Name: Application-induced cloud security issues (and how to overcome them)
Start: 2022-12-07T13:00:00Z
End: 2022-12-07T13:01:00.000Z
Location: BrightTALK
Rating: 5

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Organizations excel at documenting incidents but fail catastrophically at remembering them. Between audits, hard-won lessons evaporate, cultural knowledge resets to zero and enterprises find themselves vulnerable to the same predictable risks that should have been eliminated months ago.

This session reframes security culture as a living control system where organizational memory becomes your strongest defense. Discover how to transform retrospectives into measurable feedback loops, quantify learning as risk reduction and embed institutional knowledge into governance frameworks that create compounding resilience rather than cyclical vulnerability.

Join Oksana Denesiuk, Senior Product Manager at Kaiser Permanente and ISSA Advisory Board Member, to explore proven methodologies for building unbreakable organizational memory.

Key Takeaways: 
- Track how lessons learned translate into behavioral change and improved security posture. 
- Build lasting organizational memory through structured post-incident processes that strengthen defenses over time.
- Measure how well your organization learns from incidents and translate that into reduced security risks.
- Transform retrospectives into measurable feedback loops that prevent incident recurrence. 
- Embed organizational knowledge into leadership and accountability models for sustained cultural transformation.

Transform Security Culture into Measurable Organizational Memory

Since technology cannot keep us completely protected, organizations must embrace a culture of cybersecurity to build true resilience. This cultural transformation is essential to safeguard against risks and ensure readiness to respond effectively when incidents occur.

This session explores how leading organizations are embedding cybersecurity into their values, attitudes, and practices. By fostering a culture of resilience, businesses can strengthen their ability to anticipate, adapt to, and recover from cyber threats. Learn why every manager has a pivotal role in shaping this culture and how to implement strategies that drive lasting change.

Join Dr. Keri Pearlson, Principal Research Scientist at MIT Sloan School of Management, to explore actionable steps for building a culture of cybersecurity that protects your organization and empowers your workforce.

Takeaways:
- Understand cyber resilience thinking and how it differs from traditional protection strategies.
- Discover key mechanisms for fostering an effective cybersecurity culture.
- Gain actionable insights for managers to enhance resilience at work and home.
- Learn from real-world examples of organizations successfully embedding cybersecurity into their culture.

Building Cyber Resilience Through Culture in 2026

Mergers and acquisitions create exponential cyber risk exposure, yet many organizations lack quantified risk frameworks to guide critical business decisions. As cyber threats evolve and regulatory scrutiny intensifies, executives need concrete data to balance growth opportunities against security investments.

Traditional risk assessments fail during rapid organizational change. This session reveals proven methodologies for translating cyber vulnerabilities into financial impact metrics that drive boardroom decisions. Learn to build communication frameworks that align security investments with business objectives while maintaining stakeholder confidence throughout complex organizational transitions.

Join Vincent Amanyi, Founder of Boleaum Inc, to explore actionable strategies for enterprise cyber risk quantification and communication.

Key Takeaways: 
- Develop risk appetite frameworks that identify, prioritize, and absorb organizational risks with minimal business disruption. 
- Master cyber risk quantification techniques that assign tangible dollar values to security threats across all business levels.
- Build structured communication models to effectively convey cyber risk criticality to diverse stakeholder groups. 
- Implement scalable cybersecurity benchmarking practices for growing organizations. 
- Create boardroom-ready risk reports that support strategic decision-making during M&A activities.

Quantify Cyber Risk Impact for Strategic M&A Growth

Breaches have become a daily reality. Dark web activities and emerging threat vectors outpace traditional defenses, creating blind spots that adversaries readily exploit. Without early warning systems, businesses remain vulnerable to sophisticated attacks that could have been prevented.

