Name: Developing Cloud Security Concerns & Threats Reflecting on Industry Breach Cases
Start: 2023-10-13T20:35:00Z
End: 2023-10-13T20:35:19.000Z
Location: BrightTALK
Rating: 0

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

In cybersecurity it is important to understand all aspects of best practices and controls: what risks and threats are they solving, what regulations and standards are prescribing them, how to apply them, and how to test for them. Currently, this information is scattered across many different standards and publications in a complex and ever-changing security, legal, and regulatory landscape. OpenCRE solves this problem by connecting standards at the level of common requirements. One of the connected standards is CSA's Cloud Control Matrix. In this webinar you'll learn how to use OpenCRE as a gateway to all the available knowledge around your security controls.

OpenCRE: Simplifying Cybersecurity Standards

That’s a wrap! Join Illena Armstrong as she  closes out the busy day with some final thoughts and insights on how to turn the knowledge gained throughout the conference into actionable items to take back to the office.

CSA Research Summit 2023: Final Thoughts

Join us for an informative webinar as we delve into the recent release of the Cloud Control Matrix (CCM) version 4.0 by the Cloud Security Alliance (CSA) and its mapping to the latest iteration of the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. In this session, we will explore the intricacies of these essential industry standards and how their alignment can enhance security and compliance within the cloud environment. 

Our expert panelists will discuss the key changes and updates in both the CCM 4.0 and PCI DSS 4.0 standards, highlighting their significance in today's evolving cybersecurity landscape. Through practical insights and real-world examples, attendees will gain a deep understanding of the intersection between cloud security best practices and payment card data protection.

Whether you are a cloud service provider, a PCI DSS-compliant organization, or a security professional seeking to bolster your knowledge, this webinar offers a valuable opportunity to stay current with industry trends and best practices. Don't miss the chance to explore the synergy between CCM 4.0 and PCI DSS 4.0 and how it can drive your organization's security posture to new heights.

Mapping the Cloud Control Matrix (CCM) 4.0 to PCI DSS 4.0

Confidential computing presents new methods to secure processes as they run, which in turn can isolate code and data from attack, insider threat and exposure to service providers and unauthorized oversight. This is ideal to address complex new problems facing enterprises today spanning intimate collaboration over sensitive code and data even between untrusted entities, and generative AI, which presents completely new challenges where rights management, privacy, and control are essential for success and to avoid common issues such as model poisoning, data leakage, model compromise, and theft.

This session dives into these challenges and illustrate the essential need to protect running code and data, particularly with emerging LLM technology. The session will include demonstrations and use cases covering financial services and healthcare where protecting models, data, and code with a confidential computing-based zero-trust architecture can help organizations meet the pressure of cloud and AI technology with a much-reduced risk profile.

Confidential Computing for AI Risk Mitigation in Cloud Deployments

HSMs and Key Management in the Cloud – Securing your Keys and Safeguarding your Data

HSMs and Key Management in the Cloud

There are many Cybersecurity and Privacy Frameworks to guide in governing IT-based business solutions, but do they address the unique risks and mitigation strategies required for DLT-based solutions? This presentation by the CSA DLT Security and Privacy Governance Team will share some insights into:
What is important when matching risk appetite to DLT solution options?
What are the inherent design risks that are unique to DLT and DLT solutions ?
Demo of an Inherent Risk Profiling Tool and Risk Mitigation Methodology for a sample Trade Finance Use Case
CSA DLT Security and Privacy Governance Team has taken the approach to build on existing frameworks rather than to try and duplicate their work, so our focus will continue to be on the unique characteristics of DLT solutions

DLT Security and Privacy Framework

It’s no surprise that LLM’s and AI are gradually being introduced into every product that we have been using over the course of the last few years. But what is the impact on identity? From being able to swiftly build powershell code to help enable organizational security groups, to creating automation and techniques from learning parameters, language models seem to have an endless curation of impacting security teams and technology they once knew. This panel aims to guide listeners from the current state of IAM, AI’s role in IAM currently, and how enhancements over time may help, or challenge the roles of security practitioners.

IAM in the Age of AI: Implications for Cloud

This panel discussion introduces one of CSA’s newest research initiatives,  Implementing Privacy by Design and Default (PbDD) within DevSecOps. Researchers discuss current findings, including their approach to successfully selling privacy internally. Using Design Thinking (DT) and Human-Centered Design (HCD) based methodologies, researchers discuss how they were able to identify what really matters to stakeholders—as well as key drivers that propelled the PbDD project under study forward.

Situated non-exclusively within the DevSecOps Six Pillars framework, the current research provides additional considerations to existing processes. Of note is the use of real-world Scenario-Based Design (or modeling) to further clarify the problem and solution spaces of implementation contexts, activating essential organizational dynamics where solution-based innovations may emerge.

The scenario? A global company diagnosing infectious diseases using a downloadable AI-assisted Software as a Medical Device (SaMD) with an opportunity—an exclusive government partnership and blank check. The feasibility challenge? Compliance with all global data protection and privacy regulations.

Escalating Privacy’s Privilege: Using Design Thinking to Identify What Matters

This session will provide an overview of the main provisions and novelties introduced by the proposed Artificial Intelligence Act (AI Act) and its relationship with the General Data Protection Regulation (GDPR). In particular, this session will provide an overview of the AI Act's overall structure and the field it aims to regulate. The session will also flag some possible overlaps (and potential tensions) with the GDPR and some situations where compliance with the AI Act may facilitate compliance with the GDPR (and vice versa). During this session, some thoughts will also be shared about the impact that this upcoming AI Act may have on Cloud Service Providers (CSPs) and, in particular, on the extent to which the provisions of the AI Act may capture CSPs (and under what conditions) their activities.

