Hi [[ session.user.profile.firstName ]]

How the Cloud Breaks Application Security

No matter how you define "the Cloud," it's a disruptive delivery model when it comes to application security. Not only are the foundational layers dislodged, but the operational and support models need to change as well. This talk will cover how application security has become vital to the provider as well as the consumer, how security standards are evolving, and how a topological crisis is coming for network-based application security products.
Recorded Aug 12 2011 29 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Wendy Nather, Senior Analyst, The 451 Group
Presentation preview: How the Cloud Breaks Application Security

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Cyber Risk THIS! 6 Practices to Beat Hackers and Satisfy Regulators Mar 12 2020 3:00 pm UTC 60 mins
    Tony Pietrocola, President, Agile1
    Securing Cloud and SaaS

    Cyber attacks are growing daily, broadening in scope and the costs of a breach are skyrocketing. And here is the kicker, every industry from financial service to healthcare, to government to manufacturing are in the cross hairs. Even the great Warren Buffet recently said that every company is at risk.

    Yes, The Oracle of Omaha is talking tech!

    Cyber criminals have expanded every company’s attack surface by attacking networks, cloud, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers.

    This presentation will cover:
    - Cyber Risk Management
    - How to mitigate risk
    - Show real life case studies
    - Six best practices to explore for your business

    About the speaker:
    Tony Pietrocola is President of Agile1. Agile1 is an intelligence-driven CyberSOC protecting critical network infrastructures from cyber threats. Agile1’s CyberSOC technology is built on a proprietary Machine Learning engine, which analyzes end-point security data in real time allowing us to detect and respond to threats 24X7, before a breach proliferates.

    Tony serves on the board of EBO Group, Inc (acquired by Timken) and Metisentry and is a Board Member of Northern Ohio InfraGard Members Alliance. He holds a Bachelor of Science in Finance from the University of Toledo.
  • Creating Data Leadership through Cybersecurity choices Mar 12 2020 1:00 pm UTC 60 mins
    Dr. Alea Fairchild, Ecosysm360 and The Constantia Institute
    Cybersecurity monitoring is designed to complement, mirror and support your business operations. To create a data leadership position and innovation for your customers, the appropriate cybersecurity policies and solutions need to be in place that fit your specific business model. You need to be thoughtful about assembling a cybersecurity team configured to serve your specific company needs.

    We will discuss how companies are designing their data leadership strategies based on cybersecurity requirements, looking at their internal staffing, technology sourcing and selection of 3rd party providers. Infrastructure expert, Dr. Alea Fairchild will be sharing industry trends based on Ecosystm research findings on cybersecurity solution selection.

    Join this webinar to hear Alea, joined by a guest speaker from IBM Security, discuss how to profile your company’s cybersecurity requirements to seek out the best advisors, skill sets and MSSP solution providers to work with your own business model in a cyber secure manner.

    They will explore how organizations can develop a fit for purpose cybersecurity strategy that grows with them in resilience while meeting the challenge of maturing security programs to scale with their business.

    Key Takeaways:

    1. Guidelines to grow a data leadership strategy in a non-highly regulated business.
    2. Five essential questions to ask as you screen potential cybersecurity solution providers.
    3. Why cyber resiliency is a more logical goal than being cyber secure.

    Speaker:
    Dr. Alea Fairchild, Principle Advisor, Infrastructure & Cloud Enablement at Ecosystm360 and Director at The Constantia Institute sprl
  • Cyber Risk Management - How Effective is Your Program? Mar 12 2020 9:00 am UTC 60 mins
    Kojo Degraft Donkor CISSP, Cisco Systems – CX Americas
    Black hat actors continue to escalate the attack surfaces brought on by opportunities in emerging and matured technologies in Cloud, Internet of Things, Machine Learning, Artificial Intelligence. Several frameworks exist for managing Cyber Risks.

    This presentation will answer these questions:

    - How does your organization frame responses to these threats?
    - What approach works best for your organization?
    - What key elements make up an effective Cyber Risk Program?
    - Which of these elements should be top priority?
    - How dynamic is your Cyber Risk Management approach?
  • An ever-expanding IoT attack surface and what to do about it Mar 11 2020 5:00 pm UTC 60 mins
    Misha Nossik, Co-founder and CEO, Haystack Magic
    Common understanding of Internet of Things (IoT) includes smart devices, such as mobile phones, smart appliances, CPE networking devices and industrial sensors. However, the time is coming when dumb devices, such as tools, lab supplies, assembly parts, household items will join the IoT. If you are worried about IoT security now, imagine the scale and the magnitude of implications when the entire physical world gets included into the attack surface.

