Name: Securing Your Data in a Cloud-Native Application World
Start: 2023-12-06T17:00:00Z
End: 2023-12-06T17:00:30.000Z
Location: BrightTALK
Rating: 4.9

Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets. Powered by graph-based technology, Panoptica’s Attack Path Engine prioritizes and offers dynamic remediation for vulnerable attack vectors helping security teams quickly identify and remediate potential risks across cloud infrastructures. 

Generative AI has already entered workflows across business departments. But how should you be using GenAI for cloud security to achieve optimal efficiency and value? 
 
Join us in this fireside chat, featuring Papi Menon, VP and Chief Product Officer, Outshift by Cisco and Melinda Marks, Practice Director, Application & Cloud Security, Enterprise Strategy Group, as they discuss: 

• The role of generative AI technology in bolstering cloud security
• GenAI’s ability to autonomously identify and address emerging threats in real-time
• How to enhance overall defense mechanisms in cloud security with generative AI technology

Leveraging GenAI for Cloud Security

As we kick off 2024, join David Terrar, CEO of Cloud Industry Forum and guests for episode 47 of Digital Transformation in Action, where they share trends and predictions for the cloud landscape in the coming year.

Driving Cloud Change in 2024: Trends to Know

"If there has been a single dominant topic of discussion in 2023, it has to be the rapid rise of generative AI. New developments in the technology have drawn mass attention and it seems like everyone is trying to figure out how best to deploy generative AI in their own organizations. This presents a great opportunity to optimize existing machine learning efforts and automate operations even further – but it also opens the door to dangerous gaps in governance. Without the right protocols, companies can become vulnerable to a host of problems, from data loss and increased attack surface area to copyright issues and misinformation. 

The technology is so new that many organizations won’t yet have clear policies in place around the use of generative AI. And while there are licensed, regulated generative AI tools available, many people are currently using the vast array of free apps that have not been scrutinized from a compliance standpoint. How can teams take advantage of these new opportunities created by generative AI, while maintaining their standards of security and governance? How can teams protect themselves from the risks of shadow IT and create clear governance policies?

Tune into this latest episode of CISO Insights to hear Dan Lohrmann, Earl Duby and guest experts discuss how to govern data and balance the dual threat and opportunity of generative AI.

Threat & Opportunity: Governing Data in the Age of Generative AI

Although multi cloud architecture empowers organizations with a flexible and resilient approach to cloud computing, there are various intricacies and challenges when it comes to multi cloud security. From managing the complexity of different clouds, to cloud skill gaps your organization desperately needs to fill, managing a multi cloud environment is difficult if you don’t have the right tools in place.

Join us in this webinar to explore the dynamic landscape of multi cloud security. We'll delve into the essence of safeguarding data, applications, and infrastructure distributed across your diverse cloud environments. You’ll also learn about:

•. How a multi cloud security solution can act as a central orchestrator for your business, offering comprehensive protection against cyber threats
•. The benefits of consistent security controls, centralized visibility, integrated security tools, and efficient incident response
•  Why strategic prioritization of attack paths and efficient remediation are vital for proactive vulnerability management across diverse cloud environments

Mastering Multi Cloud Security: Strategies and Solutions

Join David Terrar, CEO of Cloud Industry Forum and guests for episode 44 of Digital Transformation in Action, as they revisit cloud security - with a particular focus on security spend and risk management.

Revisiting Cloud Security: Managing Spend and Risk

After the success and interest in our first cyber myth busting episode, we’re bringing a second instalment to this topic - answering your hot questions, and diving into common cyber misconceptions.

In this special episode of The (Security) Balancing Act, Diana Kelley and cyber experts will sit down, and deep dive into the common cyber myths.

 What misconceptions drive you crazy? Bring your best myths and join Diana Kelley and guests as we decipher common cyber myths in a bid to clear up the confusion.

