Name: Build a Multi-cloud Strategy that Supports Governance and Compliance
Start: 2022-09-13T15:00:00Z
End: 2022-09-13T15:00:53.000Z
Location: BrightTALK
Rating: 5

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

The rapid growth of digital identities, evolving compliance demands and advanced cyber threats have made identity governance and administration (IGA) a critical priority for modern enterprises. Without a structured governance framework, organizations risk operational inefficiencies, data breaches and reputational harm. Issues like access sprawl and privilege misuse are no longer just IT concerns—they are pressing business challenges.

This session will explore how businesses can implement effective IGA strategies to manage identities, ensure compliance and mitigate risks. Learn how to align tools, policies and processes into a cohesive framework that supports enterprise-wide governance. Discover actionable steps to build a compelling business case, standardize global implementation and achieve quick wins that drive executive buy-in.

Join Vincent Amanyi, Founder of Boleaum Inc. to gain practical insights and proven strategies for enabling IGA success at scale.

Key Takeaways:
- Build a persuasive business case to secure board-level approval for IGA initiatives.
- Define a scalable implementation model for geographically dispersed organizations.
- Benchmark and strengthen your organization’s IGA foundation.
- Discover quick-win strategies to accelerate IGA adoption and demonstrate ROI.

Mastering Identity Governance: Strategies for Enterprise Success in 2026

Organizations excel at documenting incidents but fail catastrophically at remembering them. Between audits, hard-won lessons evaporate, cultural knowledge resets to zero and enterprises find themselves vulnerable to the same predictable risks that should have been eliminated months ago.

This session reframes security culture as a living control system where organizational memory becomes your strongest defense. Discover how to transform retrospectives into measurable feedback loops, quantify learning as risk reduction and embed institutional knowledge into governance frameworks that create compounding resilience rather than cyclical vulnerability.

Join Oksana Denesiuk, Senior Product Manager at Kaiser Permanente and ISSA Advisory Board Member, to explore proven methodologies for building unbreakable organizational memory.

Key Takeaways: 
- Track how lessons learned translate into behavioral change and improved security posture. 
- Build lasting organizational memory through structured post-incident processes that strengthen defenses over time.
- Measure how well your organization learns from incidents and translate that into reduced security risks.
- Transform retrospectives into measurable feedback loops that prevent incident recurrence. 
- Embed organizational knowledge into leadership and accountability models for sustained cultural transformation.

Transform Security Culture into Measurable Organizational Memory

Since technology cannot keep us completely protected, organizations must embrace a culture of cybersecurity to build true resilience. This cultural transformation is essential to safeguard against risks and ensure readiness to respond effectively when incidents occur.

This session explores how leading organizations are embedding cybersecurity into their values, attitudes, and practices. By fostering a culture of resilience, businesses can strengthen their ability to anticipate, adapt to, and recover from cyber threats. Learn why every manager has a pivotal role in shaping this culture and how to implement strategies that drive lasting change.

Join Dr. Keri Pearlson, Principal Research Scientist at MIT Sloan School of Management, to explore actionable steps for building a culture of cybersecurity that protects your organization and empowers your workforce.

Takeaways:
- Understand cyber resilience thinking and how it differs from traditional protection strategies.
- Discover key mechanisms for fostering an effective cybersecurity culture.
- Gain actionable insights for managers to enhance resilience at work and home.
- Learn from real-world examples of organizations successfully embedding cybersecurity into their culture.

Building Cyber Resilience Through Culture in 2026

Mergers and acquisitions create exponential cyber risk exposure, yet many organizations lack quantified risk frameworks to guide critical business decisions. As cyber threats evolve and regulatory scrutiny intensifies, executives need concrete data to balance growth opportunities against security investments.

Traditional risk assessments fail during rapid organizational change. This session reveals proven methodologies for translating cyber vulnerabilities into financial impact metrics that drive boardroom decisions. Learn to build communication frameworks that align security investments with business objectives while maintaining stakeholder confidence throughout complex organizational transitions.

Join Vincent Amanyi, Founder of Boleaum Inc, to explore actionable strategies for enterprise cyber risk quantification and communication.

