Name: NIST SP 800-207: Extending Zero Trust to the SaaS Application Data Layer
Start: 2022-03-17T16:00:00Z
End: 2022-03-17T16:00:39.000Z
Location: BrightTALK
Rating: 4.7

If you are interested in SaaS Data Security, you've come to the right channel. We discuss the issues, the use cases and the solutions that companies are facing when trying to keep their SaaS data secure. Whether it be shared documents in Google Drive or in Slack, or any SaaS Applications, DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation. We take a unique, customer-focused approach to the challenge of labor-intensive security risk management and data exfiltration prevention in popular SaaS applications. 

Join us for an exclusive webinar dissecting the findings of DoControl's latest report, "The State of SaaS Data Security 2024." We'll unfold key insights derived from extensive analysis of SaaS usage trends. Discover the implications of exponential asset creation, rampant data oversharing, and prevalent security risks posed by third-party OAuth apps. Real-world case studies will showcase effective strategies for mitigating these risks and enhancing your organization's SaaS security posture.

Explore findings such as:
- 9 out of 10 companies have former employees who accessed assets stored in SaaS applications after they left the company.
- 64% of active third-party OAuth apps are over-permissioned.
- By the end of 2023, the average company had 35K sensitive assets exposed publicly.

Join us to gain actionable insights and optimize your organization's SaaS security.

The State of SaaS Data Security 2024

DoControl, in collaboration with Amazon Web Services (AWS), is tackling a significant challenge in contemporary Cloud Security – SaaS Security. In today's business landscape, the reliance on SaaS applications is paramount for boosting productivity and enabling seamless collaboration across the organization, but the overexposure of this sensitive data is unmanageable without the proper tooling in place. Through their partnership with AWS, DoControl has developed a SaaS Security Platform that offers real-time visibility, continuous monitoring, and no-code workflow automation to safeguard your entire SaaS threat landscape.

Join us in this session to gain insights into AWS and DoControl's Shared Responsibility model, and explore the importance of DoControl as a crucial component within a modern security infrastructure.

See you there!

Securing Your SaaS Environment with DoControl & AWS

Security teams of all sizes struggle to detect, triage, and respond to threats quickly and efficiently at scale. Simply put, visibility is a critical component to securing your cloud environments, and with DoControl’s SaaS security platform organizations will be able to identify malicious user activity across their cloud environments – helping reduce the likelihood and impact of an attack.   
 
Legato Security understands that resources and budgets are tight – and with a SOC that operates 24x7, we help organizations manage and remediate these identified threats. A dedicated team of security experts will help customers streamline and eradicate a threat quickly and efficiently, streamlining the day-to-day operations – and instantly improve their security posture. 
 
Join the conversation, and learn how DoControl and Legato Security will help you: 
* Identify blind spots and detect threats in the cloud 
* Create an optimal response plan 
* Reduce time-to-remediation and minimize the chances of a breach

Increasing Cloud Visibility to Mitigate and Respond to Attacks

Modern businesses increasingly rely on SaaS applications like Google Drive, Box, Dropbox, and Slack to facilitate daily exchanges of sensitive data and files. Although these tools allow for real-time collaboration that drives business enablement, their lack of granular access and security controls presents serious material risks for the businesses that use them. This webinar will outline ten of the most significant SaaS security risks associated with unmanageable data access within SaaS applications that your organization should be aware of.

The Top 10 SaaS Security Risks

A software supply chain attack targets the software development process, with the intent of introducing malicious code into “trusted” software packages. This attack typically involves compromising one or more of the components that make up the software supply chain. Upon successfully infiltrating the supply chain, attackers can then insert malicious code or backdoors into the software package. Compromising the supply chain allows for the ability to steal sensitive data, launch further attacks on the target organization or its customers, or take control of the affected systems and/or applications. Yikes!

In this webinar we will highlight software supply chain risks, as well as offer pragmatic recommendations and guidance to mitigate this type of increasingly common attack that targets Software as a Service (SaaS) applications.