Blasting Cyber Myths: Part Two

Cybersecurity is so often focused on securing enterprise infrastructures from external threats – for good reason. Cyber attacks are always evolving alongside security protocols, so organizations must stay vigilant. Yet when so many resources are devoted to protecting operations from the outside, it is easy to leave yourself at risk of another kind of attack: insider threats. In fact, a 2023 study from Cybersecurity Insiders found that 74% of organizations are at least moderately vulnerable to insider threats.

Insider threats require an entirely different security approach, especially as they bring up an entirely new problem: accidental or unintentional threats. Not all internal damage is done maliciously, with many incidences tied more to human error than criminal intent. The Ponemon’s Institute’s “2022 Cost of Insider Threats Global Report” found that over half of insider threats (56%) came from employee or contractor negligence. Creating an internally secure environment for your organization therefore requires a multi-pronged strategy that can protect against both intentional and unintentional attacks.

In this episode of CISO Insights, series hosts Dan Lohrmann and Earl Duby will be joined by security experts to break down what it takes to tackle insider threats.

From Inside the House: Tackling Intentional & Unintentional Insider Threats

As more organizations adopt microservices, containers, Kubernetes, and serverless architectures, the complexity of their IT environments continues to grow, creating an expanded attack surface. Given the dynamic and complex nature of cloud-native environments, how confident are you in your development and security teams' ability to identify and prioritize the most significant security risks and remediate vulnerabilities in a timely manner to reduce the risk of a security breach? 
 
To secure cloud-native applications, organizations use multiple tools from different vendors. However, these tools are often not developer-friendly, creating a fragmented view of risk. This results in an excessive number of alerts that can waste developers' time and delay remediation efforts.
 
Join this fireside chat to learn why you need an end-to-end cloud application security solution in today’s dynamic and complex multi-cloud environment. And why it’s essential to address the most significant risks first, reducing the risk of a breach and saving valuable time and resources when time is of the essence.
 
Key takeaways:
 
• Improve Visibility: Gain real-time insights into security issues across cloud assets to reduce compliance violations and expedite deployment of cloud-native apps.
• Contextualize Risks: Prioritize vulnerabilities that can have the most significant impact on cloud apps.
• Enable Security through Collaboration: Prioritize vulnerabilities through collaboration among teams to develop effective remediation plans.

How to Prioritize Critical Vulnerabilities to Protect Your Cloud Applications

Video: How to Prioritize Critical Vulnerabilities to Protect Cloud Applications

Context is critical as IT professionals are tasked with making sense of vulnerabilities in a cloud-native world. For example, vulnerabilities can happen at any point in the app development cycle (CNAPP), and security pros are staring down the tunnel of information overload with unceasing alerts.

With so much on their plates, how can these pros dial into the security vulnerabilities that are a must-tackle and protect their cloud-native environments?

ESG Senior Analyst Melinda Marks sits down with Papi Menon, VP of Product Management, Emerging Technologies & Incubation at Cisco Panoptica, to discuss this topic and explain:

•        Context is critical: why does vulnerability matter?
•        How Cisco’s Panoptica helps secure your cloud journey
•        Why a trusted partner like Cisco matters in your cloud security

Context is Critical: Making Sense of Vulnerabilities in a Cloud-Native World

The Global Cloud-native Application Protection Platform (CNAPP) Market size is expected to reach $21.2 billion by 2028, rising at a market growth of 18.6% CAGR. Adopting cloud-native architectures can significantly reduce IT costs, improve operational efficiency, and increase development speed and agility—although, they also introduce security risks, such as vulnerabilities in containers, microservices, and APIs. 

Implementing the proper security measures in this context requires a cloud-native security approach, in which solutions are purpose-built for cloud environments and can leverage automation and machine learning to detect and respond to security threats in real-time. 

Watch this exclusive Fireside Chat with experts from Cisco and BrightTALK to discover the key to unlocking cloud-native application modernization in today’s sprawling environments, alongside a discussion on how to formulate a cloud-native app security protection plan.