Key Takeaways: 
- Develop risk appetite frameworks that identify, prioritize, and absorb organizational risks with minimal business disruption. 
- Master cyber risk quantification techniques that assign tangible dollar values to security threats across all business levels.
- Build structured communication models to effectively convey cyber risk criticality to diverse stakeholder groups. 
- Implement scalable cybersecurity benchmarking practices for growing organizations. 
- Create boardroom-ready risk reports that support strategic decision-making during M&A activities.

Quantify Cyber Risk Impact for Strategic M&A Growth

Breaches have become a daily reality. Dark web activities and emerging threat vectors outpace traditional defenses, creating blind spots that adversaries readily exploit. Without early warning systems, businesses remain vulnerable to sophisticated attacks that could have been prevented.

Effective Cyber Threat Intelligence (CTI) transforms raw intelligence into actionable insights that enable proactive defense strategies. This session demonstrates how to operationalize intelligence, map adversary tactics to business risks, and implement early warning systems that prevent breaches before they occur. Learn to distinguish signal from noise and convert threat intelligence into measurable risk reduction metrics that resonate with executive leadership.

Leverage Cyber Threat Intelligence for Proactive Risk Mitigation

Open-source software drives enterprise innovation, but unmanaged vulnerabilities create operational risks and regulatory exposure. As cyber threats evolve and compliance frameworks tighten, executives face mounting pressure to balance innovation speed with robust security governance.

Traditional approaches to OSS security often create friction between development teams and security requirements, leading to shadow IT practices and increased exposure. This session presents proven frameworks for integrating security into OSS workflows while maintaining developer productivity and meeting emerging regulatory demands like the EU Cyber Resilience Act.

Join Yesenia Yser, Security Engineer and Open-Source Advocate, to explore enterprise-grade strategies for OSS risk management.



Key Takeaways: 

Implement governance frameworks that protect OSS dependencies without slowing development
Create shared accountability between security, procurement, and engineering teams
Apply SLSA, SBOM, and OpenSSF standards to build enterprise-wide security trust
Balance regulatory requirements with collaborative open source community practices 
Turn OSS security management into a strategic business differentiator

Securing Open-Source Dependencies at Enterprise Scale

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Data security has entered a new era, one defined by AI-powered threats, expanding cloud ecosystems, and evolving global privacy regulations. 

This session presented by TD Bank's Pankul Chitrav explores the critical shifts reshaping how organisations must protect sensitive information in a boundaryless digital world. We will break down the top risks, the essential capabilities of modern security architectures, and the must-have tools for protecting data across endpoints, cloud platforms, and AI workflows. From zero trust to automated posture management and advanced data discovery, you’ll learn what’s required to stay ahead of adversaries and maintain compliance. Whether you’re modernising your security program or building one from the ground up, this talk equips you with the insights needed to create a future-ready data protection strategy for 2025 and beyond.

Future-Ready Data Protection: Securing Modern Data Ecosystems in an AI-Driven World

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

AI technologies are simultaneously completely transforming business operations and creating new security vulnerabilities that cannot be addressed by technical safeguards alone. When implementing AI-driven solutions, human oversight is the biggest differentiator between secure innovation and catastrophic data breaches. As such, human intervention is both the biggest vulnerability and most significant defense in organizational security architectures.

To address this challenge, IT leaders can build a security champions program—a network of engaged employees who understand AI-specific threats and serve as frontline defenders. This group bridges the gap between security teams and other business units. They spread security awareness throughout the organization while maintaining operational efficiency.

Join Vincent Amanyi to discover proven strategies for empowering a team of security champions who can help safeguard your organization's AI initiatives and digital assets.

Key Takeaways:

- Learn to assess AI-related security risks across all business functions
- Design a people-centric security strategy that combines technical controls and human intelligence
- Establish and structure an effective Security Champions Committee with clear roles and responsibilities

Fortifying the Human Firewall: Cultivating Security Champions in Today's AI Landscape

In today's threat landscape, where the average data breach costs organizations $9 million, your employees represent both your greatest vulnerability and your strongest defense. As AI-powered threats become more sophisticated and remote work expands the attack surface, traditional security awareness approaches are failing to create lasting behavioral change. The human element remains implicated in over 80% of breaches, yet most training programs still focus on compliance checkboxes rather than cultivating security champions.

Effective security awareness requires a strategic approach that addresses psychological barriers, leverages behavioral science and creates sustainable security habits. By reimagining how we engage employees—from executive leadership to frontline staff—organizations can transform their security culture from a perceived burden into a competitive advantage that measurably reduces incident rates and response times.

