#IMOS21 Security in a Cloudy Sky: Establishing Resilience and Reliability
In just a few years, the cloud has gone from being a concept for the future to an inevitable part of any digital initiative an organization will undertake.
Whilst offering vast benefits such as speed, agility and innovation, modern cloud environments can be highly complex in nature, and with that complexity comes distinct challenges.
Chiefly is the task of ensuring that, as more data moves to cloud infrastructures and reliance on them grows, cloud technology is used securely with a key focus on resilience and reliability. After all, if your day-to-day business functioning depends on the smooth running of your cloud ecosystem, any failure – malicious or inadvertent – can be catastrophic.
In this session, a panel of experts will divulge upon the risk landscape of modern cloud environments, highlight where security issues are most likely to occur and outline step-by-step guidance for implementing a tried and tested approach to cloud security.
• An overview of the cloud risk landscape in 2021
• Learn where your key security threats reside
• How to instill a cloud security strategy fit for modern cloud environments
RecordedMar 24 202160 mins
Your place is confirmed, we'll send you email reminders
Improvements in cybersecurity technologies have made it more difficult for threat actors to mount direct attacks on organizations’ networks. Cyber-criminals are therefore increasingly looking for alternative routes into systems to steal sensitive and confidential data. One of these involves compromising the login credentials of employees or external contractors/vendors, especially those who have privileged accounts and are able to freely access sensitive systems and data.
This issue has been exacerbated by the COVID-19 pandemic, with remote employees more vulnerable to having their login credentials compromised. A zero-trust model of security has regularly been highlighted as vital to keeping a hybrid workforce secure alongside internal employees and external contractors, and this must be underpinned by a strong privileged access management policy, ensuring that compromised accounts do not lead to disastrous data breaches for businesses.
This webinar will explore the latest trends and challenges in privileged access management, and outline the strategies and technologies required to stay one step ahead of threat actors.
In this webinar, a panel of experts will discuss:
· How threat actors are increasingly targeting staff or contractor accounts to steal sensitive data
· The importance of privileged access management in keeping organizations secure, particularly for a hybrid workforce
· The steps required to develop a successful privileged access management policy
The escalating use of shadow IT – information technology outside IT approval – creates significant risk to organizations and is one of the biggest challenges in digital forensics today.
During investigations, incidents, litigation or regulatory and legal compliance, companies must be able to acquire, preserve, analyse, examine and present digital media in a forensically sound manner.
According to McAfee, 80% of workers admit to using SaaS applications at work, in many cases without IT approval. Bring Your Own Device (BYOD) policies and remote working since the pandemic have continued to blur the lines between company and personal device usage.
Organizations need to understand how to get to grips with the expanding shadow IT environment in order to overcome the need and risk attached.
Join this webinar to learn:
· The growing challenges and risk of shadow IT
· Strategies for overcoming shadow IT, including the importance of staff awareness training
· How technologies can help enforce policies, protect data and intellectual property, and reduce costs
Standard security controls are excellent at ensuring that data stays secure and is only accessed by those with appropriate permissions. However, where security fails is knowing the information that privacy requires, such as where the data came from, why the data is being stored, who the data belongs to, who it’s shared with, and how long it will be retained. The answers to those questions for every system or data element has an impact on which security controls a company needs to have in place.
Join Infosecurity Magazine and data expert Chris Pin as he explains the critical intersection between data security and data privacy, including:
· The key differences between data security and data privacy
· Why it’s possible to have security without privacy, but impossible to have privacy without security
· How to enable and support both security and privacy when it comes to data
By taking a Zero Trust approach, security departments assume that all content–regardless of whether it originates from a trusted source–is untrustworthy. Treating all content as if it is malicious eliminates the need to make an allow-or-block decision at the point of a click. With cyber-attacks and data breaches becoming more prevalent since the shift to remote working, traditional detect-and-remediate approaches to cybersecurity are falling short and security leaders are increasingly adopting Zero Trust as a way to overcome the challenges presented by the anywhere, anytime workforce.
In addition, amid growing cloud adoption, many security leaders are looking to introducing Secure Access Service Edge (SASE) architecture into their organizations. Is there a tie between Zero Trust and SASE? Does SASE come in a box? Do you need to choose between one or the other?
