Name: Maturing your cloud controls model through improved signal and validation
Start: 2020-12-08T23:00:00Z
End: 2020-12-08T23:00:44.000Z
Location: BrightTALK
Rating: 5

Cloud computing is a general concept that incorporates software-as-a-service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS) and other recent well-known technology trends in which the common theme is reliance on the Internet for satisfying the computing needs of the users.  

This channel features presentations by thought leaders who cover the key topic areas in this increasingly important field.

The advent of cloud computing has ushered in a new era of financial services, characterized by unprecedented levels of innovation, agility, and scalability. As the finance sector grapples with the dual challenges of increasing regulatory scrutiny and rapidly changing consumer expectations, the cloud emerges as a pivotal force for transformation. This presentation aims to dissect the multifaceted impact of cloud technology on the finance industry, highlighting key strategies for leveraging cloud computing to foster innovation and competitive advantage.

We will delve into the core aspects of cloud-powered financial innovation, beginning with an exploration of how cloud technology is reshaping traditional banking, investment, and insurance models. We will examine case studies of fintech startups and established financial institutions that have successfully harnessed the cloud to launch innovative services, improve operational efficiency, and enhance customer experience.

Furthermore, the presentation will address the critical role of security, compliance, and data governance in cloud-based financial services. With the increasing frequency and sophistication of cyber threats, we will discuss best practices for securing sensitive financial data in the cloud, ensuring compliance with global financial regulations, and building trust with customers.

Navigating the Cloud: Driving Financial Innovation for Tomorrow’s Economy

Tune into this presentation from IT company founder Yesenia Yser that delves into the transformative impact of open source, AI, and cloud innovations on global supply chain security. Participants will explore recent supply chain attacks, extracting critical trends and understanding the role of cutting-edge technologies in these breaches and learn the power of open source communities and tools in fostering a collaborative approach to supply chain defense. We will also examine cloud-based innovations that offer robust protection for cloud and hybrid environments. Finally, the talk will outline effective strategies and best practices for achieving a harmonious balance between rapid technological innovation and stringent security measures, paving the way for a protected and resilient future.

Key Takeaways:
- Insights into the impact of recent supply chain attacks and the role of technology in these breaches.
- Knowledge of open source initiatives and tools enhancing supply chain security.
- Understanding of cloud innovations providing advanced protection for diverse IT environments.
- Strategies for ensuring that technological advancements in AI and cloud computing align with rigorous security standards.

About the speaker
Yesenia is a first generation Cuban American paving the way to “awaken the indomitable warrior spirit within us all’ – protecting us in both the digital realm and the physical world. International Keynote speaker specialized in Cyber Security, Software Development, Open source Software, Women in Tech, Women Empowerment, Digital Portfolio Framework, Self-Defense, and Brazilian Jiu Jitsu. With over 12+ years of experience in various Security roles, Yesenia has spent her career championing security best practices and product innovation within the Application Security space, fortifying collaboration with engineering teams, nurturing security programs and initiatives, architecting security by design, fostering open source communities and DEI communities.

Protect the Nebula: Open Source, AI, and Innovations in Supply Chain Security

Prioritizing sound security hygiene is a highly effective practice for companies to significantly reduce the risk of security incidents, but unfortunately, is often overlooked. 

In this presentation, Bojan Magusic, program manager and author of Azure Security, will share a real-world security incident (without disclosing specific details or names). He will provide an overview of the incident, including its effects on the organization, followed by a discussion of potential preventive measures. Bojan will also share trends he sees in the real world, some best practices on how organizations should approach governance, readiness, and leadership support, and more.

At the end of this session, you can expect to:
- Be able to explain why cloud security posture should be an organizational-wide priority. 
- Understand how lack of security hygiene can impact your organization and its business.
- Understand which security misconfigurations of cloud services you should prioritize and fix first. 
- Understand which cloud services are targeted more often than others, even across multi-cloud.
- Learn how to use infrastructure as code to embed security hygiene into pre-deployment.

Why Should Cloud Security Posture Be Your #1 Priority?

In today’s rapidly evolving cloud landscape, the shift towards multi-cloud environments has become increasingly prevalent. While this shift offers unparalleled flexibility and scalability, it also introduces complex challenges in data protection and privacy. This session is designed to address these challenges, providing participants with an in-depth understanding of how to navigate and secure their data across multiple cloud platforms.