Join Ralph Villanueva, with 15+ years leading enterprise security awareness programs, to discover proven methodologies that transform employee behavior.

Key takeaways:

- Implement psychological triggers that convert passive training participants into active security defenders
- Design role-specific awareness programs that address the unique risks of different departments
- Measure training effectiveness beyond completion rates with behavior-based security metrics
- Secure executive buy-in by connecting awareness initiatives to tangible business outcomes
- Deploy just-in-time learning techniques that deliver training when employees are most receptive

Transforming Human Risk: 10 Battle-Tested Strategies for Modern Security Awareness

Organizations are investing heavily in advanced security tools. But the most critical—and vulnerable—component of cybersecurity defense is people. As AI-driven attacks and quantum-era risks emerge, the gap between technological capabilities and human cognitive readiness threatens to widen dramatically.

Security professionals face unprecedented pressure when responding to incidents. Even with robust detection and recovery tools, factors like stress, fatigue and decision paralysis can significantly increase recovery times and amplify damage. This presentation introduces an expanded MTTR formula incorporating the "Human Cognitive Factor"—a groundbreaking approach that addresses the psychological dimensions of security response that technology alone cannot solve.

Join Sandra Estok (Founder & CEO, Way2Protect) to discover why preparing employees will determine your organization's survival in the 2026 threatscape.

Key Takeaways:

- Master the expanded MTTR formula that quantifies how human cognitive factors impact recovery timelines
- Identify early warning signs of team cognitive impairment before they compromise your security posture
- Implement practical strategies to build psychological resilience and decision-making clarity under pressure
- Establish metrics that measure human performance alongside technical metrics for comprehensive security assessment
- Learn how leadership decisions about culture, team structure, and psychological safety directly influence threat response effectiveness

Strengthening Your Human Firewall: Closing Cognitive Security Gaps Before 2026

Tune into this webinar to learn winning strategies to understand the complex, multi-cloud environment. The University of Washington's Deveeshree Nayak will also introduce approaches to address the common threats present in the multi-cloud as well as the roles the multi-cloud serves in different industries. 

Viewers will come away from this presentation with a better understanding of:
- The overall view of a multi-cloud environment;
- The benefits of the multi-cloud;
- Approaches to address the threats associated with the multi-cloud across various industries.

The Benefits and Threats of the Multi-Cloud

Bocada’s recently published Backup Monitoring Trends Report highlighted the challenges impacting backup and data protection professionals today, and the key issues they anticipate managing in the future. The report’s themes illuminate the core hurdles backup operators transitioning to cloud or multi-cloud environments must plan for to not just meet, but exceed, data protection guidelines.  

In this session, we’ll review the report’s findings, and what they mean for building resilient backup environments for years to come. You will learn:

- The top issues impacting backup professionals as they migrate to cloud environments 
- Best practices for mitigating day-to-day cloud backup operations challenges 
- Trends impacting backup operations in 3-5 years 
- How to build backup protections to mitigate cloud security threats 

Speakers: 

James McDonnell has over ten years' experience working with complex backup environments. As Bocada’s Sr. Systems Engineer, James supports enterprise-scale organizations across the globe to implement automated backup operations and help them meet stringent regulatory guidelines.  

Laura Troyani is the Principal of PlanBeyond, a market research firm. Laura has spent years leading original research on behalf of IT clients and was the lead on building and fielding the survey for Bocada’s Backup Monitoring Trends Report.

Building Best-In-Class Multi-Cloud Backup Operations

According to Statista, a global market and consumer data provider, between 2021 and 2023, the percentage of organizations adopting a multi-cloud strategy will grow for midsize companies from 76% to 84%, and for large enterprises from 90% to 94%.

Cloud providers offer many security monitoring and threat detection options, but what if you subscribe to more than one? Adopting security monitoring tools from each provider can increase complexity and bring significant overhead to security operations teams. 

For years, security information and Event Management (SIEM) solutions have been collecting and consolidating data from multiple sources for centralized threat detection. Still, multi-cloud brings a new scenario with different data sources, higher volumes, and unknown threats. How does SIEM have to evolve to adapt to this new reality?

