The Impact of Cloud on the Future of Web Application Security

The Cloud Data Management Interface (CDMI™) International Standard is intended for application developers who are implementing cloud storage systems, and who are developing applications to manage and consume cloud storage. It documents how to access cloud storage namespaces and how to manage the data stored in these namespaces. In this webcast we’ll provide an overview of the CDMI standard and cover CDMI 2.0:

•Support for encrypted objects
•Delegated access control
•General clarifications
•Errata contributed by vendors implementing the CDMI standard

Earlier this year many companies experienced an incredible shift to fully remote work almost overnight, in response to the COVID-19 pandemic. This accelerated the “digital transformation” journey for many companies compressing what was a multi-year timeline into a few months and making 2020 different than any other previous year. In this episode we’ll explore how the balance between security, privacy and productivity was tipped this year, and what can we expect to see in 2021 as some, but not all, organizations head back to office work with a post-pandemic mindset.

The audience will hear from CISOs and Security Directors about how this year was different, what they're going to do differently going forward, and what they expect (or have already seen) as organizations get back to pre-COVID levels.

Topics covered:
- 2020 in review
- The hard lesson that a mobile workforce is not the same as a remote workforce
- How the attack surface expanded and what CISOs are doing to ensure risk doesn’t expand too
- How digital transformation sped up and what they meant for security, privacy and productivity
- During the speedy journey to the cloud - what mistakes were made?
- Lessons learned that will be carried forward for security teams
- What CISOs are doing to prepare for whatever 2021 may bring

Panelists:
- Mark Weatherford, Chief Strategy Officer and Board Member, National Cybersecurity Center
- Ted Harrington, Executive Partner, Independent Security Evaluators [ISE]

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Many organizations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk.

Today, data in the public cloud is often encrypted at rest in storage and in transit across the network, but not while in use in memory. Organizations that handle sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to mitigate threats that target the confidentiality and integrity of either the application or the data in system memory.

In this webinar, experts from the Confidential Computing Consortium (CCC) will define confidential computing, discuss how businesses are using Confidential Computing to protect against data breaches today, and review the ecosystem of solutions and open-source projects available to enable applications to make use of Confidential Computing.

Key topics covered in the webinar include:
● The Confidential Computing definition and comparison to related technologies
● Key properties of Trusted Execution Environments (TEEs) to look for
● Threats mitigated by Confidential Computing technologies
● Utilization paradigms: using application SDKs vs. runtime deployment systems
● The ecosystem available to support Confidential Computing application development
● Common real-world use cases for Confidential Computing


Seth Knox, VP of Marketing, Fortanix (Outreach Chair) (Linkedin https://www.linkedin.com/in/sethknox/, twitter @seth_knox)
Nelly Porter, Lead Product Manager, Google
Dave Thaler, Software Architect, Microsoft (TAC Chair)
Mike Bursell, Chief Security Architect, Red Hat
Aeva Black, Open Source Program Manager, Microsoft

We all know that consumer and businesses are dramatically increasing the consumption of cloud based Information Technologies; either infrastructure, applications, services or even cybersecurity. The move to a cloud-based IT is unstoppable, with another wave of changes coming as 5G becomes more of an actual reality. While we have a new slew of acronyms and technologies coming our way (XDR, NDR, SaSe, etc) many companies struggle to address cloud from a cybersecurity perspective. In this webinar we will address key elements to be taken into consideration:

- Full understanding on what cloud consumed IT means end to end, specially in the world of hybrid cloud
- Provide security for the cloud consumed infrastructure, applications and services
- Keeping a security posture that included traditional and cloud consumed IT. Key priorities and where to start
- Providing security from the cloud itself
- What is the role of the big cloud providers (aka AWS, Microsoft and Google) as they doubled down their efforts in cybersecurity
- Looking ahead. How will (true) 5G impact cloud cybersecurity as the underlying telecommunications industry undergoes a major shift

In a recent report, the Cloud Security Alliance (CSA) outlined the top 11 threats to cloud computing for 2020. Data breaches, misconfiguration and inadequate change control, a lack of cloud security architecture and strategy, and insufficient identity and access management were among the biggest security challenges for all industries operating in the cloud.

These issues are not unique to any particular industry, but fortunately, they have common solutions. It’s clear that protecting public cloud assets is key. COVID-19 pandemic was a major accelerant for organizations to quickly move forward with the migration of business infrastructure and applications to the cloud.

Cloud Controls and Breach Prevention are top of mind for IT leadership and team alike.