This webinar will kick off with an overview of the current state of multi-cloud environments and cover,
- Unique vulnerabilities and privacy concerns that arise when dealing with diverse cloud service providers.
- Advanced data encryption techniques, emphasizing their role in safeguarding sensitive information. 
- Intricacies of data sovereignty and the complications posed by varying international data protection laws.
- Implementation of robust access control mechanisms, ensuring that the right people have access to the right data at the right time. 
- Explore effective strategies for Data Loss Prevention (DLP), aiming to prevent unauthorized access and leaks of sensitive information.
- How organizations can stay aligned with global data protection regulations like GDPR, HIPAA, and CCPA. 
- Incident response and breach notification in a multi-cloud context.

Furthermore, the session will introduce best practices for data anonymization and masking, ensuring privacy without compromising the utility of data. Attendees will gain insights into conducting thorough cloud data audits and continuous monitoring for enhanced security.

About the speaker
Elango is an CISSP certified and accomplished technology leader with 20+ years of experience building high-performance engineering organizations for high-tech and financial services businesses across multiple geographies. He oversaw several cloud implementations that meet the highest standards of security and compliance for top-tier banks across Singapore, Thailand and the United States.

Data Protection and Privacy in a Multi-Cloud Setting

In the dynamic world of cloud migration, mastering the human element is the key to success. Join us for an illuminating exploration where we'll delve deep into the intersection of technology and human behavior.
 
Through captivating storytelling and insightful anecdotes, we'll uncover the critical role of human risk management in ensuring the security and success of cloud migration initiatives. From empowering employees to fostering a culture of cyber-self defense, you'll gain invaluable insights and actionable strategies to navigate the complexities of cloud migration with confidence.
 
Whether you're a seasoned CISO or a tech-savvy professional, this presentation promises to equip you with the knowledge and tools needed to strike the perfect balance between risk and security in the ever-evolving landscape of cloud computing. Don't miss this opportunity to unlock the secrets to a successful cloud migration journey.

The Human Equation in Cloud Migration: Balancing Risk and Security

Cloud's allure is undeniable, with worldwide services projected to cross $1 trillion by 2025. But amidst the excitement, a hidden danger lurks: data loss. This rapid shift to the cloud, while inevitable, necessitates caution.

Treat your data migration like a treasure hunt, not a treasure drop. Manual processes introduce misconfigurations, which act as open doors for attackers. Every exposed weakness in your cloud becomes a potential entry point.

Don't let your cloud dreams turn into data nightmares! Security must be embedded in every step of your journey, from building applications to migrating data. Embrace the cloud's power, but prioritize its protection.

Migrating to the cloud unlocks exciting possibilities, but security concerns can quickly turn those dreams into data nightmares. This guide empowers you to navigate the migration process with confidence, equipping you with essential security tips to safeguard your valuable data and applications.

Key Takeaways:
- Understand the hidden dangers: Uncover the potential pitfalls of data loss and security breaches during cloud migration.
- Protect your precious assets: Learn powerful strategies for securing data at rest and in transit, employing encryption, and implementing robust access controls.
- Build a fortress in the cloud: Discover best practices for disaster recovery planning, backup solutions, and leveraging advanced security tools like DLP and CASBs.
- Stay compliant, avoid pitfalls: Ensure your migration adheres to industry regulations and data privacy laws, mitigating legal risks and safeguarding your reputation.

This presentation aims to empower organizations with the knowledge and tools necessary to turn their cloud migration dreams into secure and resilient realities, ensuring that data nightmares remain a distant concern.

Don't Let Your Cloud Dreams Turn into Data Nightmares: Tips for Migration

The landscape of disaster recovery is undergoing a significant transformation as cloud computing becomes increasingly central to business operations. In this context, disaster recovery strategies are transitioning also. This is not without its challenges - it involves navigating new technological terrains, adapting to different operational models, and managing the complexities of cloud environments. Once confined to self-controlled data centers, disaster recovery exercises now need to be reimagined in the dynamic and often decentralized realm of the cloud. 

In this session, Ray Holloman (Founder and CEO of Holloman Solutions) delves into the intricacies of adapting disaster recovery processes to the cloud. He will explore the unique hurdles encountered when dealing with multiple cloud providers, shed light on the integration of on-premise workloads with cloud platforms, and the discuss critical role of testing within these new environments. Moreover, Ray explores the impact of external factors such as third-party testing and the necessity of staying actively involved in the monitoring and reporting processes throughout the transition to cloud-based disaster recovery.