Join Augusto Barros, VP of Solutions and Cybersecurity evangelist, and Brian Robertson, Senior Product Marketing Manager at Securonix, to learn about:

· Why is it hard to perform security monitoring in a multi-cloud scenario?
· What are the limitations of traditional SIEMs to support multi-cloud needs?
· What do you need to look for in a new approach and architecture that enables the SIEM to be the right solution to detect threats in a multi-cloud world?
 
Speakers:
Augusto Barros was most recently the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

Brian Robertson has over 20 years of experience helping organizations solve critical application delivery, network, cloud, and security challenges working with industry leaders who not only are looking at the challenges of today but are looking at the horizon for the challenges of tomorrow.

SIEM: Threat Detection and Response for your Multi-cloud World

With so much noise about threats and the tool soup of solutions being marketed, where are security teams supposed to focus?

There are a bevy of solutions that enable visibility into endpoint and network centric metrics, but what about visibility into your applications, their connections, user interactions, and the network?

Applications are often overlooked. In reality, this accidental oversight makes your organization vulnerable. Visibility and understanding of your applications should be at the top of the list for security teams. So how do you get there?

Join TrueFort to understand how an application-centric visibility reduces your attack surface through: 

·    Live application behavioral mapping 
·    Proactive attack prevention 
·    Deep forensic timeline & playback 
·    Real-time detection and automated response

How Can You Protect What You Can't See?

Emerging cloud leaders are seeking industry collaboration, best practices, and insights on how to tame the thorny stems of multi-cloud security. Contending with technology, talent and governance challenges,  join NetApp's Jyoti Wadhwa, as she shares how leaders can deploy a proven approach to realize the promises of greater efficiency, lower cost, and real-time security of the cloud. 

For fellow security practitioners and leaders, she will address both strategic and operational aspects of multi-cloud security ranging on mission critical topics of migrating an organization’s on-premise data center capabilities to developing standardized architectures and leading enterprise-wide adoption. In her discussion, Jyoti will cover 5 leadership strategies to achieve multi-cloud security:
 
1. Disentangle the Tech.
2. Unify the Cloud Team.
3. Build your Experts.
4. Update Security Governance.
5. Effectively Communicate.

Top 5 Leadership Strategies for Multi-Cloud Security

Based on hands-on experiences from a large number of cloud application development projects, Karl has compiled a list of top 5 key security pitfalls that are common across all application types and team sizes. In this session, he will share what these security pitfalls are, why they matter, and how to mitigate them.

About the speaker:
Karl Ots is a cloud and cybersecurity expert, as well as international speaker and trainer, with a broad range of deep Azure expertise. He believes that secure cloud technologies are the key to successful digital transformation. He applies his passion as Head of Cloud Security at EPAM Systems. Karl has been working with Microsoft Azure since 2011 in a variety of forums ranging from large projects to speaking at largest tech conferences, such as Microsoft Ignite. Karl is a Microsoft Certified Trainer (MCT) and a Certified Information Systems Security Professional (CISSP). He is the author of Azure Security Handbook.

Top Public Cloud Security Fails and How to Avoid Them

In this session, the University of Washington's Deveeshree Nayak will cover why cloud security education is so vital. Additionally, this need for awareness spans all facets of educational and working life from K12 schools, universities and businesses across all different industries. 

Viewers will walk away from this presentation with a greater understanding of:
1. What is cloud security?
2. Why it is so important to understand how cloud security works?
3. How implementation and use of the cloud varies in different industries?
4. Why leaders should take the necessary time and energy to educate everyone on cloud and cloud security whether they are in schools, universities or companies.

The Importance of Cloud Security Education and Awareness

In this session, the University of Washington's Deveeshree Nayak will cover the best practices for conducting application security in the cloud as well as the common vulnerabilities cloud-based applications face.

Attendees will come away with knowledge of:
1. What is application security in the cloud?
2. The best practices for application security in the cloud?
3. How to identify the potential vulnerabilities facing application in the cloud and preventative measure to take.

Cloud Application Security: Best Practices and Vulnerabilities

Since the birth of the Internet, it has been missing a layer of identity protocols that define identifiers for people, organizations and things separate from an application, making identity and access management more and more complicated as enterprises are moving to a multi-cloud strategy and face advancing threats from attackers. 

