Hi [[ session.user.profile.firstName ]]

Cloud Security & Compliance: What has to be done?

This presentation will cover questions and provide guidelines around Data Privacy, Data Security and Compliance in addition to the technical delivery of Cloud Services. Andreas will also dive into the emerging security issues uncovered by the ENISA Cloud Computing Risk Assessment and other activities to address the concerns of the EuroCloud SaaS Audit Process and additional guidelines for supplier and customers in terms of legal and compliance issues.

Andrew Weiss has been in IT for 25 years. During that time he has managed several medium-sized IT companies in various countries and led IT projects for international corporations in the field of business process and workflow management.

Andreas is part of many industry steering groups with his expertise in SOA, B2B and e-commerce and currently is the director of “Group E-Business” at the German Association for the Internet Industry. In 2010, Andreas became Director of the newly established EuroCloud Deutschland and coordinates their activities for Germany within the pan European EuroCloud organization

EuroCloud Germany is an Association for the German Cloud Computing Industry and represents Germany in the pan-European EuroCloud network. EuroCloud Germany promotes the adoption and addresses the issues of cloud services for the German market. EuroCloud Germany has an open dialog with the European partners of the EuroCloud network to find global solutions and to lay the groundwork for international business relations.
Recorded Sep 9 2010 32 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Andreas Weiss, Director, EuroCloud Deutschland
Presentation preview: Cloud Security & Compliance: What has to be done?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Cover Your SaaS: Evaluating SaaS Vendors for Cyber Risk Dec 9 2020 10:00 pm UTC 45 mins
    Jimmy Benoit, Cyber Security Manager
    Many enterprise applications are shifting, if not already, to subscription (opex) models. This is largely in the form of vendors now offering Software as a Service (SaaS) to customers. Customers, in many cases, need no longer worry about maintaining the infrastructure necessary to host licensed software due to the widespread adoption of SaaS.

    Despite the numerous benefits SaaS offers, there are inherent cyber risks that need to be understood and considered. Customers transfer ownership of maintaining the infrastructure, platform, and software to the vendor, but this does not transfer the risk along with it.

    In this talk, we’ll take an in-depth look at the following topics and discuss best practices and recommendations:

    1. How SaaS may introduce additional cyber risk to your organization.
    2. Effective means to assess SaaS vendors for cyber risk to your organization.
    3. Common traps and oversights in SaaS vendor risk assessments.
  • A Whole New World: Compliance in the Cloud is No Magic Carpet Ride Dec 9 2020 8:00 pm UTC 45 mins
    Steve Horvath, VP of Strategy and Cloud, Telos Corporation
    Tackling IT security compliance can be a headache -- but when you add the cloud into the mix, there is an entirely new set of challenges at hand. Cloud compliance is an issue that many organizations are concerned with, so much so that almost nine in ten (86 percent) believe that compliance will be an issue for them when moving systems, applications and infrastructures to the cloud, according to recently released research from Telos Corporation. Additionally, a staggering 94 percent of respondents report that they face challenges with IT security compliance and/or privacy regulations in the cloud. With the sheer amount of companies making the transition to remote work, cloud versus on-premises or legacy infrastructure is rapidly becoming the norm. So how can organizations embrace cloud and overcome compliance concerns?

    This session will explore:

    - The costs of compliance and noncompliance in the cloud
    - The very real implications of audit fatigue and how the cloud exacerbates compliance concerns
    - Potential solutions to ease compliance challenges, especially in the cloud
  • Cloud Data Management & Interoperability: Why A CDMI Standard Matters Dec 9 2020 6:00 pm UTC 75 mins
    Mark Carlson, SNIA Technical Council Co-chair; Eric Hibbard, SNIA Security TWG Chair, Alex McDonald, SNIA CSTI Chair
    The Cloud Data Management Interface (CDMI™) International Standard is intended for application developers who are implementing cloud storage systems, and who are developing applications to manage and consume cloud storage. It documents how to access cloud storage namespaces and how to manage the data stored in these namespaces. In this webcast we’ll provide an overview of the CDMI standard and cover CDMI 2.0:

    •Support for encrypted objects
    •Delegated access control
    •General clarifications
    •Errata contributed by vendors implementing the CDMI standard
  • 2021 Readiness: Balancing Security in a Post-COVID World Dec 9 2020 5:00 pm UTC 60 mins
    Diana Kelley | Mark Weatherford | Ted Harrington | Amir Shaked
    Earlier this year many companies experienced an incredible shift to fully remote work almost overnight, in response to the COVID-19 pandemic. This accelerated the “digital transformation” journey for many companies compressing what was a multi-year timeline into a few months and making 2020 different than any other previous year. In this episode we’ll explore how the balance between security, privacy and productivity was tipped this year, and what can we expect to see in 2021 as some, but not all, organizations head back to office work with a post-pandemic mindset.