Effective Cyber Threat Intelligence (CTI) transforms raw intelligence into actionable insights that enable proactive defense strategies. This session demonstrates how to operationalize intelligence, map adversary tactics to business risks, and implement early warning systems that prevent breaches before they occur. Learn to distinguish signal from noise and convert threat intelligence into measurable risk reduction metrics that resonate with executive leadership.

Leverage Cyber Threat Intelligence for Proactive Risk Mitigation

Open-source software drives enterprise innovation, but unmanaged vulnerabilities create operational risks and regulatory exposure. As cyber threats evolve and compliance frameworks tighten, executives face mounting pressure to balance innovation speed with robust security governance.

Traditional approaches to OSS security often create friction between development teams and security requirements, leading to shadow IT practices and increased exposure. This session presents proven frameworks for integrating security into OSS workflows while maintaining developer productivity and meeting emerging regulatory demands like the EU Cyber Resilience Act.

Join Yesenia Yser, Security Engineer and Open-Source Advocate, to explore enterprise-grade strategies for OSS risk management.



Key Takeaways: 

Implement governance frameworks that protect OSS dependencies without slowing development
Create shared accountability between security, procurement, and engineering teams
Apply SLSA, SBOM, and OpenSSF standards to build enterprise-wide security trust
Balance regulatory requirements with collaborative open source community practices 
Turn OSS security management into a strategic business differentiator

Securing Open-Source Dependencies at Enterprise Scale

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Data security has entered a new era, one defined by AI-powered threats, expanding cloud ecosystems, and evolving global privacy regulations. 

This session presented by TD Bank's Pankul Chitrav explores the critical shifts reshaping how organisations must protect sensitive information in a boundaryless digital world. We will break down the top risks, the essential capabilities of modern security architectures, and the must-have tools for protecting data across endpoints, cloud platforms, and AI workflows. From zero trust to automated posture management and advanced data discovery, you’ll learn what’s required to stay ahead of adversaries and maintain compliance. Whether you’re modernising your security program or building one from the ground up, this talk equips you with the insights needed to create a future-ready data protection strategy for 2025 and beyond.

Future-Ready Data Protection: Securing Modern Data Ecosystems in an AI-Driven World

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

AI technologies are simultaneously completely transforming business operations and creating new security vulnerabilities that cannot be addressed by technical safeguards alone. When implementing AI-driven solutions, human oversight is the biggest differentiator between secure innovation and catastrophic data breaches. As such, human intervention is both the biggest vulnerability and most significant defense in organizational security architectures.

To address this challenge, IT leaders can build a security champions program—a network of engaged employees who understand AI-specific threats and serve as frontline defenders. This group bridges the gap between security teams and other business units. They spread security awareness throughout the organization while maintaining operational efficiency.

Join Vincent Amanyi to discover proven strategies for empowering a team of security champions who can help safeguard your organization's AI initiatives and digital assets.

Key Takeaways:

- Learn to assess AI-related security risks across all business functions
- Design a people-centric security strategy that combines technical controls and human intelligence
- Establish and structure an effective Security Champions Committee with clear roles and responsibilities

Fortifying the Human Firewall: Cultivating Security Champions in Today's AI Landscape

In today's threat landscape, where the average data breach costs organizations $9 million, your employees represent both your greatest vulnerability and your strongest defense. As AI-powered threats become more sophisticated and remote work expands the attack surface, traditional security awareness approaches are failing to create lasting behavioral change. The human element remains implicated in over 80% of breaches, yet most training programs still focus on compliance checkboxes rather than cultivating security champions.

Effective security awareness requires a strategic approach that addresses psychological barriers, leverages behavioral science and creates sustainable security habits. By reimagining how we engage employees—from executive leadership to frontline staff—organizations can transform their security culture from a perceived burden into a competitive advantage that measurably reduces incident rates and response times.

Join Ralph Villanueva, with 15+ years leading enterprise security awareness programs, to discover proven methodologies that transform employee behavior.

