Name: SolarWinds Lessons Learned: 4 Steps to Securing Office 365 and Connected Apps
Start: 2021-02-11T17:30:00Z
End: 2021-02-11T17:30:55.000Z
Location: BrightTALK
Rating: 4.4

Updates and discussions on latest cloud security trends and CipherCloud CASB offerings for zero-trust cloud security, presented by industry leaders and subject matter experts.

Given the requirement to secure access to cloud applications and data from anywhere, at any time, on any user device, today’s security practitioners are moving quickly to adopt Zero Trust Network Access (ZTNA) practices.

By engaging software-defined perimeters to enforce identity and context-aware access policies for applications and data residing in hybrid IT environments, organizations can better support the remote workforce, and use of both managed and unmanaged devices.
At the same time, this undertaking triggers a number of related challenges including:

- Creating granular, identity-driven access controls for applications access

- Invoking a data-centric, context aware approach to information protection

- Enabling application cloaking to prevent discovery on the public Internet

- Fostering access to legacy applications in conjunction with IAM and MFA

- Ensuring a consistent user experience across SaaS and private applications

Can your organization protect its crown jewels throughout all of its applications, including SaaS, to prevent lateral movement and potential data loss?

Join us for this hands-on, “how to” webinar focused on engaging ZTNA to solve VPN “implicit trust” challenges. We will also discuss how the CipherCloud Zero-Trust Remote Access solution addresses many of these pressing applications access and data security requirements.

Did you say ZTNA? How to: Securing Cloud Access and Remote Collaboration

Arguably the no. 1 takeaway for security practitioners analyzing the recent cyber attacks targeting SolarWinds and its use of the Microsoft Office 365 cloud platform is the need to employ stronger mechanisms to detect and respond to such cross-platform threats in real time.

As demonstrated in this scenario, attackers’ abilities to compromise existing defenses and subvert access controls for Office 365 and other cloud platforms enabled them to infiltrate multiple organizations to execute potential data theft, all while remaining undetected. This was a particularly damaging technique given the “trusted connection” relationship existing between Office 365 and other clouds.

To address this issue and increase the likelihood of identifying and preventing such threats - those that take advantage of pervasive risks directly related to complex ecosystems of cloud applications and infrastructure - practitioners clearly require centralized capabilities designed to pinpoint and mitigate cross cloud platform attacks.

In this webinar, we’ll examine the specific steps that enabled attackers to gain access to Office 365 and leverage its connected cloud relationship with other applications to carry out their campaign. We will also highlighting key capabilities of the CipherCloud CASB+ that can help organizations address such conditions, including:

 - Monitoring of all 3rd-party applications connected to your cloud applications

- Logging and reporting cross-cloud security events and impacts

- Detecting unusual cloud activity and anomalous user behavior

- Leveraging automated cloud anti-malware and APT prevention

- Ensuring cloud data protection via E-DRM and other controls

- Assessing and remediating risk in cloud applications configurations 

Join us for the timely best practices webinar aimed at helping you avoid costly breach incidents.

SolarWinds Attack Response: Mitigating Connected Cloud Risks in Office 365

ServiceNow is a standard-bearer for transforming and modernizing business operations in the cloud, across a wide array of modules including IT Service and Operations Management, Human Resources, Customer Service Management, and Financial Management.

Remote admins and users are connecting direct-to-net from insecure home network to access data in ServiceNow; in many cases using unmanaged devices. At the same time, as organizations embrace ServiceNow applications and send more of their sensitive data into the cloud - from employee PII, PHI, and other HR data, to ITSM records carrying detailed identifiable information attractive to potential attackers - the need for dedicated security, privacy, and compliance controls over the corporate blueprint has become increasingly clear.

From the CIO and line of business officials, to the CISO and security teams tasked with protecting ServiceNow applications data, today’s practitioners require additional capabilities to ensure data privacy and answer key questions including:

 - How can I discover sensitive information existing in ServiceNow cloud to ensure compliance?

 - How can I enable visibility and control over sensitive data being uploaded, downloaded, and shared by ServiceNow users?

 - How can I provide Zero Trust access to the ServiceNow modules from any device and location?

 - How can I continuously assess, detect, and mitigate user risks within the ServiceNow environment?

 - How can I ensure end-to-end cloud data protection - both inside and outside of the ServiceNow environment?

 - How can I ensure data resident in ServiceNow is compliant with GDPR, CCPA, PCI, HIPAA, and other data protection laws?

In this targeted best practices webinar, learn how security professionals are extending ServiceNow’s native security defenses through use of CASBs’ centralized cloud monitoring, Zero Trust access, data protection and compliance capabilities.

How Secure Are Your ServiceNow Workflows? Ensuring Data Privacy in the Cloud

Numerous organizations are turning to the SAP SuccessFactors platform to help “manage through disruption” by adopting capabilities spanning Talent Management, HR and Payroll, and related analytics, among others.  At the same time, addressing any related risk or security exposure remains a top priority.