Defending Against Supply Chain Attacks

Software as a Service (SaaS) applications bring the promise of business agility and enablement. But like any technology that provides significant benefit, there are often security implementations that become overlooked. As your business grows and scales, so does the risk imposed at the identity layer across the SaaS estate. In this session, we will highlight the identity problem in SaaS; from human identities (internal employees, external vendors, third party contractors, partners, etc.) to machine identities (application-to-application connectivity, 3rd party OAuth applications, etc.). Attend this session to better understand the risks imposed on every identity within the SaaS estate, and pragmatic approaches to improve your posture.

The Human and Machine Identity Problem in SaaS Environments

Video: The Human and Machine Identity Problem in SaaS Environments

As SaaS environments become more complex and fragmented, the attack surface expands, and security becomes overwhelmingly burdensome. IT and Security teams are already strapped – having to do more with less – and the macroeconomic situation has impacted organizations across every industry vertical. An automated approach to SaaS security is required to navigate this current landscape, and transform the business at speed and scale.
Join us in this next installment in the DoControl webinar series as we explore key capabilities of a modern SaaS security program, and walk through the proof-of-value and ROI both in terms of financial return, as well as the valuable time and resources your teams are given back through automated remediation. We will highlight real-world customer ROI examples for both medium-sized organizations and large enterprises, as well as provide the necessary tools and resources to help build the business case for a SaaS security program.

The ROI of a SaaS Security Program

DoControl recently released the latest findings in what will be an annual data report on Software as a Service (SaaS) security risk. The 2023 SaaS Security Threat Landscape Data Report quantifies the risk modern organizations are faced with, and categories five specific threat models for a comprehensive view of the SaaS threat landscape. The threat models highlight both human and machine identity access to business-critical applications and data; including insider threat, internal vs. external actors and access, third-party to fourth-party sharing, outdated permissions, and third-party OAuth applications. 

In this webinar, we will highlight the risks and vulnerabilities organizations are faced with leveraging SaaS applications. We will then double click into some of the key data points and trends from the report, and provide practical guidance for building a business case for securing the SaaS estate.

The 2023 SaaS Security Threat Landscape Data Report Webinar

2022 was chock full of cyber attacks and breaches that pulled in many different types of threat models and attack vectors. What is clear is the simple fact that you cannot boil the ocean in this environment. Taking a pragmatic and focused approach with people, process and technology at its core is the best approach in an ever evolving threat landscape. Protecting an organization's “crown jewels” requires a combination of the right people, process, and technology. Attend this webinar to better understand how these three core tenants are foundational to any modern security program.

SaaS Security Platformization in 2023: 3 Core Tenants

An average company has between 500k and 10M assets stored in SaaS apps (Microsoft One Drive, Microsoft SharePoint, Box, Dropbox, Slack, etc). Most of these assets are “shared” both internally, and many externally as well.

This poses a significant data security problem, should your data be exposed to threats on the perimeter. In fact, did you know that nearly half of all data breaches that occurred in 2020 can be traced back to SaaS applications?

To diffuse the chances of a major data breach, Microsoft shops must establish fine-grain data access controls to prevent data exfiltration, remediate insider threats, and respond to security incidents quickly. 

Tim Davis, Director of Solutions Engineering at DoControl joins by Tony Klor, Product Marketing Manager at DoControl, in a conversation that will go over industry challenges and best practices around Microsoft SaaS application protection.

Microsoft SaaS Data Protection & Threat Prevention Best Practices

DoControl’s Product team will highlight a new module within the DoControl Software as a Service (SaaS) Security Platform. This new module will extend DoControl’s threat model coverage to provide non-human identity protection for 3rd party SaaS apps. 
The DoControl Platform now provides comprehensive “shadow application” governance through discovery, control, and automated remediation. Attend this webinar to learn how DoControl will enable your business to:

- Gain end-to-end visibility through a comprehensive inventory of multiple SaaS applications and environments
- Assess organizational posture through risk scoring and classification assignment across all business-critical applications
- Establish pre-approval processes and workflows to onboard new applications through end user engagement
- Reduce the attack surface through automated suspension or removal of potentially malicious applications
- Alert on rogue, high-risk or vulnerable (i.e. excessive permissions or privileges) applications through smart analytics

The DoControl SaaS Security Platform: Shadow Applications Governance

Data Loss Prevention (DLP) has been around for literally decades. As the IT estate has evolved, DLP tools and solutions have struggled to keep up. Now more than ever, Software as a Service (SaaS) applications are being leveraged to drive the business. Traditional DLP solutions lack this new egress channel in which data (sometimes extremely sensitive!) is accessed, manipulated, and shared. Attempting to secure modern apps with traditional approaches just doesn’t work. 