Key takeaways include:
- Understand the Shift: Explore the fundamental changes and challenges in moving disaster recovery strategies from on-premise to cloud environments.
- Navigate Multi-Cloud Complexities: Discover how to manage disaster recovery across various cloud platforms and integrate them with existing on-premise systems.
- Redefine Testing Approaches: Establish new testing patterns and strategies tailored for cloud-based disaster recovery scenarios.
- Key Considerations for Transition: Identify key factors that will allow you to effectively adapt your disaster recovery testing as you shift workloads to the cloud.

Cloud-Powered Disaster Recovery: Next-Gen Strategies

In the discussion, Sean Heide, Research Technical Director of Cloud Security Alliance, will cover the last Top Threats to Cloud Computing report by the Cloud Security Alliance. This document, though not a framework in a traditional sense, is a powerful research paper that outlines the cloud's top risk and threat areas as identified by the entire security community. Through extensive research and collaboration, these findings have been stripped down to be able to describe business impacts, mitigations, and lessons learned from use cases. Whether you are a seasoned veteran in this business, or just getting started on your cloud journey, you will be able to use these findings to begin to put the pieces together to enhance your security posture.

Navigating the Top Cloud Threats: A Practical Approach for Risk Identification

As organizations increasingly transition their infrastructure to cloud environments, the security landscape undergoes a paradigm shift, necessitating advanced strategies to detect and respond to threats effectively.

This presentation provides a strategic exploration of best practices in securing cloud environments through effective detection and response measures. Join us as we navigate the realm of "Securing the Cloud," uncovering key principles to fortify your organization's defenses and elevate its security posture.

Securing the Cloud: Key Principles for Effective Detection and Response

In the realm of cloud computing, the intersection of technological advancement and environmental sustainability is becoming increasingly crucial. As the cloud continues to permeate all aspects of business operations, its environmental footprint has become a major concern. This urgency is further amplified by the growing emphasis on Environmental, Social, and Governance (ESG) factors in the corporate world. The challenge lies in striking a balance between leveraging cloud computing for business efficiency and minimizing its ecological impact.

In this evolving landscape, the role of IT leaders in championing sustainable practices is paramount. With stringent regulations and a shift towards a green economy, the need to integrate sustainability into cloud strategies has never been more pressing. This integration is not just about reducing carbon footprints but also about adopting innovative approaches that ensure long-term environmental viability.

In this session, Selma Ben Rajeb (Senior Manager in Technology Strategy and Advisory at Accenture) delves into the complexities of sustainable cloud computing, exploring both the challenges and the opportunities it presents, sharing a comprehensive roadmap to implement sustainable practices in your cloud strategy.  

Key takeaways include:
- How to drive a sustainable transition to cloud
- Practical strategies to achieve net-zero emissions in cloud operations
- And more...

Greening the Cloud: Strategies for Eco-Friendly IT

Kubernetes security is crucial in ensuring the safety and integrity of your organization's data and systems. However, keeping up with the latest security threats and vulnerabilities can be a daunting task. This is where Kubernetes Goat comes in - a "vulnerable by design" Kubernetes Cluster environment that allows you to practice and learn Kubernetes security in a hands-on way.

In this webinar, Pragmatic Security Leader Madhu Akula presents the latest version of Kubernetes Goat and demonstrates how to use it to identify and mitigate vulnerabilities in Kubernetes and containerized environments. He will cover various attack scenarios and real-world vulnerabilities and show how Kubernetes Goat scenarios can be mapped with them. The session will also explore open-source security tools that can be used to write secure code and deploy secure containers in production.

Key Takeaways:
- Gain practical, hands-on experience with Kubernetes security through 25+ offensive and defensive scenarios.
- Learn about the latest security threats and vulnerabilities in containers, Kubernetes, and cloud-native environments.
- Access detailed documentation, labs, and other resources to continue your learning and development in Kubernetes security.
- And more...

Mastering Kubernetes Security with Kubernetes Goat

This presentation explores the benefits and challenges of adopting cloud-native practices for application development and deployment. It highlights the importance of leveraging containers and container orchestration technologies like Kubernetes to achieve scalability, portability, and operational efficiency. You’ll understand key concepts and principles of cloud-native architecture, including how it enables faster software delivery, improved resource utilization, and easier application management. 