Unlocking Business Potential with Cloud-Native Application Modernization

Panoptica's dashboard makes it easy for security engineers to figure what risks to deal with by highlighting them based on pods, APIs, and serverless functions, and the miTRE Attack framework. This video gives you a complete overview of the Panoptica dashboard.

How to: Use the Panoptica Dashboard

Panoptica's API Security dashboard presents a prioritized list of the top six security risk findings identified in your cloud environments. This video shows how Panoptica helps you drill down into advanced API risk assessments.

How to: Identify API Risks in Your Cloud-Native Environments

Panoptica gives you visibility into all the functions deployed in your cloud accounts. This video shows you how Panoptica inspects your Serverless runtime environment for risks, vulnerabilities, and leakage of secrets.

How to: Visibility Assessment & Remediation of Risks in Serverless Environments

Panoptica's assessment information comes from its runtime scans and CI?CD pipeline events. This video shows you how Panoptica provides a complete inventory of your cluster and the workloads it is running.

How to: Get a Comprehensive View of K8 Clusters and Running Workloads

Obtaining a comprehensive inventory of your runtime environment in Panoptica starts with onboarding your Kubernetes cluster. This video provides a step-by-step tutorial of how to set up Panoptica for a standard cluster deployment or a more advanced deployment.

How to: Set Up a Cluster in Panoptica

Join Helen Beal, Chief Ambassador at DevOps Institute and guests for episode 35 of Day-to-Day DevOps, where they discuss all things GitOps.

This discussion will explore:

- GitOps as an operations model and how it accelerates software delivery
- GitOps vs DevOps
- The role of GitOps in a DevSecOps world
- How GitOps is evolving secure development, API security and CI/CD pipeline security
- And more

Gaining Insight Into GitOps

As data collection and analysis become increasingly central to business, research, and governance, protecting sensitive information is more crucial than ever. This session will examine the privacy, ethical, and security challenges involved in analyzing sensitive data such as personal health records, financial information, and other confidential datasets. 

Key questions to be addressed include: 
- How can sensitive data be ethically and responsibly analyzed while still protecting individual privacy? 
- What technical and policy safeguards are essential when working with sensitive data? 
- How can risks related to re-identification, unauthorized access, and data leakage be mitigated? 
 
This talk presented industry thought leader Donald Farmer will review best practices and frameworks for enabling secure and ethical data analysis across various industries and applications. Expert perspectives on navigating emerging regulations, managing tradeoffs, and aligning analytical objectives with privacy values will be discussed. Attendees will gain critical insights into analyzing sensitive data securely while upholding public trust and mitigating risks.

Analyzing Sensitive Data: Privacy, Ethics, and Security Considerations

The US data privacy laws in the US are shifting from a "harms-prevention-based" approach to a "rights-based approach exemplified by the European Union's General Data Protection Regulation (GDPR). Following California's lead, four other states, including Colorado, Connecticut, Utah, and Virginia, will begin enforcing new GDPR-inspired statutes in 2023. The shift in the philosophical framework will have profound implications for data privacy protection.

The US has historically allowed businesses and institutions to collect personal information without consent while regulating those uses to prevent or mitigate harm in specific sectors. The EU, on the other hand, has long pursued a rights-based regime for protecting personal information, which holds that data privacy is a fundamental human right. This has roots in Europe's history of suffering through the infamous data collection of the Nazis and the similar collection of data by the formerly communist East Germany's secret police. The GDPR, which became enforceable in 2018, codified several key principles reflecting the Europeans' human rights philosophy. The new laws will be applicable to specific industries and types of institutions and will impose restrictions on industries and institutions regarding their handling of personal information. More states are likely to follow the GDPR in the coming years.