    In this presentation we will describe a practical use-case, illustrate the limitations of current methods and discuss the ways to address them.

    About the speaker:

    Misha Nossik is a serial entrepreneur and technology executive with over 25 years of experience in new product development for the Cloud, Cybersecurity and IoT sectors. He is a co-founder and CEO of Haystack Magic, an IoT SaaS for enterprise physical asset tracking.

    Previously, he was a co-founder, CTO and VP R&D of CloudLink, a cybersecurity startup acquired by EMC in 2015. Before that he was a founder and CEO of Thintropy, an early VDI vendor, which was acquired by SIMtone (f.k.a. XDS). He co-founded Solidum Systems, a network processor pioneer, acquired by IDT Inc. In 2001 he co-founded and chaired the Network Processing Forum. Misha has earned his MSc in Applied Mathematics at MIIT in Moscow. Misha is an avid skier and an active instrument-rated pilot.
  • Email Security and Cyber Resilience Strategy Mar 11 2020 3:00 pm UTC 60 mins
    Panelists to be announced
    The email threat landscape is constantly evolving. How are organizations staying up to date on all the email-based cyber threats?

    Join this panel of security experts and industry leaders as they discuss the latest trends in email security and how to prevent becoming the next news headline. Learn how to protect your organization from spam, malware, and phishing attacks.

    - Emerging trends in email attacks
    - Why email security is a key CISO priority in 2020
    - The human element of security
    - Solutions and best practices for protecting your organization
  • Mitigate Risk When Transitioning to the Cloud Mar 10 2020 9:00 pm UTC 60 mins
    Dr. Maxine Henry, President and Founder, Cyvient
    Companies are at risk when transitioning from traditional on-premise applications and infrastructure to cloud computing solutions.

    It is critical that security and compliance be addressed in the cloud environment. Failure to ensure appropriate security and address compliance requirements may ultimately result in higher risks, costs and potential loss of business. Highly regulated companies should take a comprehensive approach to data privacy, security and compliance before moving systems to the cloud. This includes:

    - Understanding the challenges of compliance on premise versus the cloud
    - What security standards should be adopted in the cloud
    - Demonstrating compliance: how to establish and maintain data privacy, security, and compliance in a cloud environment
  • Continuous Compliance for Cloud and Hybrid Cloud -- Real Time Security Mar 10 2020 6:00 pm UTC 60 mins
    Darrin Nowakowski, Director Client Services, Cyber Security, CGI
    Hybrid Cloud is the new normal for the modern Enterprise. Information Security departments have accepted that the perimeter is no longer defined by the network and that data protection is central to this new paradigm.

    Are software-defined data controls across clouds and data centers weaker than traditional perimeter defenses? Not necessarily. In some cases they are actually stronger.

    This talk is about the opportunities presented by today’s tools and how these apply to compliance. In particular how continuous compliance is now possible. We will also outline how this changes GRC processes and the role of security compliance in DevOps aka DevSecOps.

    Topics covered include:

    • What is Compliance and what should be included?
    • Compliance Frameworks and Standards.
    • What can we measure and test?
    • How to tie together hybrid cloud compliance
    • Access Controls, Infrastructure, Data and Policies
    • DevSecOps
    • Continuous Compliance

    About the speaker:
    Darrin Nowakowski has 25 years experience working in Cyber Security in Canada and internationally. He has extensive experience as both a practitioner and strategist with a focus on providing Security Architecture, Penetration Testing, Cloud, Web and Mobile Security as well as Executive Consultation, Security Program Development, Strategies and Roadmaps, Risk management and demonstrated leadership.
    As a founder and senior leader, President and CISO, for Star Circle Security, Darrin managed a consulting practice through strong client relationships in the Financial, Public, Telecommunications and Retail Sectors. Mr. Nowakowski is currently working as the Director for Client Services of the Greater Toronto Area Cyber Security Practice for CGI.
  • Cloud compliance in different countries, regions, languages — what is needed? Mar 10 2020 5:00 pm UTC 45 mins
    Juan Carlos Carrillo, Director, PwC
    Cloud compliance could be difficult if you are a multinational or in some cases if you have clients in different states, how can you address all the compliance requirements without losing your time redoing work, in this webinar we will describe the basic points you need to develop in order to be ready to comply with different regulations, audits or annual reviews.

