Privacy vs. Security: Balancing Vulnerability Awareness & Incident Prevention

The Cloud Data Management Interface (CDMI™) International Standard is intended for application developers who are implementing cloud storage systems, and who are developing applications to manage and consume cloud storage. It documents how to access cloud storage namespaces and how to manage the data stored in these namespaces. In this webcast we’ll provide an overview of the CDMI standard and cover CDMI 2.0:

•Support for encrypted objects
•Delegated access control
•General clarifications
•Errata contributed by vendors implementing the CDMI standard

Earlier this year many companies experienced an incredible shift to fully remote work almost overnight, in response to the COVID-19 pandemic. This accelerated the “digital transformation” journey for many companies compressing what was a multi-year timeline into a few months and making 2020 different than any other previous year. In this episode we’ll explore how the balance between security, privacy and productivity was tipped this year, and what can we expect to see in 2021 as some, but not all, organizations head back to office work with a post-pandemic mindset.

The audience will hear from CISOs and Security Directors about how this year was different, what they're going to do differently going forward, and what they expect (or have already seen) as organizations get back to pre-COVID levels.

Topics covered:
- 2020 in review
- The hard lesson that a mobile workforce is not the same as a remote workforce
- How the attack surface expanded and what CISOs are doing to ensure risk doesn’t expand too
- How digital transformation sped up and what they meant for security, privacy and productivity
- During the speedy journey to the cloud - what mistakes were made?
- Lessons learned that will be carried forward for security teams
- What CISOs are doing to prepare for whatever 2021 may bring

Panelists:
- Mark Weatherford, Chief Strategy Officer and Board Member, National Cybersecurity Center
- Ted Harrington, Executive Partner, Independent Security Evaluators [ISE]

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Many organizations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk.

Today, data in the public cloud is often encrypted at rest in storage and in transit across the network, but not while in use in memory. Organizations that handle sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to mitigate threats that target the confidentiality and integrity of either the application or the data in system memory.

In this webinar, experts from the Confidential Computing Consortium (CCC) will define confidential computing, discuss how businesses are using Confidential Computing to protect against data breaches today, and review the ecosystem of solutions and open-source projects available to enable applications to make use of Confidential Computing.

Key topics covered in the webinar include:
● The Confidential Computing definition and comparison to related technologies
● Key properties of Trusted Execution Environments (TEEs) to look for
● Threats mitigated by Confidential Computing technologies
● Utilization paradigms: using application SDKs vs. runtime deployment systems
● The ecosystem available to support Confidential Computing application development
● Common real-world use cases for Confidential Computing


Seth Knox, VP of Marketing, Fortanix (Outreach Chair) (Linkedin https://www.linkedin.com/in/sethknox/, twitter @seth_knox)
Nelly Porter, Lead Product Manager, Google
Dave Thaler, Software Architect, Microsoft (TAC Chair)
Mike Bursell, Chief Security Architect, Red Hat
Aeva Black, Open Source Program Manager, Microsoft

We all know that consumer and businesses are dramatically increasing the consumption of cloud based Information Technologies; either infrastructure, applications, services or even cybersecurity. The move to a cloud-based IT is unstoppable, with another wave of changes coming as 5G becomes more of an actual reality. While we have a new slew of acronyms and technologies coming our way (XDR, NDR, SaSe, etc) many companies struggle to address cloud from a cybersecurity perspective. In this webinar we will address key elements to be taken into consideration:

- Full understanding on what cloud consumed IT means end to end, specially in the world of hybrid cloud
- Provide security for the cloud consumed infrastructure, applications and services
- Keeping a security posture that included traditional and cloud consumed IT. Key priorities and where to start
- Providing security from the cloud itself
- What is the role of the big cloud providers (aka AWS, Microsoft and Google) as they doubled down their efforts in cybersecurity
- Looking ahead. How will (true) 5G impact cloud cybersecurity as the underlying telecommunications industry undergoes a major shift

In a recent report, the Cloud Security Alliance (CSA) outlined the top 11 threats to cloud computing for 2020. Data breaches, misconfiguration and inadequate change control, a lack of cloud security architecture and strategy, and insufficient identity and access management were among the biggest security challenges for all industries operating in the cloud.