Key takeaways:

- Implement psychological triggers that convert passive training participants into active security defenders
- Design role-specific awareness programs that address the unique risks of different departments
- Measure training effectiveness beyond completion rates with behavior-based security metrics
- Secure executive buy-in by connecting awareness initiatives to tangible business outcomes
- Deploy just-in-time learning techniques that deliver training when employees are most receptive

Transforming Human Risk: 10 Battle-Tested Strategies for Modern Security Awareness

Organizations are investing heavily in advanced security tools. But the most critical—and vulnerable—component of cybersecurity defense is people. As AI-driven attacks and quantum-era risks emerge, the gap between technological capabilities and human cognitive readiness threatens to widen dramatically.

Security professionals face unprecedented pressure when responding to incidents. Even with robust detection and recovery tools, factors like stress, fatigue and decision paralysis can significantly increase recovery times and amplify damage. This presentation introduces an expanded MTTR formula incorporating the "Human Cognitive Factor"—a groundbreaking approach that addresses the psychological dimensions of security response that technology alone cannot solve.

Join Sandra Estok (Founder & CEO, Way2Protect) to discover why preparing employees will determine your organization's survival in the 2026 threatscape.

Key Takeaways:

- Master the expanded MTTR formula that quantifies how human cognitive factors impact recovery timelines
- Identify early warning signs of team cognitive impairment before they compromise your security posture
- Implement practical strategies to build psychological resilience and decision-making clarity under pressure
- Establish metrics that measure human performance alongside technical metrics for comprehensive security assessment
- Learn how leadership decisions about culture, team structure, and psychological safety directly influence threat response effectiveness

Strengthening Your Human Firewall: Closing Cognitive Security Gaps Before 2026

Both endpoint security and endpoint management are becoming more challenging, largely driven by an increasingly complex threat landscape and a greater number (and assortment) of both managed and unmanaged endpoint devices. This, combined with an overabundance of tools deployed to deal with these threats and devices, has created a false sense of security and the inability to process all the data being collected.

 To combat this, organizations are making efforts to integrate the teams, tools, and processes involved, and these efforts are having a positive impact on visibility and awareness. Similarly, organizations are eager to adopt new tools like Autonomous Endpoint Management to help them achieve their goals.

In this session from Endpoint Management and Security Gabe Knuth, you’ll learn both what research reveals about the challenges facing organizations, the risks associated with the status quo, and the path forward to improving overall endpoint management and security.

Overcoming Increasing Endpoint Security & Management Challenges

This session will describe approaches and suggestions for potentially lowering your risk of a breach and how to prepare for when they happen.  We will discuss our experiences and practical ideas for consideration to take back to your companies.

Tune in to learn more about these topics:
1. What is the definition of a breach
2. SANS Security Critical Controls – 
a. CIS Control 1: Inventory and Control of Enterprise Assets
b. CIS Control 2: Inventory and Control of Software Assets 
3. Starting with the basics
4. Access Control – Knowing your data – Identity Access Management (IAM)
5. Leveraging Threat Intelligence
6. Bonus – Have a plan, practice, table tops

Top 5 Strategies to Reduce the Risk of a Breach

Security operations is hard. The threat landscape is constantly
evolving. Business and IT initiatives create an ever-expanding attack surface.
Myriad security products overwhelm operators and drive costs up. And as
cybersecurity becomes a topic in board rooms, CISOs are not only under
pressure to reduce risk, but also to prove the efficacy of their security
postures.
 
Next-Gen MDR/XDR represents a shift in mentality from traditional solutions,
which primarily focus on detecting threats by managing EDR and XDR
products. In this session, we will discuss how Next-Gen MDR solutions:
 
1. Continuously assess prevention and configuration settings to prove
security efficacy
2. Use security posture context to make more accurate incident triage
and response decisions
3. Facilitate better collaboration between security and IT teams to
streamline operations
4. Reduce overall complexity by plugging into a consolidated multi-cloud,
multi-device control plane
 
Don’t miss out on the future of Managed Detection and Response!