    About the speaker:

    Juan Carlos Carrillo is a Security & Privacy professional with IT Management experience of more than 20 years in high tech industry. He has large expertise doing business with technology solutions to financial companies. Throughout Juan Carlos' career, he has developed extensive knowledge with software, hardware, consulting and professional services.

    Juan Carlos has a Masters in Finance graduated from ITESM in Mexico, a B.S. in Computer Systems Engineer from UVM in Mexico, He is certified as an Information Privacy Professional (CIPT), Certified as an Identity and Access Administrator (CIAM) and Certified in Cloud Security (CCSK).
  • CCPA Compliance Beyond Deadline Day Mar 10 2020 3:00 pm UTC 60 mins
    Guy Cohen | Lisa Hawke | Joanne Furtsch | Laura Koulet
    The California Consumer Privacy Act (CCPA) went into effect on January 1st 2020, yet there is still confusion and uncertainty regarding this data regulation, especially for businesses operating in a post-GDPR world.

    Are you familiar with the CCPA's privacy requirements? Is your organization ready for the most far-reaching data privacy regulation in the U.S. to date? 

    Join this panel of privacy experts for an interactive Q&A session to learn more about how CCPA will impact your organization, as well as dive into the main differences between CCPA and GDPR.
    - The CCPA privacy requirements- CCPA checklist beyond deadline day
    - Data mapping: how and why it is important for CCPA and GDPR
    - Data Subject Access Requests 
    - Other key similarities and differences between GDPR vs. CCPA
    - The future of privacy and compliance in 2020 and beyond

    Speakers:
    - Guy Cohen, Strategy and Policy Lead, Privitar
    - Lisa Hawke, VP Security and Compliance, Everlaw
    - Joanne Furtsch, Director, Deputy Data Governance Officer, TrustArc
    - Laura Koulet, Vice President, Head of Legal & Privacy, Tapad
  • Regulatory Red Flags to Look For When Buying or Selling Cloud Computing Services Mar 10 2020 1:00 pm UTC 60 mins
    Sanjay Anand (a.k.a. Mr. Sarbanes Oxley™), Chairperson of SOX, GRC, ESG Institutes™, Sarbanes Oxley Group™ LLC
    Suited to both buyers and sellers of cloud computing services, this webinar will cover some of the key regulatory aspects that are relevant in the specialized niche of cloud computing. We will first define what we mean by cloud computing, and then get into some of the specifics related to the rules and regulations surrounding it. In particular, we will focus on:

    - Responsibilities of buyers and sellers of cloud computing services
    - Rules and regulations that both parties must be aware of and adhere to
    - How to deal with and handle some of the common issues and challenges that often arise in such outsourcing arrangements/relationships
    - Roles, risks and responsibilities associated with cloud computing in small and large corporations
    - How to simplify and streamline compliance with regulations when outsourcing to cloud compliance service providers

    While it is impossible to cover every risk and regulation applicable to cloud compliance, participants in this talk will walk away with a fundamental understanding of some of the risks and challenges, as well as benefits, of cloud computing, and in particular will have a better understanding and frameworks to determine the extent (if at all) to which cloud computing is justifiable for specific functions/procedures within their organizations, with particular emphasis on the risks associated with non-compliance due to such things as: incomplete/unclear communication, incomplete/unclear understanding, incomplete/unclear due diligence, and incomplete/unclear oversight/audits.

    This will be generalized advice, and our goal will be to focus on understanding the general policies and principles associated with cloud compliance, and so we will address some of the broad regulatory issues and challenges using specific situations and regulations as illustrative examples.
  • Assurance in the Cloud Mar 10 2020 11:00 am UTC 60 mins
    Krishna Iyer, Director, PwC UK
    Cloud technology is revolutionising the way we work and communicate.This rapid advancement in technology has created sophisticated cyber threats. As the Cloud technology matures, so have the user expectations – there is an increased demand for trust and transparency.

    This session will look at how the technology revolution has led to increased regulation and how cloud service providers can use this opportunity to turn compliance into a competitive advantage.

