is currently underway. This presentation will first describe the Cybersecurity Act's Certification Framework, and then provide a high-level status on the ongoing work on the scheme for cloud services.
  • Continuous Audit-based Certification Recorded: May 26 2020 41 mins
    Alain Pannetrat, Cloud Security Alliance
    Certifications or attestations championed through the CSA STAR program, ISO/IEC, or AICPA, have been a critical driver in the adoption of cloud service across the globe. However, for some cloud customers insensitive or highly-regulated industries such as banking or healthcare, these certifications or attestations are not sufficient because they do not provide a continuous level of assurance as they rely on annual or bi-annual audits only.
    To address the concerns of this segment of the industry, the Cloud Security Alliance (CSA) is building a continuous auditing framework designed to assure customers on a monthly, daily, or even hourly basis. This framework can be applied either to self-assessments or third-party certifications.
  • Fighting COVID-19 with secure & private location tracking application Recorded: Apr 1 2020 53 mins
    Moshe Ferber, CSA Israeli Chapter and Guy Barnhart-Magen, Profero
    The Israeli ministry of health was facing a major challenge, develop fast solution for tracking the movement of citizens and alert if they been exposed to COVID-19 patients while the keeping privacy of the citizens safe. In very short time frame the ministry with the help of security community released an open source application that got the full blessing and support even from the security community. In this webinar Moshe Ferber, Chairman @ CSA Israeli Chapter and Guy Barnhart-mages, CTO @ Profero and consultant for the ministry, will be talking about the process of releasing this new application and how challenges were analyzed and solved.
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Toward a European Certification Scheme for Cloud Services
  • Live at: Jun 9 2020 7:00 am
  • Presented by: Eric Vétillard Lead Certification Expert ENISA
  • From:
Your email has been sent.
or close