This webinar entails to:
- Introduce the market drivers of the US privacy laws industry and their roles.
- Illustrate the shift in the philosophy underlying data privacy laws in the US.
- Comparison of the US "harms-prevention-based" approach vs the European Union's approach is more rights-based.
- Summary of the EU ‘s General Data Protection Regulation (GDPR), which became enforceable in 2018.
- Understanding how the principles reflected in the new data privacy framework will have profound implications in the years to come.

The New Era of Data Privacy Laws

Companies need to understand “wicked” problems, and the best way to navigate the organization during periods of uncertainty.

Companies should ask themselves how speedy their response be to a data security incident, when escalating to the senior leadership team, more so when it is an extortion and/or ransomware attack that involves critical data sets.

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the crisis management options for those scary technology moments for when super speedy decisions are needed (or are they)?

By the end of the session, you will be able to:
- Be aware of data security incident management processes and procedures. 
- Form an understanding of the need for having a plan (runbooks/playbooks) and agreed crisis escalation process.
- Be conversant with a joined-up thinking approach when reviewing technology incident management that is “fit-for-purpose”.

Data Security Incident Management: What Keeps You Awake At Night? Part 3

In IDC’s recent survey (Data Loss Prevention Survey, sponsored by Forcepoint, October 2023), 80% of customers indicated they are synching their DLP policies across endpoint, cloud applications (CASB), and web traffic (SWG) but they find it extremely time consuming and resource intensive. Given the option, even more (85%) would choose a single DLP solution that they could manage across endpoint, CASB, and SWG channels.

In this webinar, Frank Dickson, IDC Group Vice President and Jim Fulton, Vice President, Product Marketing show how 31% productivity gains can be achieved as well as cost and time savings by moving to a single DLP solution across endpoint, cloud, and web applications.

Join this session to learn how Forcepoint can solve this problem for you with Data Security Everywhere.

1: IDC’s recent survey (Data Loss Prevention Survey, sponsored by Forcepoint, October 2023, US51335023

Unified DLP Revolution: IDC Unveils Game-Changing Solutions

Data, your most important asset, is growing at a breakneck pace and must be accessible to be useful in today’s business. How do we enable agility and innovation while enabling the necessary security controls? Gaining visibility into your data, where it resides, and who has access can help you proactively limit the scope and impact of a cyber attack. Join our industry experts as they discuss strategies and best practices for a proactive approach to data security.

Make sure to take a look at the attachments as well - we've added extra learnings on how to optimise data protection and provided you with additional resources to help set you up for success.

Strategies and Best Practices for Proactive Data Security

Join the BrightTALK Summits webinar addressing Data Security Risks and Challenges!

Say farewell to the era of weak passwords vulnerable to modern threats. Safeguarding your Active Directory necessitates a robust password policy. Native Windows tools often fall short in tackling today's security challenges and complex compliance requirements. The struggle is real, isn't it?

Introducing the game-changers: Netwrix Password Policy Enforcer and Netwrix Password Secure. Brace yourself for password enforcement that's not only powerful but also incredibly user-friendly. Bid farewell to the headaches and embrace rock-solid security. Your Active Directory will thank you!

Watch this session to discover how to:

- Set up a robust and user-friendly password policy for your Active Directory.
- Prevent the use of weak passwords by customizing dictionaries and cross-referencing against the HIBP database of compromised passwords.
- Simplify password compliance with pre-defined policy templates.
- Enforce the generation of passwords that meet policy requirements.
- Ensure secure password sharing among your employees.

Securing Your Active Directory: The Power of a Resilient Password Policy

The International Standards Organization’s ISO 27701 privacy information management standard is a framework that covers both security and privacy compliance aspects of various privacy regulations around the world. As a certified ISO 27701 Lead Auditor, Ralph Villanueva is more than happy to help the audience and their organizations resolve their data privacy risks and issues by pointing out how to use this very useful framework. 

Tune into this informative talk to learn the benefits of this new frameworks and how to make the best use of it. Even better, this framework will make enterprise-wide privacy compliance more cost effective across geographic locations, and add more value to the audience’s privacy work within the company as well.