    The audience will hear from CISOs and Security Directors about how this year was different, what they're going to do differently going forward, and what they expect (or have already seen) as organizations get back to pre-COVID levels.

    Topics covered:
    - 2020 in review
    - The hard lesson that a mobile workforce is not the same as a remote workforce
    - How the attack surface expanded and what CISOs are doing to ensure risk doesn’t expand too
    - How digital transformation sped up and what they meant for security, privacy and productivity
    - During the speedy journey to the cloud - what mistakes were made?
    - Lessons learned that will be carried forward for security teams
    - What CISOs are doing to prepare for whatever 2021 may bring

    Panelists:
    - Mark Weatherford, Chief Strategy Officer and Board Member, National Cybersecurity Center
    - Amir Shaked - VP, R&D, PerimeterX
    - Ted Harrington, Executive Partner, Independent Security Evaluators [ISE]

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • To Trust, or Not to Trust the Cloud; That is Your Compliance and Risk Question Dec 9 2020 11:00 am UTC 45 mins
    Niamh Muldoon, Senior Director, Trust and Security, EMEA, OneLogin
    Many organizations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk.
  • Protecting Against Public Cloud Data Breaches Using Confidential Computing Dec 8 2020 10:00 pm UTC 60 mins
    Seth Knox, Fortanix | Nelly Porter, Google | Dave Thaler, Microsoft | Mike Bursell, Red Hat | Aeva Black, Microsoft
    Today, data in the public cloud is often encrypted at rest in storage and in transit across the network, but not while in use in memory. Organizations that handle sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to mitigate threats that target the confidentiality and integrity of either the application or the data in system memory.

    In this webinar, experts from the Confidential Computing Consortium (CCC) will define confidential computing, discuss how businesses are using Confidential Computing to protect against data breaches today, and review the ecosystem of solutions and open-source projects available to enable applications to make use of Confidential Computing.

    Key topics covered in the webinar include:
    ● The Confidential Computing definition and comparison to related technologies
    ● Key properties of Trusted Execution Environments (TEEs) to look for
    ● Threats mitigated by Confidential Computing technologies
    ● Utilization paradigms: using application SDKs vs. runtime deployment systems
    ● The ecosystem available to support Confidential Computing application development
    ● Common real-world use cases for Confidential Computing


    Seth Knox, VP of Marketing, Fortanix (Outreach Chair) (Linkedin https://www.linkedin.com/in/sethknox/, twitter @seth_knox)
    Nelly Porter, Lead Product Manager, Google
    Dave Thaler, Software Architect, Microsoft (TAC Chair)
    Mike Bursell, Chief Security Architect, Red Hat
    Aeva Black, Open Source Program Manager, Microsoft
  • Cloud adoption has changed gears; your security needs to do the same Dec 8 2020 6:00 pm UTC 60 mins
    Miguel Carrero, Siemplify, WireX | Himanshu Raval, CISCO
    We all know that consumer and businesses are dramatically increasing the consumption of cloud based Information Technologies; either infrastructure, applications, services or even cybersecurity. The move to a cloud-based IT is unstoppable, with another wave of changes coming as 5G becomes more of an actual reality. While we have a new slew of acronyms and technologies coming our way (XDR, NDR, SaSe, etc) many companies struggle to address cloud from a cybersecurity perspective. In this webinar we will address key elements to be taken into consideration:

    - Full understanding on what cloud consumed IT means end to end, specially in the world of hybrid cloud
    - Provide security for the cloud consumed infrastructure, applications and services
    - Keeping a security posture that included traditional and cloud consumed IT. Key priorities and where to start
    - Providing security from the cloud itself
    - What is the role of the big cloud providers (aka AWS, Microsoft and Google) as they doubled down their efforts in cybersecurity
    - Looking ahead. How will (true) 5G impact cloud cybersecurity as the underlying telecommunications industry undergoes a major shift


    Miguel Carrero, Cybersecurity Executive and Board Member, Siemplify, WireX
    Himanshu Raval, Director, Strategy and Growth of Cloud Security,CISCO.
  • [PANEL] Cloud Security Risks and Solutions Dec 8 2020 4:00 pm UTC 60 mins
    Clarify360 | PerimeterX | Google Cloud | Appgate | Anitian
    In a recent report, the Cloud Security Alliance (CSA) outlined the top 11 threats to cloud computing for 2020. Data breaches, misconfiguration and inadequate change control, a lack of cloud security architecture and strategy, and insufficient identity and access management were among the biggest security challenges for all industries operating in the cloud.