Attendees will better understand the strategies and best practices needed to effectively modernize applications and maximize their potential in the cloud-native ecosystem. The presentation will also address potential challenges such as skill gaps, security concerns, and cultural transformation, guiding how to overcome them. By the end of the session, participants will have the necessary knowledge and tools to embark on successful application modernization journeys, empowering them to harness the full potential of cloud-native architecture and drive digital transformation within their organizations.

Topics covered will include:
- Scalability: Cloud-native architectures enable applications to scale easily and efficiently. 
- Portability: Cloud-native architectures promote application portability across different cloud providers and environments. 
- Operational Efficiency: Cloud-native practices promote automation and streamline operational tasks. 
- Faster Software Delivery: Cloud-native architectures facilitate faster software delivery through continuous integration and continuous deployment (CI/CD). 
- Resilience and Stability: Cloud-native architectures enhance application resilience and stability. 
- Cost Optimization: Cloud-native approaches can optimize resource utilization, enabling organizations to control and manage costs.

Modernizing Applications With Cloud Native Architecture and Containers

For the last few years, there has been an ongoing debate about multi-cloud/hybrid cloud vs single cloud approach. However, there is increasing evidence that the future will be multi-cloud. Data from a recent survey released by Forrester Research indicates:

62% of public cloud adopters are using 2+ unique cloud environments/platforms

74% of enterprises describe their strategy as hybrid/multi-cloud today

So, the question is what does this mean for your applications? Does adopting multi-cloud increase management complexity? How can you effectively control and manage spend?

In this webinar, we will discuss the benefits and challenges of a multi-cloud approach. We will see how containers are becoming a key building block for enabling application portability and how Kubernetes is becoming the toolbox across clouds. Finally, we will discuss real-world best practices for enabling multi-cloud deployments.

About the speaker:
Ritesh Patel is co-founder of Nirmata and has 20+ years experience building and delivering enterprise software solutions and has led highly successful software and business development teams. Ritesh began his career in engineering for high tech firms and has since migrated to the business side of the operation. In his founding of Nirmata, Ritesh sought to bring his broad spectrum of experience to a single previously unaddressed industry problem through the creation of a new business. To Nirmata’s leadership, Ritesh brings a rare skill set incorporating experience with the entire chain of software development activities. This background has contributed to Nirmata’s commitment to empowering all employees to do the hard work required to deliver tools that solve tough problems.

Getting Ready for a Multi-Cloud Future with Containers and Kubernetes

Hybrid Cloud has become synonymous with Kubernetes and “Containers” through high charged marketing campaigns from IT behemoths. However, container platforms are just one technology platform potentially included within small, medium or enterprise customer Hybrid Cloud Architectures.  

This presentation describes hybrid cloud as a strategy, then as an architecture, and finally it describes the key technologies involved moving forwards and the areas of Next-Gen Hybrid Cloud still requiring standards development, products and service offerings.

Join as we discuss:
Some of the new Enterprises started with a Public Cloud strategy (e.g. Netflix, AirBnB, etc.).
As soon as most organisations are sufficiently mature to require a business O365 service, the organisation then becomes multi-cloud.
Managing a multi-cloud environment is challenging without a hybrid cloud strategy.
What principles might a hybrid cloud strategy have.
What would you expect from the Next-Gen Hybrid Cloud (what should it do).
What are the current relevant product offerings?
This is not just about containers!

Exploring Next-Gen Hybrid Cloud: More Than Containers

In an era where digital environments transcend borders and weave intricate connections between systems, the cloud has emerged as a revolutionary power, reshaping the landscape of business operations and collaboration. While enterprises eagerly embrace the advantages offered by cloud computing, its introduction necessitates protection of these virtual realms from an ever-expanding spectrum of risks. 

The presentation from TD Bank's Pankul Chitrav uncovers the complex web of security hurdles inherent in the realm of the cloud, equipping us with a comprehension of the tools and strategies that lay the foundation of cloud security.

Secure Cloudscape: Exploring Cloud Security Solutions

In the rapidly evolving landscape of cloud computing, security incidents are a constant threat. To effectively protect your cloud infrastructure and data, mastering automated incident response is no longer an option -- it's a necessity. Join us for an insightful session as we delve into the world of cloud incident response automation.