How to Leverage ISO 27701 to Fulfill Data Privacy and Compliance Requirements

Staying ahead in the dynamic landscape of data privacy and compliance is not just a necessity but a strategic advantage in order to stay compliant and gain trust from your customers. As we approach 2024, several key trends are emerging that will reshape your understanding of and methodology to these crucial areas. 

Our live talk, on December 5 at 2 pm ET, led by Gary Brickhouse, CISO along with Dan Mengel, Practice Director, Compliance and Jason Eddinger, Senior Security Consultant, Data Privacy will discuss these pivotal shifts that will significantly impact your strategy heading into 2024.

Register today.

Navigating Compliance and Data Privacy Trends Into 2024

There is no shortage of privacy laws and regulations. We keep hearing that the latest privacy laws “will change everything”, but have they made a real difference? This session proposes an alternative approach. Privacy can be treated as an attribute of personally identifiable information and can be managed using data management techniques. Rather than building privacy programs on compliance with laws, it may be more productive to manage the data itself.  

Key takeaways include:
1.      Why and how data privacy has been managed in recent years.
2.      How the compliance-based approach to privacy has shaped organizational approaches to the issue.
3.      How data management principles can offer a different, and perhaps better, way for managing privacy.
4.      How a data management approach would alter organizational structures.

Have We Been Doing Data Privacy The Right Way?

With the explosion in AI, organizations need to be mindful of the security risks that this cutting-edge technology can bring. Rob Van de Veer, Senior Security Director and Trusted EU Advisor, shares how to implement rigorous security protocols in the world of AI engineering, AI lifecycle management, AI models, and privacy controls.

A.I. Security | A strategic guide to implementing security and risk controls

In an era where artificial intelligence (AI) is transforming industries and reshaping the way we live and work, striking the delicate balance between innovation and data privacy compliance is paramount. This session delves into the evolving landscape of AI, discussing how businesses can harness its power while safeguarding sensitive data and adhering to privacy regulations. Explore the challenges, ethical considerations, and strategies that are shaping the future of AI in a privacy-conscious world.

In this session, you will: 
1. Recognize how AI is reshaping industries and business operations, presenting exciting opportunities for innovation.
2. Understand the increasing concern regarding data privacy as AI systems rely on vast amounts of personal and sensitive information.
3. Gain insights into navigating the complex regulatory landscape, including GDPR and CCPA, to ensure compliance in AI projects. 
4. Explore ethical concerns such as bias, fairness, and transparency in AI development and their intersection with data privacy.
5. Learn about strategies and best practices for maintaining a balance between AI innovation and data privacy, building trust with consumers, and staying compliant.

Data Privacy and the Future of AI: Balancing Innovation and Compliance

Data Security Risks and Challenges

The difficulties of securing data in cloud-native applications are many, for example:
• There exists a proliferation of data islands, complicating the creation of a unified cloud security view;
• As microservices are created, evolved, and removed, those islands can remain unused—yet still pose a risk to you;
• Propagation and caching of sensitive data between microservices can result in compliance blindness.

That’s not to mention the variety of data storage formats with which IT pros must contend and protect (such as file, object, block, and SQL). Let’s hit the reset button, shall we?

Join us in this Fireside Chat at the Data Security Risks and Challenges BrightTALK Summit to discover 5 principles—based on the basics—with which you can improve cloud-native app security and to see how CNAPP solutions are making a real difference. Tim Miller, Technical Marketing Engineer at Outshift by Cisco joins the discussion with Enterprise Strategy Group analysts.

Securing Your Data in a Cloud-Native Application World

Cloud Applications

Application Security

Web Application Security

Cloud Native

Cloud Visability

Cloud Storage

Cloud Security

Cloud Compliance

Cloud Data

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Securing Your Data in a Cloud-Native Application World

Presented by

About this talk

Cisco – Panoptica