    These issues are not unique to any particular industry, but fortunately, they have common solutions. It’s clear that protecting public cloud assets is key. COVID-19 pandemic was a major accelerant for organizations to quickly move forward with the migration of business infrastructure and applications to the cloud.

    Cloud Controls and Breach Prevention are top of mind for IT leadership and team alike.

    In this panel discussion, we’ll discuss the importance of cloud controls and breach protection during this accelerated move to the cloud

    - What the C Suite Needs to Know about Cloud Security
    - Why Cloud Security is not an IT problem, it’s a business problem
    - The Revenue and Brand ROI of Preventing Data Breaches
    - Real productivity results from correcting misconfiguration and inadequate change control
    - The importance of building a cloud security architecture and strategy
    - Why managing sufficient identity, credential, access, and key policies
    - Cross Training and Upskilling your team


    Moderated by: Jo Peterson, CEO & Co Founder, Clarify360

    Dr. Anton Chuvakin, Head of Solution Strategy, Google Cloud
    Amir Shaked, VP R&D PerimeterX
    Tina Gravel, Senior Vice President, Appgate
    Charles Johnson, Cybersecurity Advocate, Anitian
  • Shifting to a holistic cloud security strategy Dec 8 2020 11:00 am UTC 45 mins
    Jeremy Snyder, VP Business/Corporate Development & International Strategy, Rapid7
    As companies gain more cloud maturity, they learn that their 2 core security tool sets for on-premise infrastructure no longer apply. Additionally, they get the most value by changing their operating patterns. In this talk, we’ll talk about lessons learned in embracing cloud-native security practices, and discuss implications for changing tool sets around cloud security.
  • The Corporate Dissolve of Centralized Security Dec 7 2020 11:00 pm UTC 45 mins
    Stan Golubchik, CEO and Founder, ContraForce
    Adopting to Secure the Mobile Workforce

    The shift to a widespread corporate mandate for employees to work from home has dynamically altered the threat landscape and how security applications and integrations are delivered. Data is more pervasive than ever. The expansive footprint of where data is accessed and stored, results in an ever evolving and growing attack surface.
    Our disrupted social normal has created one of the most nourishing environments for adversaries to target with phishing attacks, ransomware, and vulnerability exploits. Nearly 70% of attacks originate from the endpoint due to insufficient visibility, policies, and controls around the mobile work force.

    Are you implementing the proper defense in depth strategy with a Zero-Trust mindset to thwart attacks even at your weakest links? Digital sprawl has reached new heights in this new pandemic world and it’s important we focus on adapting to these new circumstances to keep our businesses safe and the outcomes they provide for social entitlement. Learn how your business can begin to work in a way to reduce operational strain of security and answer the question of how we can effectively secure our employees.
    Attendees will learn the following:
    1. Understand what your attack surface resembles in this current work from home climate.
    2. Identify best practices that can help assess your current security posture and take actionable results to invoke change.
    3. Which technologies can supplement your governance model to secure your business and employees.
  • Closing Cybersecurity Skills Gap with Customized Training and Untapped Talent Dec 7 2020 10:00 pm UTC 60 mins
    Leah McLean | Malcolm Harkins | Mary Chaney | Diana Kelley | Ryan Clarque
    Not a day goes by in the cybersecurity industry without hearing about a talent shortage, skills gap, and necessity for training. A recent survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) of cybersecurity professionals shows that 70 percent believe their organization has been impacted by the global cybersecurity skills shortage.
    We spent time talking to a number of people from human resources, managers, vendors, universities and end-users to get their perspective on cybersecurity skills, type of roles, and overall business needs.

    We discovered, it’s not just about skills gap, but also the communications gap between what employers think they are looking for and the talent that is available to them. During this discussion, dynamic experts from various organizations will share the following:

    • The needs across the technology vendors and end-user organizations, the education variance, and how to accommodate for the requirements and demands across the entire industry.
    • Most common type of roles to be fulfilled and the drivers behind the role types.
    • How we can make security built into the fabric of our culture, no matter the organization.