    About the speaker:

    Krishna Iyer, Director, PwC UK - Krishna is a Director in the UK Assurance Practice, focussing on emerging technology assurance. Krishna is an active blogger and has written various thought leadership on cloud security and compliance in the cloud, including a paper on ‘the role of Internal audit in auditing cloud’ for the ICAEW.
  • 2020 Security Technology for the Multi-Cloud Mar 9 2020 3:00 pm UTC 60 mins
    Jeremy Snyder, DivvyCloud | Chris Romano, Mandiant | Sol Cates, Thales | Nathan Howe, ZScaler | Chris DeRamus, DivvyCloud
    Multi-cloud adoption is on the rise, but the challenge of securing organizations against cyber attacks remains.

    Discover the cost of data breaches in 2020, as well as the technologies CISOs are using for keeping track of their assets, assessing and managing cyber risk and mitigating threats against the enterprise.

    Join this Q&A panel of experts as they discuss:
    - CISO priorities in a multi-cloud environment
    - Biggest threats to the enterprise
    - How to assess and mitigate cyber risk
    - Technologies powering security
    - Best practices and recommendations for a more secure organization

    Speakers:
    Jeremy Snyder, VP of Business Development & Corporate Development, DivvyCloud (moderator)
    Christopher Romano, Senior Consultant, Mandiant
    Sol Cates, VP of Technical Strategy, Thales
    Nathan Howe, Director of Transformation Strategy, ZScaler
    Chris DeRamus, CTO, DivvyCloud
  • Securing Multicloud Environments Mar 9 2020 1:00 pm UTC 60 mins
    Neil Briscoe, Co-founder and CTO, Cloud Gateway
    Many enterprises are leveraging multicloud deployments to get the best-of-breed features from many different providers. Hybrid cloud and multicloud have brought capability to businesses to be able to cover all aspects of their IT needs. However, they have also brought complexity in security requirements.

    Usually, IT and security professionals mitigate any security concerns by creating a trust boundary between:

    - The cloud and the user accessing via the internet

    - The cloud and users accessing the enterprise network in hybrid architectures

    - What is being missed is inter-cloud security considerations, potential threats, disparate support teams and governance.

    In this webinar, Neil Briscoe will share real-life examples, highlighting potential issues and offering solutions for you to ensure your hybrid cloud and multicloud environments are fully secured.

    About the speaker:

    Neil Briscoe, co-founder and CTO at Cloud Gateway, has 20 years’ experience in IT, working across multiple sectors for leading companies including PepsiCo, Asda, Capita, Aviva and the Ministry of Justice where he was responsible for leading architecture and delivery.

    Neil focuses primarily on open source technologies, infrastructure automation, network architecture and design. As CTO at Cloud Gateway, he continues to drive product development through technical direction for existing, new and future problem spaces whilst leading innovation in the hybrid connectivity space, with the aim of enabling organisations of all sizes to harness the power and flexibility of hybrid cloud. His innovative approach to secure, hybrid networks has seen him earn the highest of industry recognised accolades.

    Neil is also a Cisco Certified Network Expert (CCIE), widely recognised as the hardest/highest network certification available in the market.
  • 2020 Election – Hacking The Vote Feb 24 2020 5:00 pm UTC 60 mins
    David Morris | Cameron Koffman | Tinatin Japaridze | Lance James
    The inaugural episode of the Election Hacking series will introduce the topic of who, how and why the upcoming 2020 election will be hacked.

    Join this interactive Q&A session to learn more about election hacking, its impact, the various stakeholders, and what if anything, can be done.

    Our unique panel of individuals will bring diverse perspectives to this topic.

    - Cameron Koffman, who, if elected, would be the youngest candidate since Theodore Roosevelt running for the NY State Assembly
    - Tinatin Japaridze, former United Nations correspondent for the Russian and Ukrainian media, with expertise in bi-lateral US-Russian relations on cyber security.
    - Lance James, CEO of Unit 221B and noted cyber security expert who has assisted various law enforcement and government agencies on some of the most highly publicized hacking investigations.

    Moderator: David Morris, Executive Director at Digital Risk Management Institute
  • Orchestrating Various Roles to Uplift Security at Acquisitions Recorded: Feb 19 2020 49 mins
    Ruchi Shah, Sr Security Engineering Manager at Google
    Security is becoming an integral part of the M&A decision making process. In this talk, we will discuss what Google Security worries about when we acquire or start a company and how different roles within the security organization work in synchronization to make the overall integration secure and successful.

