Name: HITRUST Certification: How to Get Started & Avoid Security Pitfalls
Start: 2023-02-13T18:00:00Z
End: 2023-02-13T18:00:43.000Z
Location: BrightTALK
Rating: 4.5

One mission: End data exposure by putting organizations back in control of their data.

How can security leaders shape a multi-cloud security strategy that works with the business to accelerate innovation while also protecting the confidentiality, integrity, and privacy of sensitive data? Wherever you are on your cloud journey, this webinar will help you refine a multi-cloud security strategy that's actually tolerable.

Open Raven CEO Dave Cole reviews important considerations such as:
• A working definition of multi-cloud (what it is and isn't)
• How does multi-cloud happen? What are some good reasons to go multi-cloud?
• A review of the "Shared Fate Model" and how the 3 CSPs lay out their responsibility models
• Baseline comparison of parameters when dealing with the many nuances across multi-cloud
• Securing data across clouds, and what getting data security wrong looks like
• The cloud security talent gap

Multi-Cloud Mythology (& Truths!)

The Open Raven team addresses how SOC analysts can use data context to accelerate post-breach response and containment actions.

Data Security Questions E5: How Do I Use Data Context for Post-Breach Response?

In this webinar CEO Dave Cole helpfully (and with good humor) untangles the messy modern data security landscape amidst a backdrop of massive transformation. Dave shares a simplified decision tree which offers viewers a basic framework for understanding exactly which data security products are built for the veritable "Vegas buffet" of use cases out in the wild today.

Dave will review important considerations such as:
• Baseline data visibility, inventory for unstructured and semi-structured data, and data classification
• Securing data in motion vs. data at rest? (Do you need a microscope or a pair of binoculars?)
• The prevalence of dark data and the inherent risks surrounding human error
• The big differences between cloud vs. on premises
• SaaS vs. IaaS/PaaS?
• Security vs. Privacy vs. Data Teams?

Field Guide to Modern Data Security

During the 1950s, commercial airline pilots often operated using purely visual flight rules. For years
this critical lack of instrumentation resulted in numerous near-miss incidents and more than a few
mid-air passenger jet collisions.

Today, security teams operate in the cloud in much the same way. They can see their cloud
infrastructure but are flying blind when asked to know the precise location, type, and sensitivity of
data stored in the cloud. Meanwhile, data breaches and leaks persist.

The time has arrived for organizations to begin the transition to instrument-driven cloud data
visibility and control to finally protect sensitive data stored in the cloud.

Join Open Raven CEO Dave Cole as he travels between 1950s aviation history and present-day uses of
cloud infrastructure. In this webinar Dave will discuss:

• Why data privacy solutions don't solve the needs of cloud data security teams.
• How data intelligence determines which incident response playbook to run, especially when
the clock's ticking.
• How the Open Raven Data Security Platform restores visibility and control of cloud data.

Flying Blind - The Case for Cloud Data Security

The Open Raven Team discusses data breaches involving PII and how complete scanning vs sampling can help prevent them.

Data Security Questions E4: How do I find and secure PII data?

The Open Raven team discusses the security problems posed by exposed or unencrypted developer secrets, how to discover and classify them, and how to apply guardrails so they are properly secured.

Data Security Questions E3: How Do I Find and Secure Developer Secrects?

The Open Raven team shows how to discover shadow data and take action.

Data Security Questions E2: How Do I Discover Shadow Data and Take Action?

The Open Raven team shows how to determine if sensitive data resides in the wrong geographic region.

Data Security Questions E1: Is My Sensitive Data is in the Wrong Region?

Amazon Macie is a service primitive for data classification and security assessment that aims to protect sensitive data in AWS S3 buckets. While useful in some scenarios, it’s challenged to operationalize data loss protection workflow end-to-end as well as a prohibitive cost model for many continuous operations use cases.

This 50-minute workshop will compare the capabilities and use cases for Open Raven as an alternative to Amazon Macie, particularly for protecting sensitive data in AWS S3 and elsewhere. The workshop will conclude with product demonstration of the new Open Raven cloud-native data protection platform.

In this workshop, you’ll learn how to visualize and protect sensitive data across your AWS environment, including how to:

• Auto discover and classify data at scale with advanced search
• Continuously monitor data and enforce security and privacy policies with OPA
• Protect your data lakes built on AWS S3 and elsewhere
• Automate end-to-end operations for security and privacy use cases

A Better Alternative to Amazon Macie

The supposed security superiority of on-premises environments have been used countless times to slow roll cloud initiatives since the early days of the public cloud.  However, if you look closely, is there a real advantage to securing data on-premises versus in the cloud?

In this talk, Dave Cole and Mark Curphey, cybersecurity veterans whose experience stretches across 50 years combined, will break down how exactly the opposite is true: it’s often possible, and in fact, actually easier to secure a public cloud environment than it is to properly defend an on-premises environment. 

This presentation will cover the following:

• Compare and contrast a wide range of factors, from identity models to observability and outsourcing
• Core security functions like vulnerability management and patching to explore how the move to the public cloud fundamentally changes what is possible (For example, when’s the last time you were in the office to patch that aging firmware?)
• Key differences between protecting physical and software-defined infrastructure
• Reality check: what factors can make cloud security more challenging than before?

Modern Mythology: Data On Prem is More Secure than On Cloud

HITRUST compliance is often a requirement for partnering with healthcare providers and insurers. The certification process involves preparing an audit, remediating gaps, updating policies and procedures, and submitting data for review. 

But achieving certification is challenging, especially for security teams working with cloud infrastructure. Many companies struggle with producing a data inventory, a critical first step. So, how do you improve your HITRUST compliance stance?

Moderated by award winning CIO Jason James, and featuring Net Health CISO Jay Miller, Laika CISO Jay Trinckes, and Open Raven CEO Dave Cole, watch this webinar to hear the panel discuss:
- Business drivers for and implications of HITRUST certification
- Essential recommendations for how to get started, avoid pitfalls, and simplify recertification
- Real world examples and lessons learned 
- How the Open Raven Data Security Platform supports achieving and maintaining certification

HITRUST Certification: How to Get Started & Avoid Security Pitfalls

Cloud Security

Data Discovery

HITRUST

Data Security

Compliance

Health Security

Healthcare Security

Cloud Compliance

Data Compliance

HIPAA

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

HITRUST Certification: How to Get Started & Avoid Security Pitfalls

Presented by

About this talk

More from this channel