Reduce Risk and Prove Security Efficacy with Next-Gen MDR/XDR

When we think of cybersecurity for enterprises, we think next-gen firewalls, EDR, and SIEM. But none of these resources can protect your cloud assets as traditionally employed. This means companies must use new techniques to protect cloud environments and the various SaaS applications deployed by modern enterprises.

Tune into this talk to learn:
1.) How to collect telemetry and generate alerts from various cloud environments.
2.) Techniques to detect misuse of SaaS application including cloud account takeover. 

The ultimate goal is to stop cloud and SaaS breach from occurring in the first place.

Breach Detection in the Cloud

In the last two years, technology has shifted from onsite to remote. This paradigm shift in computing introduces additional security concerns to both individuals and enterprises. 

Tune into this presentation to hear TD Bank's Application Release Engineer Pankul Chitrav discuss security issues and concerns common in cloud computing while addressing various key topics like vulnerabilities, threats and mitigations, and breach prevention.

Speaker bio:
Pankul is an expert DevOps consultant and entrepreneur. With a background in software technology and leadership, her career expands over several industries including education, healthcare, and finance. Currently she is working on Azure Clouds as Application Release Engineer at TD Bank. She has received numerous awards as a technology expert and mentor. Her strong background in learning, development and managing teams makes her the perfect fit. She is widely regarded as the go-to source for automation and troubleshooting. Pankul is a Certified Agile Practitioner and is Certified in Designing Microsoft Azure Infrastructure Solutions along with Microsoft Azure Administrator. Pankul has been invited to speak to organizations across the world including RSA and WWC. Pankul is passionate about volunteering and is one of the most sought-after mentor for newly immigrants of Canada.

When not working or volunteering, Pankul can be found creating delicious meals and doing gardening.

Breach Prevention in Cloud Computing

It is no secret your data in the cloud is vulnerable. What's worse is that, according to Gartner, more than 99% of cloud breaches will have a root cause of preventable misconfiguration or mistakes by end users through 2025. But the silver lining -- more like silver word -- to your cloud is that these breaches can be preventable so you can reach to your data in cloud when you need it. 

Tune in to this presentation from TD Bank's Leena Bongale if you looking for ways to secure your cloud data by:
• Securing access with zero trust principles
• Protecting data in an era of hybrid work
• Transforming your data protection for the cloud
• Reducing human error with security posture management

Speaker Bio:
Leena Bongale is a recognized industry expert with over 18 years of experience in Information Technology and specializes in Information Security and Risk Management.  She is currently Manager of Data Protection at TD Bank. Leena is an accomplished speaker, trainer, also volunteers information security consulting on pro bono basis, and has achieved industry certifications including CRISC and SAP BI. Leena regularly speaks on topics including cybersecurity, cloud adoption, business continuity, and compliance.

Reach it, Don't Breach It!

Social engineering tactics – using the art of deception in cyberattacks – have climbed to the top spot as the #1 cause of cybersecurity breaches. Our researchers break down common attack vectors, where we’re most vulnerable and find out why social engineering is so successful. Finally, we explore Forrester’s recommendation for the best defence against social engineering tactics like phishing. They make the case for adopting a multi-tiered cybersecurity strategy. Equipped with the right defences, you can protect your business from social engineering.

Join our webinar to learn how to protect your business.

Is Your Security Engineered To Beat Social Engineering?

Join Bob West, Chief Security Officer at Prisma Cloud, to learn about how Prisma® Cloud can address the cloud threats in your enterprise. This event explores how to operationalize the insights in the latest Unit 42 Cloud Threat Report.

Identity and Access Management: The First Line of Defense

The cloud landscape is complex with different threats, risks, and vulnerabilities that can overwhelm a business and its security teams. An annual report released by CSA tracks the top concerns reported by security professionals to understand how threats and breaches impact the business. 