These issues are not unique to any particular industry, but fortunately, they have common solutions. It’s clear that protecting public cloud assets is key. COVID-19 pandemic was a major accelerant for organizations to quickly move forward with the migration of business infrastructure and applications to the cloud.

Cloud Controls and Breach Prevention are top of mind for IT leadership and team alike.

In this panel discussion, we’ll discuss the importance of cloud controls and breach protection during this accelerated move to the cloud

- What the C Suite Needs to Know about Cloud Security
- Why Cloud Security is not an IT problem, it’s a business problem
- The Revenue and Brand ROI of Preventing Data Breaches
- Real productivity results from correcting misconfiguration and inadequate change control
- The importance of building a cloud security architecture and strategy
- Why managing sufficient identity, credential, access, and key policies
- Cross Training and Upskilling your team


Moderated by: Jo Peterson, CEO & Co Founder, Clarify360

Dr. Anton Chuvakin, Head of Solution Strategy, Google Cloud
Ido Safruti, Co-founder and CTO of PerimeterX
Tina Gravel, Senior Vice President, Appgate
Charles Johnson, Cybersecurity Advocate, Anitian

As companies gain more cloud maturity, they learn that their 2 core security tool sets for on-premise infrastructure no longer apply. Additionally, they get the most value by changing their operating patterns. In this talk, we’ll talk about lessons learned in embracing cloud-native security practices, and discuss implications for changing tool sets around cloud security.

Adopting to Secure the Mobile Workforce

The shift to a widespread corporate mandate for employees to work from home has dynamically altered the threat landscape and how security applications and integrations are delivered. Data is more pervasive than ever. The expansive footprint of where data is accessed and stored, results in an ever evolving and growing attack surface.
Our disrupted social normal has created one of the most nourishing environments for adversaries to target with phishing attacks, ransomware, and vulnerability exploits. Nearly 70% of attacks originate from the endpoint due to insufficient visibility, policies, and controls around the mobile work force.

Are you implementing the proper defense in depth strategy with a Zero-Trust mindset to thwart attacks even at your weakest links? Digital sprawl has reached new heights in this new pandemic world and it’s important we focus on adapting to these new circumstances to keep our businesses safe and the outcomes they provide for social entitlement. Learn how your business can begin to work in a way to reduce operational strain of security and answer the question of how we can effectively secure our employees.
Attendees will learn the following:
1. Understand what your attack surface resembles in this current work from home climate.
2. Identify best practices that can help assess your current security posture and take actionable results to invoke change.
3. Which technologies can supplement your governance model to secure your business and employees.

Not a day goes by in the cybersecurity industry without hearing about a talent shortage, skills gap, and necessity for training. A recent survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) of cybersecurity professionals shows that 70 percent believe their organization has been impacted by the global cybersecurity skills shortage.
We spent time talking to a number of people from human resources, managers, vendors, universities and end-users to get their perspective on cybersecurity skills, type of roles, and overall business needs.

We discovered, it’s not just about skills gap, but also the communications gap between what employers think they are looking for and the talent that is available to them. During this discussion, dynamic experts from various organizations will share the following:

• The needs across the technology vendors and end-user organizations, the education variance, and how to accommodate for the requirements and demands across the entire industry.
• Most common type of roles to be fulfilled and the drivers behind the role types.
• How we can make security built into the fabric of our culture, no matter the organization.