    Ruchi is a Sr Security Engineering Manager at Google where she manages an organization whose mission is to secure Acquisitions and Alphabets. In her role, she leads security engineering and technical program management functions. Prior to joining Google, she spun up the Subsidiary Security Program at Amazon and managed the product roadmap for AWS Identity and Access Management and AWS Key Management services. Ruchi has worked at Deloitte and Touche LLP and Ernst and Young, where she helped clients implement security solutions ranging from Identity and Access Management (IAM), Security Information and Event Management (SIEM) to Network Security Products. She has over 13 years of experience in Security.
  • Good vs Bad Metrics Recorded: Feb 18 2020 31 mins
    Rhonda Bricco (UnitedHealth Group), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
    Security leaders are increasingly basing their decisions on metrics to justify spending, quantifying risk, and demonstrating value to the executive suite. This panel of leaders will discuss how they are awash in dashboards, charts, and KPIs of little to no value and what they’ve done to develop contextual, impactful, actionable metrics.
  • Social Engineering Threats to Enterprise Security Recorded: Feb 18 2020 58 mins
    Diana Kelley | Tyler Cohen Wood | Stephanie Carruthers | Samantha Davison
    Join us as we review social engineering tactics and attack methods. Learn about the latest trends in social engineering, the risk to your organization's cybersecurity and what steps to take to mitigate it.

    Viewers will learn more about:
    - How social engineers exploit human behavior
    - Most common types of social engineering attacks
    - New in phishing, baiting, tailgating and more
    - Managing access and insider threats

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
  • Threat Landscape 2020 – Expect the Unexpected Recorded: Feb 13 2020 61 mins
    Alex Holden, CISO Hold Security, LLC
    Security threats mutate and lately they are becoming more bold than ever. What is driving this pattern? We will examine new patterns in ransomware, phishing, and data exposures that are greatly affecting our security posture as well as provide better guidelines for mitigating these threats.
  • Biggest Cyber Threat: 3.5 M Unfilled Cyber Jobs Recorded: Feb 13 2020 45 mins
    Dr. V. N. Berlin, CAO,Mission Critical Institute & Mr. Rob Chubbuck, Sr, Cyber Systems. Engineer, CACI Intl.
    The biggest cyber threat is 3.5M unfilled cyber jobs. Without job-ready cyber talent employers cannot prevent or recover effectively from cyber breaches and compliance gaps. Without cyber talent, employers cannot benefit from their cyber technology investments. Learn tested strategies for mitigating the growing cyber talent gap with job-ready, certified cyber practitioners.

    Qualify for a full or partial scholarship. https://missioncriticalinstitute.org/cissp-exam-prep-bootcamp/

    -Claim your $1000 CISSP Coupon Code
    -Learn about 100% CISSP Exam Guarantee
  • [Earn CPE] Automating GRC to Increase Business Value Recorded: Feb 13 2020 76 mins
    Matt Kunkel, LogicGate; James Rice, Greenlight Technologies; Scott Bridgen, OneTrust; and Allan Liska, Recorded Future.
    GRC is neither a project nor a technology, but a corporate objective for improving governance through more-effective compliance and a better understanding of the impact of risk on business performance. GRC can vary dramatically depending on the businesses vertical market, and even further complexity can be found from one business unit to another. This complexity drives the need for different, highly specialized tools, which raises a huge set of cost, integration, and management issues.

    To address this challenge, many businesses are opting for an automated GRC (eGRC) solution, which aims to resolve the challenges associated with scattered and disconnected operational security processes through the centralization of data, alignment of processes and workflows, and clear enterprise-level visibility with trend and analysis metrics and reporting. The benefits of Automating GRC are substantial when businesses have a mature GRC program in place. Attend this expert CPE webinar to gain insights on:

    - Understanding the GRC Business Drivers.
    - Defining Your GRC Strategy.
    - Developing a GRC Roadmap that is aligned with the Mission, Value, and Strategic Agenda of Your Business.
    - Getting Leadership Support and Enabling Cross-Departmental Collaboration.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How the Cloud Breaks Application Security
  • Live at: Aug 12 2011 4:00 pm
  • Presented by: Wendy Nather, Senior Analyst, The 451 Group
  • From:
Your email has been sent.
or close