Organizations must prioritize how cloud security affects the organization, break down recent cyber attacks, and implement controls that protect the organization from future threats. Some of these tools include the Top Threats initiative complements industry tools for a richer business context. IT leaders should also compare industry perception with actual threat data in the Verizon DBIR. Another strategy is to take real-world attacks and use alternative lateral techniques from the MITRE ATT&CK framework. Finally, security leaders can implement cloud security controls with the Cloud Controls Matrix to mitigate business risk and cyber attacks. 

Tune into this webinar as Cloud Security Alliance's John Yeoh shows how to use these tools and better communicate cloud security for the business.

About the speaker:
With over 20 years of experience in research and technology, John Yeoh has held technical analyst, executive, and board member positions in the industry. He is also a Technical Advisory Council Member for the Federation Communications Commission, Standards Officer for the International Standardization Council, and representative on multiple industry professional consortiums. Yeoh is a published author, researcher, and technologist with areas of expertise in cybersecurity, cloud, and next generation technologies. His works and collaborations have been presented in The Wall Street Journal, Forbes, SC Magazine, USA Today, Information Week, and others.

Top Threats to the Cloud for the Business

Tune into this session, presented by Boleaum Inc. founder Vincent Amanyi,  to learn the critical components involved in order to craft security strategies for the cloud environment.

 Attendees will come away from this webinar with these key takeaways:
- Define what matters to them within a cloud security strategy.
- The right technology and tools to build up their strategy.
- Frame their environment based on growing business applications.
- Partner with the right vendors to manage risk and lower cost.

The building blocks of a cloud security strategy

Network security is primed for a transformation. Traditional approaches to threat and data protection are no longer effective in a cloud and mobile world. Users, data and apps have left the network, leaving traditional network security approaches in the dark. As data breaches and ransomware continue to rise, IT leaders are now being forced to evaluate new ways to help drive down risk.

Defining the future of Security Service Edge

70% of organizations have had a public cloud security event in the last 12 months— and we know that number continues to rise. That's because attackers are zeroing in on public cloud resource misconfigurations.  As more and more data and resources are migrated to cloud platforms like AWS, Azure, and Google, it's harder for IT pros to keep pace, much to the delight of attackers worldwide. Organizations are increasingly investing in cybersecurity services, most notably Managed Detection and Response (MDR), to help improve their threat detection and incident response capabilities 

When you’re up against malicious actors, the more expertise you can bring to bear the better. Join this webcast to learn how to effectively integrate managed detection and response into your proactive security strategy. We will also cover: 
- A common attack scenario and how it plays out from a defender's standpoint 
- Trends of attacks that are taking place in the cloud 
- Solutions your organization can leverage to obtain better visibility and detection

MDR: Delivering Superior Security Outcomes Through Cybersecurity as a Service

A Cloud-Native Application Protection Platform (CNAPP) is a new approach that simplifies cloud security by combining several capabilities in one platform. By combining vulnerabilities, context, and relationships in a unified data model, a CNAPP provides a holistic view of risks, recognizing how seemingly unrelated low-severity risks can combine to create dangerous attack vectors.

In this session, we’ll talk CNAPP and dive into:
• How CNAPPs are changing the landscape of cloud security
• The advantages of agentless cloud security
• How a CNAPP reduces cloud security tool sprawl and strengthens risk prioritization
• How the Orca Cloud Security Platform combines cloud workload and configuration intelligence in a unified data model to understand the full context of risks

5 Reasons to Choose an Agentless CNAPP in 2023

The World Economic Forum estimates that over 92% of all data in the western world is stored on servers owned by very few US-based companies. This concentration creates a situation of high dependence, and a challenge for business resilience. Digital sovereignty has become an important topic for many nation states, and new regulations are emerging to manage these risks. In this webinar we will cover:

- Digital sovereignty challenges between the EU’s GDPR and the US Cloud Act and FISA since the Schrems II decision.
- The emerging sovereignty regulations such as GAIX-X, DORA, France’s “Trusted Cloud”, Australia, and others.
- The impact of sovereignty on cloud deployment risk and governance.
- Strategies to maintain data, operational, and software sovereignty.
- How sovereign controls leveraging encryption and key management can protect privacy and sovereignty in the cloud.