    Moderated by:
    Leah McLean, Head of Business Development and Marketing, Cyber Future Foundation
    https://www.linkedin.com/in/leahrmclean/

    Panelists:
    Malcolm Harkins, Chief Trust Officer, Cymatic
    https://www.linkedin.com/in/malcolmharkins/
    Mary Chaney, Esq, CISSP, CIPP/US
    https://www.linkedin.com/in/marynchaney/
    Diana Kelley – CTO and Founding Partner, SecurityCurve
    https://www.linkedin.com/in/dianakelleysecuritycurve/
    Ryan Clarque, Senior Manager, Global Cybersecurity at Levi Strauss & Co
  • A Muggles Guide to Security In The Cloud Dec 7 2020 1:00 pm UTC 45 mins
    Ell Marquez, Linux and Security Advocate, Intezer
    In the security and technology world, we rely so heavily on buzz words to explain our work that others feel like we are magicians working spells that they will never be able to do.

    Saying, "Due to issues with our security posture, the APT manipulated a well-known CVE to breach our cloud-native-applications." Might as well be: "The Death Eaters were able to use a port key to enter our environment and effectively cast the Avada Kedavra spell."

    Instead, we could say, "An attacker used a known flaw to gain access to our environment and brought down our servers."

    In this session, we will come to understand that security for our cloud environments can be simple to understand, yes even for muggles. That is, if we focus on the root cause of all cyber attacks: unauthorized spells, wait, I mean unauthorized code.
  • How Video Analytics is Changing the Way We Store Video Recorded: Dec 2 2020 54 mins
    Kevin Cone, Intel; Glyn Bowden, HPE; Jim Fister, The Decision Place
    There is a new wave of cognitive services based on video and image analytics, leveraging the latest in machine learning and deep learning. In this webcast, we will look at some of the benefits and factors driving this adoption, as well as explore compelling projects and required components for a successful video-based cognitive service. This includes some great work in the open source community to provide methods and frameworks, some standards that are being worked on to unify the ecosystem and allow interoperability with models and architectures. Finally, we’ll cover the data required to train such models, the data source and how it needs to be treated.

    However, there are challenges in how we do this. Many archives were analog and tape based which doesn’t stand up well to mass ingestion or the back and forth of training algorithms. How can we start to define new architectures and leverage the right medium to make our archives accessible whilst still focusing on performance at the point of capture?

    We will discuss:

    •New and interesting use cases driving adoption of video analytics as a cognitive service
    •Work in the open source arena on new frameworks and standards
    •Modernizing archives to enable training and refinement at will
    •Security and governance where personal identifiable information and privacy become a concern
    •Plugging into the rest of the ecosystem to build rich, video centric experiences for operations staff and consumers
  • Cybersecurity and Elections – Past, Present, and Future Recorded: Dec 1 2020 59 mins
    Dan Lohrmann | Earl Duby | Joseph Carson
    The 2020 elections in the U.S. have been historic in numerous ways. With more email-in voting than ever before and very close results for the U.S. President and Congressional races, there is plenty to discuss about security.

    Was there voter fraud? Were the people, process and technology changes sufficient in states? How can we rebuild trust in elections? What is the future of voting in America?

    Join us for this interactive discussion with audience Q/A.

    This panel is part of the CISO Insights original series on BrightTALK with hosts Dan Lohrmann & Earl Duby. We encourage audience questions and participation.
  • Data Breach – Tools and tips for managing a cyber attack Recorded: Nov 26 2020 45 mins
    Paul Benedek, Consultant Director, Excis Networks Ltd and Bernadette Tyson, Consultant Director, Excis Networks Ltd
    Every day we see news of cyber-attacks. We get the impression that they may only be affecting
    larger companies, but this is far from the truth. In fact, the statistics clearly show that smaller
    companies are also being targeted. Cyber-attacks are not diminishing, and sadly whatever the size of
    your company, you are a target in today’s connected world. But despite this, many businesses are
    not prepared, technically or operationally to deal with the impact of cyber-attacks made against
    them.

    In this talk we look at the steps that all companies, small or large can take to mitigate and deal with
    cyber-attacks, as well as incident response and the human elements that feature in an attack. We
    also cover the key areas of cyber breach management and examine it from an attacker,
    organisational and customer perspective, revealing the impact not only your organisation but to
    others in your value chain.
  • 5 Reasons CISOs are Turning to Security-as-a-Service Recorded: Nov 26 2020 61 mins
    Jo Peterson, Clarify 360; Dan Bowden, Sentara Healthcare; Tyler Cohen Wood, Private Consultant; Mark Lynd, NETSYNC
    The global security as a service market size is expected to grow from USD 11.1 billion in 2020 to USD 26.4 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 18.9% during that time period. Driven by a cloud-based delivery model, options abound for organizations in areas such as application security, data security, identity and access management, infrastructure protection and integrated risk management to name a few. These options include off the shelf security as a service products as well as those provided and managed by an MSSP.