In this session, we will explore the strategies and essential tools that empower organizations to respond swiftly and decisively to security incidents in the cloud. We'll uncover the key considerations and best practices that can mean the difference between a minor hiccup and a full-blown security breach. We will be covering
- Understand why automation is a game-changer in cloud incident response. Discover how it reduces response time, minimizes human error, and ensures consistent actions in the face of threats.
- Learn battle-tested strategies for crafting a robust incident response plan tailored to your cloud environment. From threat detection to containment and recovery, we'll cover it all.
- Explore the cutting-edge tools and technologies that can help you implement your automated incident response strategy effectively. 
- Strategies for introducing automation, iteratively investing and measuring effectiveness. 
- How recent developments in Artificial Intelligence have reduced noise and resulted in effective scenario recognition and response. 

About the speaker
Elango is an CISSP certified and accomplished technology leader with 20+ years of experience building high-performance engineering organizations for high-tech and financial services businesses across multiple geographies. With an in-depth understanding of governance, compliance, regulatory, and cybersecurity requirements of ASEAN markets, Elango has championed several cloud implementations that meet the highest standards of security and compliance for top-tier banks across Singapore, Thailand and the United States.

Mastering Automated Cloud Security Incident Response: Strategies and Tools

As Kubernetes continues to revolutionize container orchestration, understanding how to secure your clusters becomes increasingly vital. In this discussion we'll focus on fundamental principles of access control, from the foundations of authentication methods to the intricate world of Role-Based Access Control (RBAC), creating and managing roles. We'll also look at the world of open-source tools designed to simplify access management. Discover how Paralus - a Kubernetes access management tool - can simplify and enhance your access management practices, offering you an added layer of confidence in securing your Kubernetes clusters. 

Whether you're a Kubernetes veteran or just venturing into the world of containerization, this talk promises to deliver fresh insight.

Securing Kubernetes: Exploring Access Management Techniques

Cybersecurity Threat Detection and Prevention

How to Fix Cybersecurity - From Patching Leaks to Building Better Dams

How To Remediate Application Security Vulnerabilities

Third Party Risk Management and The Cloud

The Cloudscape GRC Landscape

Cover Your SaaS: Evaluating SaaS Vendors for Cyber Risk

A Whole New World: Compliance in the Cloud is No Magic Carpet Ride

Navigating Data Security in the Cloud

Data Breaches Coming Home to Roost in 2021

7 Steps to Maintain Security Across Your Cloud Estate

To Trust, or Not to Trust the Cloud; That is Your Compliance and Risk Question

How to successfully secure ecommerce

Protecting Against Public Cloud Data Breaches Using Confidential Computing

Modern Authentication to Secure Enterprises: AWS SSO with WebAuthn and YubiKeys

Why you can't stop data breaches?

Modern Mythology: Data On Prem is More Secure than On Cloud

The cloud security dilemma: Cloud native or third-party tools?

Cloud adoption has changed gears; your security needs to do the same

Top Attack Paths in the Cloud

[PANEL] Cloud Security Risks and Solutions

Top Cloud Attack Paths You Should Worry About

Shifting to a holistic cloud security strategy

A Practical Lesson in Cloud Controls from Breach Analysis

Securing the Future of Work with Cyber AI (APAC)

Moving Beyond Passwords in the Digital Age

The Corporate Dissolve of Centralized Security

Closing Cybersecurity Skills Gap with Customized Training and Untapped Talent

New Year, New Cloud

The Challenge of Detecting Threats in the Cloud

5 Big Trends Impacting Application Security In 2021

DDoS and How It Differs from Other Cyber-attacks?

Rethinking your Cloud Security Strategy for 2021

A Muggles Guide to Security In The Cloud

Cybersecurity Threat Trends – What 2020 Can Teach Us About 2021 And Beyond

Cloud Security in 2021

In a multi-cloud/hybrid-cloud environment, security controls have traditionally been focussed on reactive detection, leveraging traditional log sources and analytics. Using a programmatic approach to controls validation and using low effort high fidelity security signals you can expand your detection, reduce the attacker dwell time and improve the return on your controls investment.  In addition it is valuable to leverage threat intelligence sources that are curated to your organisation and control environment. We will discuss how you can drive the controls maturity by leveraging some simple tools and processes.

Maturing your cloud controls model through improved signal and validation

Cloud Security

Cloud Service Providers

IT Security

Cloud

Multi Cloud

Cloud Compliance

Cloud Analytics

Information Security

Cloud Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Maturing your cloud controls model through improved signal and validation

Presented by

About this talk

More from this channel