In the presentation, Kaliya Young, widely known as the Identity Woman, is going to introduce some new and emerging Internet identity standards and technologies, e.g. W3C Verifiable Credentials, W3C Decentralized Identifiers, which can help enterprises improve application security significantly at multiple fronts:
• Identity and access management across multiple cloud environments; 
• Workforce and customer identity and access management; 
• Information/data security management.

Implementing Emerging Identity Standards for Better Application Security

One of the most transformative recent shifts within application development in a cloud context is the rise of IaC -- infrastructure as code technologies like Terraform and CloudFormation. As organizations make more use of IaC, it's important for security organizations to pay attention. Why? Because IaC changes the risk equation -- it introduces some new potential risks, and can help close some existing ones.  

This discussion aims to answer these questions:
• Why/how IaC requires thinking about security of assets a new way.
• Artifacts produced by IaC and how they can help us.
• Security “gotchas” and things to watch out for when changing to IaC.
• How you can tailor your security program in light of IaC.

Ed Moyle is currently Director of Software and Systems Security for Drake Software.  In his 20 years in information security, Ed has held numerous positions including: Director of Thought Leadership and Research for ISACA, Application Security Principal for Adaptive Biotechnologies, Senior Security Strategist with Savvis, Senior Manager with CTG, and Vice President and Information Security Officer for Merrill Lynch Investment Managers.  Ed is co-author of Cryptographic Libraries for Developers and Practical Cybersecurity Architecture, and a frequent contributor to the Information Security industry as author, public speaker, and analyst.

Better Security with IaC

Advanced Techniques and Common Pitfalls in Scaling Cloud Security

The specific challenges of securing an expansive multi-cloud or hybrid environment go far beyond the cloud-provider baselines and compliance best practices. Decision makers are moving beyond the legacy tool portfolio standards to address the need for a new approach to people, process, and technology strategy.

In this fireside chat, we’ll outline and then dive into the most salient and unique challenges for mature cloud sec teams, including a lack of visibility, the ephemeral nature of the cloud, and inflexible processes. Then we’ll discuss a few new approaches to address these challenges in your strategy immediately. Key elements of securing cloud environments (IaaS/PaaS and SaaS) across the major public cloud providers (AWS, GCP, Azure) and share critical insights on how modern defenders should be approaching the most salient challenges of cloud security, including:

 - Why cloud threats look different and how to model them
 - Addressing and eliminating the dreaded data silo
 - Operationalizing a “visibility first” strategy for security decision making

The ephemeral nature of misconfigurations and vulnerabilities in the cloud and how to manage them
Join Uptycs’ Director of Cloud Security and former AWS Head of ATO, Andre Rall with Director of Product Management and former Former RSA Product Executive and Security Expert Sudarsan Kannan for an in-depth chat. This will be a useful session for anyone building a cloud-native security program to support and enhance their organization’s growth and innovation.

Oops! Your Developer’s Laptop Is Connected to Your Cloud… What Now?

Web apps and APIs present a major risk for organizations of all sizes, according to the Verizon DBIR about two of every five breaches originate in a web app – and the problem is only growing. In most organizations, innovation pressures still outweigh security priorities. 
So what can AppSec professionals do in order to reduce their web attack surface? In this presentation, Invicti Security Chief Product Officer Sonali Shah dives into the top five AppSec risks that every organization should be aware of and provides best practices for securing cloud-based web apps and APIs.

Application Security Trends and Best Practices

95 percent of data breaches are cause by human errors, and with an average cost of a data breach globally being $3.92 million, it is not only a privacy concern but also very costly of an organization. More 50 percent of companies say that their IT departments are not sophisticated enough to handled advanced cyberattacks, but it doesn't have to be hard to probably secure your data.
In this talk we will show how Application-Layer encryption (ALE) can be applied easily to your data with a minimal amount of code changes, and ensure even authorized applications only have minimal access to the data using cryptographic principles and a role-based access control model. This means, that if you data is leaked, the attacked won't have access to your data.
All this can be implemented without fully sacrificing the advantages of a database, such as filtering.

Bio of the presenter: 
Kim has been working with computer science for 12 years, and has worked in the cyber security, telecommunications and finance industry. Today he is a cloud tech lead in CYBERCRYPT.

How to protect your data using Application Layer Encryption

As more organizations adopt multi-cloud strategies, security managers are increasingly challenged by how to protect web applications spread across multiple environments, while preserving consistency, quality of security and centralized visibility. 