To that end, companies deploying SAP SuccessFactors as their strategic HR and Human Capital Management platform must also include advanced cloud and data security capabilities to protect sensitive data, prevent data exfiltration and maintain regulatory compliance. That’s why leading IT Security and HRIS practitioners have turned to CipherCloud to provide the security, data protection and governance required when embracing cloud HR and HCM.

In this best practices webinar, join CipherCloud as we highlight the Top Seven Tips for Securing SAP SuccessFactors, spanning key requirements including:
 - Maintaining continuous visibility into applications usage
 - Controlling access from trusted locations and devices
 - Maintaining optimized protection wherever data travels
 - Enforcing policies to ensure compliance [ex. GDPR]
 - Encrypting any protected data with full key control
 - Detecting threats including malware and compromises
 - Performing context-driven forensic investigation

Register today to learn how the CipherCloud CASB+ solution can accelerate your organization’s use of SuccessFactors HR, Recruiting, Organizational Management and Payroll capabilities.

The Top Seven Tips for Securing SAP SuccessFactors

Accelerated cloud adoption proved to be the biggest thing that ever happened to data loss prevention (DLP). With so much information finding its way into cloud applications, practitioners had to find a vehicle for active enforcement. In effect, strategic use of email, network, endpoint and other “on-prem” DLP finally became a reality, along with growing adoption of DLP capabilities designed specifically for the cloud.

Fast forward and DLP has become the backbone of enterprise data protection. However,  today’s mandate isn’t merely supporting growing cloud use - it’s about properly enlisting DLP in the cloud everything world. As such, actionable DLP policies must account for a huge range of complicated scenarios across cloud-based email, file-sharing, image scanning and collaboration - addressing a nearly endless array of business workflows, users and devices.

So how do organizations effectively tackle this evolving cloud DLP policy challenge? 

In this best practices webinar learn how centralized DLP policies can be architected to:
 - Identify and classify data across any apps including Office 365, Box, SAP and more
 - Support complex workflows including multi-organization cloud collaboration
 - Enact multi-step enforcement for both managed and unmanaged devices
 - Address compliance across standards including GDPR, PCI, SOX and HIPAA
 - Weave traditional and cloud DLP policies into consistent, centralized data protection

If your organization is working to extend its cloud DLP policy expertise - register today to learn how a unified approach including the CipherCloud CASB+ platform, can help.

The Policy Predicament - Getting the Most out of Cloud DLP

If the overnight expansion of the remote workforce has taught us one lesson, it is that improving data protection for cloud apps has become the primary challenge facing today’s security practitioners. 

In fact, one might easily conclude that - based on the massive strategic benefits appreciated by increased cloud adoption and remote access - in the very near future many organizations may seek to offload responsibility for just about every manner of security, save user and data-centric protection. So what does this mean for security architects, management and operational staff as we move quickly toward that “cloud everything” future? 

Clearly, organizations will require stronger methods for protecting cloud data, along with user and device access when traditional network, hardware and app stack defenses have become largely outmoded. Further, as more users log into the cloud to collaborate via both managed and unmanaged devices, extended cloud security capabilities will need to account for key considerations including:

  -   How to protect against inappropriate data access and handling while enabling open shares across the huge range of sensitive company data?

  -   How to account for user and device security posture to thwart emerging threats that seek to exploit compromised accounts and endpoints?

  -   How to ensure proper enforcement and remediation when issues do arise, including the ability to encrypt or wipe information as it moves off the cloud?

In this best practices webinar, join us to discuss the hugely important challenge of addressing the confluence of cloud, user, data, and device security in the name of enabling the real-time collaboration required by today’s remote workforce. Along with the involved challenges and use cases, we’ll outline dedicated CASB solutions use cases and best practices that address this specific set of real-world challenges.

Reinventing Data Security for the Remote Workforce in A “Cloud First” World

Are your Office 365 accounts, cloud applications and data safe from further attacks?

In the aftermath of the massive SolarWinds supply chain breach, the need to better secure Office 365 and connected cloud applications has become increasingly clear.

Beyond the havoc wreaked by attackers who compromised SolarWinds’ Office 365 accounts to infiltrate those of its customers, other organizations have now discovered the same hackers targeting their Office 365 applications and data.

How can we better understand and respond to this scenario?

In this Best Practices, “Lessons Learned” webinar, we’ll outline 4 key steps necessary to better secure Office 365 and connected cloud applications, including:

- Gaining contextual, device and user-based access control over applications and sensitive data

- Monitoring user behavior with Machine Learning to identify evolving threats in real-time

- Applying a layered approach to end-to-end cloud data protection, including DLP and EDRM

- Enlisting highly granular, user and data-centric policies to optimize security and compliance

We’ll also examine how this approach complements application of the MITRE ATT&CK Cloud Matrix and detail the ability of the CipherCloud CASB+ solution to address these pressing cloud and data security challenges.

SolarWinds Lessons Learned: 4 Steps to Securing Office 365 and Connected Apps

Data Breach

Office 365

Best Practice

Cloud Security

Data Protection

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

SolarWinds Lessons Learned: 4 Steps to Securing Office 365 and Connected Apps

Presented by

About this talk

CipherCloud (now part of Lookout)