In this panel discussion, we’ll discuss the importance of cloud controls and breach protection during this accelerated move to the cloud

- What the C Suite Needs to Know about Cloud Security
- Why Cloud Security is not an IT problem, it’s a business problem
- The Revenue and Brand ROI of Preventing Data Breaches
- Real productivity results from correcting misconfiguration and inadequate change control
- The importance of building a cloud security architecture and strategy
- Why managing sufficient identity, credential, access, and key policies
- Cross Training and Upskilling your team


Moderated by: Jo Peterson, CEO & Co Founder, Clarify360

Dr. Anton Chuvakin, Head of Solution Strategy, Google Cloud
Ido Safruti, Co-founder and CTO of PerimeterX
Tina Gravel, Senior Vice President, Appgate
Charles Johnson, Cybersecurity Advocate, Anitian

As companies gain more cloud maturity, they learn that their 2 core security tool sets for on-premise infrastructure no longer apply. Additionally, they get the most value by changing their operating patterns. In this talk, we’ll talk about lessons learned in embracing cloud-native security practices, and discuss implications for changing tool sets around cloud security.

Adopting to Secure the Mobile Workforce

The shift to a widespread corporate mandate for employees to work from home has dynamically altered the threat landscape and how security applications and integrations are delivered. Data is more pervasive than ever. The expansive footprint of where data is accessed and stored, results in an ever evolving and growing attack surface.
Our disrupted social normal has created one of the most nourishing environments for adversaries to target with phishing attacks, ransomware, and vulnerability exploits. Nearly 70% of attacks originate from the endpoint due to insufficient visibility, policies, and controls around the mobile work force.

Are you implementing the proper defense in depth strategy with a Zero-Trust mindset to thwart attacks even at your weakest links? Digital sprawl has reached new heights in this new pandemic world and it’s important we focus on adapting to these new circumstances to keep our businesses safe and the outcomes they provide for social entitlement. Learn how your business can begin to work in a way to reduce operational strain of security and answer the question of how we can effectively secure our employees.
Attendees will learn the following:
1. Understand what your attack surface resembles in this current work from home climate.
2. Identify best practices that can help assess your current security posture and take actionable results to invoke change.
3. Which technologies can supplement your governance model to secure your business and employees.

Not a day goes by in the cybersecurity industry without hearing about a talent shortage, skills gap, and necessity for training. A recent survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) of cybersecurity professionals shows that 70 percent believe their organization has been impacted by the global cybersecurity skills shortage.
We spent time talking to a number of people from human resources, managers, vendors, universities and end-users to get their perspective on cybersecurity skills, type of roles, and overall business needs.

We discovered, it’s not just about skills gap, but also the communications gap between what employers think they are looking for and the talent that is available to them. During this discussion, dynamic experts from various organizations will share the following:

• The needs across the technology vendors and end-user organizations, the education variance, and how to accommodate for the requirements and demands across the entire industry.
• Most common type of roles to be fulfilled and the drivers behind the role types.
• How we can make security built into the fabric of our culture, no matter the organization.

Moderated by:
Leah McLean, Head of Business Development and Marketing, Cyber Future Foundation
https://www.linkedin.com/in/leahrmclean/

Panelists:
Malcolm Harkins, Chief Trust Officer, Cymatic
https://www.linkedin.com/in/malcolmharkins/
Mary Chaney, Esq, CISSP, CIPP/US
https://www.linkedin.com/in/marynchaney/
Diana Kelley – CTO and Founding Partner, SecurityCurve
https://www.linkedin.com/in/dianakelleysecuritycurve/
Ryan Clarque, Senior Manager, Global Cybersecurity at Levi Strauss & Co

In the security and technology world, we rely so heavily on buzz words to explain our work that others feel like we are magicians working spells that they will never be able to do.

Saying, "Due to issues with our security posture, the APT manipulated a well-known CVE to breach our cloud-native-applications." Might as well be: "The Death Eaters were able to use a port key to enter our environment and effectively cast the Avada Kedavra spell."

Instead, we could say, "An attacker used a known flaw to gain access to our environment and brought down our servers."

In this session, we will come to understand that security for our cloud environments can be simple to understand, yes even for muggles. That is, if we focus on the root cause of all cyber attacks: unauthorized spells, wait, I mean unauthorized code.

There is a new wave of cognitive services based on video and image analytics, leveraging the latest in machine learning and deep learning. In this webcast, we will look at some of the benefits and factors driving this adoption, as well as explore compelling projects and required components for a successful video-based cognitive service. This includes some great work in the open source community to provide methods and frameworks, some standards that are being worked on to unify the ecosystem and allow interoperability with models and architectures. Finally, we’ll cover the data required to train such models, the data source and how it needs to be treated.

However, there are challenges in how we do this. Many archives were analog and tape based which doesn’t stand up well to mass ingestion or the back and forth of training algorithms. How can we start to define new architectures and leverage the right medium to make our archives accessible whilst still focusing on performance at the point of capture?

We will discuss:

•New and interesting use cases driving adoption of video analytics as a cognitive service
•Work in the open source arena on new frameworks and standards
•Modernizing archives to enable training and refinement at will
•Security and governance where personal identifiable information and privacy become a concern
•Plugging into the rest of the ecosystem to build rich, video centric experiences for operations staff and consumers