The traditional approach to web application security no longer works in a multi-cloud world, and a new approach is needed.

Join us to discuss the new challenges of multi-cloud security and how to overcome them.

In this discussion you will learn:
• What are the security challenges of the multi-cloud
• Why traditional approaches and tools no longer work
• What are the requirements for multi-cloud security solutions
• How Radware helps organizations protect their web application in a multi-cloud world

Protecting Web Applications in a Multi-Cloud World

There was a time when applications were hosted on a traditional computing model. All hardware and software resided in-house. Companies maintained physical servers on-premises in a secure climate-controlled room with a secure level of access. Only Network Engineers were allowed access to application security as it mainly revolved around the network (port, FW) and OS level protection with security-level access to server rooms. But times have changed. Companies now have more to gain with a more layered approach to application security. 

Tune into this presentation to hear TD Bank's Application Release Engineer Pankul Chitrav discuss the challenges faced by businesses still using the traditional model and how we can overcome these challenges by implementing a layered security model.

Define Application Security Accurately To Generate Business Success

Within many enterprises that are expanding their network and accelerating adoption of the cloud, building a Cloud Security Governance model can be tricky. Finding and establishing a path of support and collaboration between development and application teams, risk and compliance groups, and Cloud Security practitioners should be a key objective to an effective Cloud Governance program.

In this live talk, you’ll learn how to drive operational processes and procedures by adopting a governance framework to take control of your cloud environment and its data.

A few topics we’ll cover:

• Factors to consider when designing a governance model for security in the cloud
• Strategy and methods for aligning people, processes and workflows among disparate teams to
        achieve a unified governance framework
• The impact of cloud governance across multi-cloud environments

The Art of Cloud Governance: Essential for Modern Businesses

Using multiple cloud providers allows organizations to reduce cost, increase resiliency and optimize services. However, multi-cloud strategies significantly increase complexity for security teams tasked with applying consistent controls and policies across all cloud environments.  

As cloud usage increases and becomes more ephemeral, agent-based security across multiple clouds becomes unmanageable. In addition, increased security tool sprawl, with often multiple cloud provider tools for each platform, as well as separate point solutions for specific cloud security areas, further increases complexity. This leads to hundreds of (often duplicate) alerts every day, causing security teams to become desensitized and ultimately, miss critical alerts.  

In this webinar, Deborah Galea discusses how an agentless Cloud-Native Application Protection Platform (CNAPP) can significantly alleviate many security challenges in multi-cloud environments. 

In this session you will learn: 

- What are the security challenges in multi-cloud environments? 
- What is a CNAPP? 
- How does a CNAPP reduce cloud security tool sprawl? 
- How do you get full multi-cloud visibility with agentless cloud security? 
- How does an agentless CNAPP increase an organization’s agility? 
- How can a CNAPP prevent application security issues in pre-production?

Agentless CNAPP: A New Approach to Multi-Cloud Security

Tune into this session to hear cloud expert Dwayne Natwick provide guidance for configuring and managing hybrid and multi-cloud resources within cloud native tools for complete security posture management of your infrastructure. After configuring resources for security posture management, you will learn how to configure vulnerability scans on these resources for next level security posture management.

Key takeaways attendees will learn include:
--The evolving types of infrastructure with multiple cloud providers and on-premises architectures.
--Options that tools provide for multi-cloud and hybrid infrastructure security posture management.
--How to manage security posture through cloud-native tools for the full infrastructure.

About the speaker:
Dwayne is a Global Principal Cloud Security Technical Lead/CTO for Atos across Microsoft, AWS, and GCP.  He is the thought leader determining trends, developing, advocating, and building business plans for the overall cybersecurity services for this global systems integrator. Dwayne also leads the cloud education portfolio for Microsoft and AWS. In addition to creating curriculum, training, and blog writing, he is a Microsoft MVP and a Microsoft Certified Trainer Regional Lead. Dwayne has spoken at conferences and user groups globally on cloud security, identity security, and data/AI trends. Dwayne has authored books and is a Security Professional Community Manager for Packt Publishing.

Security Posture Management for Multi-Cloud and Hybrid Infrastructures

The cloud is the optimal environment for most workloads, with many organizations using multiple cloud providers to reduce risk, maximize agility, and control costs. With these benefits, comes security risks. Join this keynote session to explore the latest threats to multicloud environments and effective strategies to improve your security posture.