DoControl Cloud DLP provides next-generation data loss prevention throughout business-critical SaaS applications. The solution monitors all sensitive SaaS application data activity, performs end-user behavioral analytics to prevent insider threats, and automatically initiates secure workflows to prevent the loss, leakage, and misuse of sensitive company data. DoControl Cloud DLP provides your security team with the foundational components, both technology and process, to create effective DLP programs within SaaS environments. 

Register today to learn you to strengthen your DLP program today by partnering with DoControl

Cover Your SaaS: Data Loss Prevention (DLP) for the Cloud

Preventing the loss of sensitive information is still very much top of mind for CISOs and security practitioners. But in today’s reality, technology moves fast. Traditional DLP solutions struggle in attempting to secure this new egress channel which is Software as a Service (SaaS) applications while a CASB solution is complex and difficult to manage, and the policies are not granular enough to be effective.

Please join our webinar to learn more about DoControl and how we are taking a modernized approach to DLP & CASB. We will discuss preventative measures and mechanisms that identify, detect and block sensitive data from leaving the confines of your cloud.

A New CASB Approach that Secures SaaS Data from Loss

Traditional Cloud Access Security Broker (CASB) proxies placed between SaaS users  and cloud services  are often hardcoded, do not address many common use cases (i.e. BYOD, contractor/vendor/business partner access, sync clients, etc.) and cannot  effectively interject data access security controls that work. Out-of-band mode lacks real-time context and can leave sensitive assets exposed for hours, days, or even weeks. Inline mode bypasses larger files as it lacks the ability to scan them in a timely manner. Both deployment modes are complex, difficult to manage, and lack real-time propagation to detect and block unauthorized access to sensitive data.

Attend this webinar to learn how to take a modern approach to secure sensitive data and files within SaaS applications. The DoControl SaaS Security Platform provides strong visibility throughout the IT estate for both sanctioned and unsanctioned cloud applications, continually assesses and exposes cloud application risk, and provides both manual and automated remediation to reduce risk, and support stringent compliance requirements involving cloud governance and access to sensitive data.

Modernizing CASB to Secure SaaS Data

Cyber insurance has become a common component in organizations’ cybersecurity strategies to mitigate the financial damage of successful attacks. However, the consistent increase in cyberattacks has forced insurance carriers to introduce stringent requirements from their customers. Premiums are either skyrocketing or policies are being dropped altogether. 

Organizations looking to meet these new requirements require solutions that are lightweight, easy to manage and enterprise-ready. In this webinar, we will cover some of the hardened requirements that were introduced by insurance carriers, and provide practical guidance in how to comply with them; from initial evaluation all the way through to full deployment.

Navigating Cyber Insurance Access Control Requirements

In August of 2020, the National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA) published NIST Special Publication 800-207. This special publication follows on the focused interest in Zero Trust initiatives, which by 2022 almost every organization has adopted to some extent. With more reliance on cloud-based and “as a Service” offerings coupled with the evolving state of remote work, this document provides sound design advice, implementation considerations, use case examples, and technology gaps for modern Zero Trust Architectures (ZTA). 
 
In this webinar, we will dive deep on the data access policy and engine components within ZTA. These logical components are foundational to modern ZTA’s, as they are dictating which identities can access which resources. Attend this session to see how DoControl’s data access controls will strengthen your organization’s zero trust strategy – moving security closer to what drives your business forward.

NIST SP 800-207: Extending Zero Trust to the SaaS Application Data Layer

Casb

Cyber Defence

Data Access Control

Data Loss Prevention

Insider Threat

NIST

SaaS Data Security

SSPM

Zero Trust

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

NIST SP 800-207: Extending Zero Trust to the SaaS Application Data Layer

Presented by

About this talk

More from this channel