    In today’s session we’ll explore these 5 key points:
    1. Security budgets and priorities in a post Covid-19 world
    2. When to outsource
    3. Selecting an MSSP
    4. Tools, Tools and More Tools
    5. Upskilling your team
  • Cyber Threats in 2021: Real impact of COVID on Cyber Security Recorded: Nov 26 2020 33 mins
    Himanshu Dubey, Director of Security Labs and Harshad Bhujbal, Technical Architect, Quick Heal Technologies Ltd.
    2020 has seen many Cyber Attacks using the COVID-19 pandemic as the central theme. For most
    part though these have been the same attacks that have existed since the last few years; just
    the packaging was changed.

    We expect the real cyber security repercussions of changes brought in by the COVID-19
    pandemic to be felt in 2021. In this talk we explore what the repercussions might be and what we
    can do to prepare and protect ourselves against them.

    We will cover:
    - Major Cyber Attack trends of 2020
    - What can be expected to continue in 2021
    - Potential repercussions of COVID-19 induced changes and new attack types in 2021
  • I've Been Hit By Ransomware: Now What? Recorded: Nov 26 2020 44 mins
    Mark D Rasch, Chief Legal Officer, Unit221B
    This session will focus on specific technical, legal and policy responses to ransomware attacks.

    Join to learn more about:
    * History of Ransomware
    * Most common forms of Ransomware
    * Costs of Ransomware and Mitigation
    * Ransomware Insurance
    * Ransomware prevention
    * Ransomware training and education
    * Legal Issues in Ransomware Payment (with October 2020 developments)
    * Ransomware mitigation
    * Threat intelligence and investigation in ransomware cases
    * Ransomware inoculation
    * Disaster recovery in ransomware
  • CYA Toolkit for CISOs Recorded: Nov 26 2020 45 mins
    Michael Brooks, vCISO, Abacode Inc
    Perhaps you are like the 200 CISOs who shared their insights in the security leaders report, which revealed that organizations are using 57 separate security tools with 27% claiming they’re running a staggering 76 or more security products.

    These tools aren’t necessarily making your organization less vulnerable. In fact, many organizations find that they’re often flying blind when it comes to security.

    Join this session to learn:
    • Valuable techniques to optimize your cyber spend and offer risk balanced, cost effective security solutions for your organization
    • Key insights into the decision-making process to gain better visibility and control over your assets, attack surface and cyber defense posture
    • How to clearly define the business requirements and control objectives that should be driving your solution options and purchasing decision that will drive the most attractive ROI for your business and stakeholders
  • Key Strategies to Reduce your Attack Surface in 2021 Recorded: Nov 26 2020 50 mins
    Sushila Nair, VP Security Services, Chief Digital Office and Brandon Swain, NTT DATA
    The year 2020 has accelerated organizations' digital transformations, particularly cloud migrations and the development of remote work capabilities. This rapid change has drastically altered the way that we work and consume data--creating exciting new paradigms, but also bringing new risks along with it. This session will analyze the security breaches that have occurred so far in 2020, and will discuss what defenses would have been vital for the prevention of these attacks. We’ll examine which security projects should be the “tip of the spear” in 2021 to help you reduce your attack surface, as well as look to the future to predict how the attack landscape may continue to change.

    Sushila Nair is on the board of the GWDC, the Greater Washington, D.C. Chapter of ISACA and plays an active role in supporting best practices and skills development within the cybersecurity community.

    Sushila has worked as a Chief Information Security Officer for ten years and has twenty years’ experience in computing infrastructure, business and security. Sushila has consulted in many diverse areas including telecommunications, risk analysis, credit card fraud, and has served as a legal expert witness. She has worked with the insurance industry in Europe and America on methods of underwriting e-risk insurance based on ISO27001.

    She has published numerous articles in the computing press on risk and security, and has spoken at Segurinfo, CACS, TechMentor, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Security & Compliance: What has to be done?
  • Live at: Sep 9 2010 7:00 am
  • Presented by: Andreas Weiss, Director, EuroCloud Deutschland
  • From:
Your email has been sent.
or close