During this session, you will learn: 
- How to secure endpoints, dev/test environments, tools/monitoring, and more
- Strategies for de-coupling security from compute
- Best practices to minimize sprawl and improve security posture

Multicloud Cybersecurity Trend:Supercharged Strategies for Supercharged Threats

As cloud adoption across industry verticals increases, hybrid, public, and private cloud infrastructure deployment models grow in use. In order to improve architecture and service resiliency, and to avoid vendor lock-in, one of the common cloud architecture deployment models also includes multi-cloud platforms. Whereas multi-cloud deployment does have its benefits, relying on multiple vendors and clouds increases the attack surface and overall associated risks. Additionally, multiple platforms increases complexity making security even more challenging to design, deploy and monitor. 

In this webinar, we aim to highlight following key takeaways for the audience: 
• Managing multi-cloud security challenges; 
• Important security controls; 
• Strategy to manage compliance requirements;
• Role of automation; 
• Logging, auditing and monitoring.

Security Challenges and Mitigation Techniques for the Multi-Cloud

Accelerating your cloud transformation whilst reducing risk:
Shared responsibility, with less operational overhead. Find out how to set, secure and forget your cloud environment from core workloads to cloud-native development pipelines. Security teams and development teams have always been running in opposite directions, as quickly as possible. Security professionals have always felt like the bearer of bad news, slowing down their colleagues, and being a source of frustration. Boards overlay multi-cloud complexity through acquisition and merger. A complete 3rd party cloud security solution bridges the gap and allows cohesion and when done well, is almost completely invisible.

Invisible Cloud Security: Accelerating your cloud transformation

Organizations are adopting multi-cloud strategies to leverage capabilities of different cloud security providers (CSPs) and to provide flexibility to software development teams. But this brings up challenges for security teams who are responsible for managing security risk and meeting compliance regulations for workloads and applications running in different environments. In this session, ESG Senior Analyst Melinda Marks explores how to supercharge your security to gain the visibility and control you need to scale security programs for multi-cloud environments.

Supercharge Your Security for Multi-Cloud

Superpowered Security for the Multi-Cloud in 2022

Service downtime is more expensive than ever and ensuring consistent access to mission-critical applications and good end-user experience is essential for customer loyalty and employee productivity. Protecting your revenue-generating services and data from security threats and attacks that may stall the business is not a choice.  A lot of newer types of attacks emerge from within the network. Businesses must implement a strategy to ensure network-centric security and observability for threat detection and mitigation. 

Join Andy Idsinga, Sr. Strategic Cloud Architect at cPacket, in this informative talk to learn how to de-risk your IT infrastructure and operations.

Learn more about:
•  Your options to provision a network-centric security and observability practice –i.e., network detection and response (NDR) solution across all three major clouds (Azure, AWS, GCP)
•  What to expect in your deployment journey and gaining real-time network visibility for vs forensic data for incident response 
•  The key questions and considerations for you and your IT teams in terms of technology and objectives

Rethinking Network-Centric Observability for Cloud Security

Spreading operations across more than one cloud enables organizations to choose from a variety of cloud services to cut costs, improve operations and improve scalability. However, operating complex environments across multiple platforms requires a comprehensive strategy to handle connectivity, applications, data and security.

In this panel, experts will discuss how organizations can evaluate risks in their own and their cloud service provider environments, as well as technologies and tools that can assist in achieving a comprehensive strategy.

Join us to learn about:
--Understanding cloud scope across the organization
--Cloud governance frameworks
--Pros and cons of centralizing security access and monitoring controls
--Multi-cloud management and network security analytics platforms
--Cloud security posture management (CSPM) tools that can identify misconfigurations and risks
--Tools for cloud compliance monitoring

Moderated by: Evgeniy Kharam, Cybersecurity Architect and Advisor, Podcaster 
Steve Cobb, Chief Information Security Officer, One Source
Eyal Arazi, Senior Product Marketing Manager, Radware

Build a Multi-cloud Strategy that Supports Governance and Compliance

Multi Cloud

Governance

Compliance

Application Security

Data Security

Risk Assessment

Cloud Architecture

Network Security

Cloud Compliance

Cloud Strategy

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Build a Multi-cloud Strategy that Supports Governance and Compliance

Presented by

About this talk

Information Security