Understanding the AI Act and its Relationship with GDPR:

The panel will discuss the current state of Zero Trust planning, implementation and industry references for public and private sector organizations in the US and internationally. Initial CSA research focused on the Software Defined Perimeter (SDP), which has been subsumed into the broader Zero Trust strategy and conversation. Recent changes of note in the US include an updated CISA Maturity Model and new DoD ZT Strategy and Roadmap. Impactful environmental factors include the increases in ransomware attacks and escalating threats to critical infrastructure and operational technology.

Reviewing the Current State of Zero Trust

Our current cybersecurity infrastructure is under attack. The future arrival of the quantum computer compels us to revamp our security solutions. Members of the Quantum-Safe Security (QSS) working group of the CSA will discuss the issues and present the most recent developments in both post-quantum cryptography and quantum cryptography. To address the quantum threat promptly, we believe that awareness is paramount. It is well known that a well-planned project should involve 80 % preparation and 20% implementation. Therefore, every decision-maker in companies and organizations should at least start the reflection and preparation stage. This panel aims to bring you up to date with the quantum threat and the possible solutions. Questions and comments from the audience are encouraged

Back to Security in the Quantum Era

While DevSecOps simplifies what used to be manual complexity into a largely automated system, building a successful DevSecOps program has become an incredibly complex task in and of itself. Even mature teams might not be aware of all the tools, techniques, and processes that can be used to improve the security and efficiency of software development.

Follow along as we quickly cover over 30 different tools and processes, what they are, how they help, and open-source options for implementation.

DevSecOps Bingo

In today's rapidly evolving digital landscape, cloud-native applications have become the backbone of modern business operations, and the need for organizations to ensure comprehensive cloud security protection has never been more critical. This keynote session explores the dynamic landscape of cloud security by focusing on the emerging trends shaping within cloud-native environments. The shift towards cloud-native applications presents unique security challenges, requiring innovative approaches to protect sensitive data, prevent unauthorized access, and maintain compliance. Attendees will gain insights into Microsoft's forward-looking perspective on Cloud Native Protection Platform (CNAPP), specifically focusing on visibility and risk prioritization.

Top trends in cloud security with CNAPP

A Unified Approach to Cloud Security: Respond to Cloud-Native Threats w/Speed, Accuracy, and Context

A Unified Approach to Cloud Security

With the recent market acceleration of cloud computing and data democratization, new solutions are needed to handle the scale and agility of this new environment. The Data Security working group will help define people, processes, and technology necessary for data security to operate safely and securely in the cloud. Additionally, we will encourage cybersecurity providers, cloud service providers, and data analytics providers to collaborate to enable continued data innovation while ensuring data security, governance, and privacy.

Modern Data Security Challenges and Best Practices

How to transform your Cloud IAM processes to address the Zero Trust issues created by Shadow Access

Shadow Access is the unauthorized, unmonitored and invisible access to cloud data inadvertently created by cloud automation. Shadow Access enables attackers to utilize unmonitored identities and access to infiltrate cloud environments,  increasing the risk of breaches, malware, ransomware, and data theft. 

Traditional IAM solutions cannot keep pace with thousands of changes generated by DevOps processes, creating a fertile environment for Shadow Access to thrive and resulting in the largest addressable blind spot for Zero Trust. Gaining visibility into Shadow Access by transforming IAM in the cloud is a critical requirement for eliminating Zero Trust blind spots in the cloud. 

This session will share the latest research from the CSA’s Shadow Access working group (a subgroup of the IAM working group) on how to address Shadow Access and eliminate rogue access to applications and services and prevent unauthorized data sharing and data exfiltration.

How to transform your Cloud IAM

With CISA’s recent release of the second version of the Zero Trust Maturity Model V2, and the publication of the US Department of Defense's Zero Trust Strategy and roadmap, public and private sector organizations on a Zero Trust journey are curious about the similarities, differences, implications, and future plans for both and the impact on implementations.  

The CSA has assembled a panel of CISA and DoD experts to review their recent publications and provide a summary analysis of the fundamental commonalities and distinct aspects of their respective frameworks and approaches going forward.

Understanding the CISA Maturity Model and DoD's Zero Trust Strategy

The latest research on cloud security emphasizes the significance of identity, supply chain, and other crucial factors in safeguarding modern cloud services. As more tools become available to defenders, the design of these services becomes increasingly challenging to perfect. This is especially true as advanced national and criminal threat actors collaborate to exploit and target cloud infrastructures. This session will delve into the findings from the CSA's study of recent cloud breach incidents as presented in the "Top Threats to Cloud Computing: Pandemic 11 Deep Dive" report. This release details the 11 most urgent cloud-based concerns, as evidenced by recent industry cloud breaches, and has been analyzed by the Top Threats Working Group members.

Developing Cloud Security Concerns & Threats Reflecting on Industry Breach Cases

Threatscape

Breach Prevention

Breach Detection

Cloudsecurity

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Developing Cloud Security Concerns & Threats Reflecting on Industry Breach Cases

Presented by

About this talk

More from this channel