Join us learn more about how to overcome digital sovereignty challenges in the cloud.

The Keys to Sovereignty in the Cloud

It's no longer news that we need to support and secure increasingly distributed organizations. As companies look for long-term solutions for their hybrid and fully remote workforces, one thing is clear - identity is at the center of businesses today. An identity-first approach to security reduces today's cybersecurity risks and provides the foundation for a Zero Trust security strategy. A modern identity solution can also help you tie the complexities of protecting people and assets together in a seamless way.

Join this session to learn:
 - How to enable and secure your workforce
 - How identity can lay the foundation for any Zero Trust security initiative
 - How identity fits into a larger ecosystem and supports a more robust security posture

Approaching Security with an Identity-First Mindset

According to Foundry, formerly IDG Communications, 92% of organizations currently host some or all of their mission critical applications and IT footprint in the cloud. But cloud environments continue to face a myriad of security threats including misconfiguration, lack of visibility, identity and unauthorized access.

In this panel discussion moderated by Clarify360's Jo Peterson, tune into hear leading experts focus on specific takeaways that you and your team can put in place to now to ensure your cloud footprint is secure for the upcoming year. 
- Cloud security roadmap;
- Cloud security posture management; 
- Zero trust network access (ZTNA);
- SDLC and DevSecOps within the cloud;
- The need for centralized platforms;
- Increased investment in intelligent security;
- Increased investment in certification and cross training of your team.

Panelists:
Teena Piccone (Google) 
Iain Clarke (PayPal Invest)
Charles Johnson (Coalfire) 
Stan Davidson (SonicWall)

Secure Your Cloud Footprint in 2023

An effective cloud security strategy can be an elusive and challenging goal to reach. Tune into this session to hear CDS Defence & Security's Martin Nash discuss PAGODA, a self-styled approach to implement a cloud security strategy. 

PAGODA is an acronym standing for:
- Principles 
- Assets
- Governance 
- Operations
- Data 
- Access 

This self-styled, tailorable approach to building a cloud security strategy is simple and easy to remember and will ensure that key principles are considered. Attendees will come away from this session with a template on how to build their own cloud security strategy or an option to measure their existing one.

Enable your cloud security strategy by building a PAGODA

Organizations are adopting cloud strategies at a rapid pace to scale infrastructure demands, onboard new applications, and provide flexibility to software development teams, among many other use cases. But this brings up challenges for security teams who are responsible for managing security risk and meeting compliance regulations for workloads and applications running in environments outside of their direct control. In this session, ESG Senior Analyst Melinda Marks explores the cloud security priorities your organizations needs to focus on for 2023 and the defenses you should consider putting in place.

Get Your Cloud Security Strategy Ready for 2023

360° Cloud Security for 2023

When it comes to securing cloud usage, misconfigurations can arise for many reasons and stem from a number of sources. One particularly well-traveled road for the origination of security issues is through application development. Specifically, situations where changes made during development lead to undermined security, the introduction of vulnerabilities, or other non-optimal security outcomes.  

Fortunately, by working together with development teams, security groups can help find and mitigate these types of issues.  

This discussion will explore how and why threats get introduced during the development cycle and cover strategies for how you can mitigate those issues when they do.

Application-induced cloud security issues (and how to overcome them)

Cloud

Cloud Security

Cloud Adoption

Application Development

Cloud Applications

Security Strategy

Application Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Application-induced cloud security issues (and how to overcome them)

Presented by

About this talk

Information Security