Moderated by:
Leah McLean, Head of Business Development and Marketing, Cyber Future Foundation
https://www.linkedin.com/in/leahrmclean/

Panelists:
Malcolm Harkins, Chief Trust Officer, Cymatic
https://www.linkedin.com/in/malcolmharkins/
Mary Chaney, Esq, CISSP, CIPP/US
https://www.linkedin.com/in/marynchaney/
Diana Kelley – CTO and Founding Partner, SecurityCurve
https://www.linkedin.com/in/dianakelleysecuritycurve/
Ryan Clarque, Senior Manager, Global Cybersecurity at Levi Strauss & Co

There is a new wave of cognitive services based on video and image analytics, leveraging the latest in machine learning and deep learning. In this webcast, we will look at some of the benefits and factors driving this adoption, as well as explore compelling projects and required components for a successful video-based cognitive service. This includes some great work in the open source community to provide methods and frameworks, some standards that are being worked on to unify the ecosystem and allow interoperability with models and architectures. Finally, we’ll cover the data required to train such models, the data source and how it needs to be treated.

However, there are challenges in how we do this. Many archives were analog and tape based which doesn’t stand up well to mass ingestion or the back and forth of training algorithms. How can we start to define new architectures and leverage the right medium to make our archives accessible whilst still focusing on performance at the point of capture?

We will discuss:

•New and interesting use cases driving adoption of video analytics as a cognitive service
•Work in the open source arena on new frameworks and standards
•Modernizing archives to enable training and refinement at will
•Security and governance where personal identifiable information and privacy become a concern
•Plugging into the rest of the ecosystem to build rich, video centric experiences for operations staff and consumers

The 2020 elections in the U.S. have been historic in numerous ways. With more email-in voting than ever before and very close results for the U.S. President and Congressional races, there is plenty to discuss about security.

Was there voter fraud? Were the people, process and technology changes sufficient in states? How can we rebuild trust in elections? What is the future of voting in America?

Join us for this interactive discussion with audience Q/A.

This panel is part of the CISO Insights original series on BrightTALK with hosts Dan Lohrmann & Earl Duby. We encourage audience questions and participation.

Every day we see news of cyber-attacks. We get the impression that they may only be affecting
larger companies, but this is far from the truth. In fact, the statistics clearly show that smaller
companies are also being targeted. Cyber-attacks are not diminishing, and sadly whatever the size of
your company, you are a target in today’s connected world. But despite this, many businesses are
not prepared, technically or operationally to deal with the impact of cyber-attacks made against
them.

In this talk we look at the steps that all companies, small or large can take to mitigate and deal with
cyber-attacks, as well as incident response and the human elements that feature in an attack. We
also cover the key areas of cyber breach management and examine it from an attacker,
organisational and customer perspective, revealing the impact not only your organisation but to
others in your value chain.

The global security as a service market size is expected to grow from USD 11.1 billion in 2020 to USD 26.4 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 18.9% during that time period. Driven by a cloud-based delivery model, options abound for organizations in areas such as application security, data security, identity and access management, infrastructure protection and integrated risk management to name a few. These options include off the shelf security as a service products as well as those provided and managed by an MSSP.

In today’s session we’ll explore these 5 key points:
1. Security budgets and priorities in a post Covid-19 world
2. When to outsource
3. Selecting an MSSP
4. Tools, Tools and More Tools
5. Upskilling your team

2020 has seen many Cyber Attacks using the COVID-19 pandemic as the central theme. For most
part though these have been the same attacks that have existed since the last few years; just
the packaging was changed.

We expect the real cyber security repercussions of changes brought in by the COVID-19
pandemic to be felt in 2021. In this talk we explore what the repercussions might be and what we
can do to prepare and protect ourselves against them.

We will cover:
- Major Cyber Attack trends of 2020
- What can be expected to continue in 2021
- Potential repercussions of COVID-19 induced changes and new attack types in 2021

This session will focus on specific technical, legal and policy responses to ransomware attacks.

Join to learn more about:
* History of Ransomware
* Most common forms of Ransomware
* Costs of Ransomware and Mitigation
* Ransomware Insurance
* Ransomware prevention
* Ransomware training and education
* Legal Issues in Ransomware Payment (with October 2020 developments)
* Ransomware mitigation
* Threat intelligence and investigation in ransomware cases
* Ransomware inoculation
* Disaster recovery in ransomware