During this session, a panel of experts will tackle these questions and discuss:
- Why focusing on detection is a reactive approach to security
- The relationship between SASE and Zero Trust
- Why isolation is the secret sauce in today’s fight against online security threats
The shift to remote working has thrown up a number of significant security challenges to organizations, one of which relates to the exchange of files. With employees increasingly needing to collaborate from different locations and share sensitive corporate data across digital channels, organizations are at much higher risk of being breached.
Simply having secure data policies are not alone sufficient, and encrypted file exchange solutions must combine strong security with efficiency, otherwise staff will simply find ways round these protocols. In this session, a panel of experts will highlight the importance of consolidation of tools in achieving great collaboration and security for the transfer of files, ensuring policies are adhered to.
In this session, we will discuss:
• Why remote employees will often sidestep secure data policies
• The security and collaboration challenges posed by using multiple vendor solutions and the importance of consolidation
• The importance of employee-friendly secure collaboration tools
Today, organizations face more distributed workforces than ever, spanning not just internal teams but also contractors and freelancers. Securing work between these different kinds of employees across numerous locations introduces security challenges. Teams must stay productive while grappling with security measures such as site whitelisting, performance issues with remote virtual desktop access, and requirements like VPN solutions to access company resources.
This webinar will explore the challenges facing these companies, including the need to balance security and productivity. How can organizations make work seamless and productive while locking down sensitive data and applications from intruders?
Talking points will include:
- The biggest challenges facing companies supporting long-term distributed working practices
- Ways to achieve both productivity and security in distributed work
- Security management techniques that can help mitigate those challenges
Protecting your company’s crown jewels is a cliché, but it’s a cliché that has become even more important in the wake of a pandemic that has forced the world to work remotely. Cyber-threats have increased and C-Suites have taken notice, but converting that awareness into budget investment, commitment and a fundamental change in their practices to minimise cyber threats is another matter.
A top down approach is essential to a successful cybersecurity strategy – starting by protecting the company’s most sensitive information and most important assets, often held by board members and the c-suite. But to do this, you need your board members to understand the new threat landscape in a working-from-home environment, the importance of managing risk, and how to improve your organisations cybersecurity posture.
In this webinar, you will:
- Learn how to navigate the increased level of threat your c-suite and board members face in the virtual WFH world
- Learn how to get the attention of your C-suite and foster a top-down approach
- Understand Cyber Risk Scorecards and how to use them
- Get advice on how to win buy-in and budget from the C-suite and Board
Amid a surge in new international data privacy laws and regulations, it is becoming increasingly challenging for organizations to stay compliant. It has therefore never been more important to develop secure infrastructure to enable compliance obligations to be fulfilled, particularly following the shift to remote working during the COVID-19 crisis.
The first step to achieving this aim is data classification, which provides a solid foundation to build towards onward compliance. In this webinar, a panel of experts will explain how integrating data classification with necessary data protection tools such as DLP, rights management, encryption and more, will elevate your cybersecurity strategy. There will also be advice and tips on the right steps to take on this journey.
This session will demonstrate:
- The increasingly challenging cybersecurity and data protection landscape
- How to develop a robust compliance and data loss architecture
- Why classification by design is the foundation of effective data protection and compliance
The adoption of zero trust services has accelerated as work locations become more fluid and flexible between office and home. That said, it’s now more critical than ever to ensure that users have fast, seamless and secure application access regardless of where they’re connecting.
In this webinar, a panel of security experts will discuss how zero trust security principles provide consistent user experiences when accessing private applications, regardless of the user’s or app’s location.
Join the conversation to learn:
- How zero trust is beneficial for in-office users along with remote users
- How to create a blueprint to ensure a consistent experience when users are accessing private applications
- How to provide fast, secure, local access to internal applications while simplifying the IT infrastructure
IT and security leaders are moving forward with the new realities of the hybrid workplace. Working from home, or remotely, is now just ‘work’. As employees begin to mobilize again, organizations need to maintain an agile and frictionless security model, which at the same time compliments an ever-growing migration of applications to the cloud.
Zero Trust has surfaced as a strategy that shifts the dependency on the user’s location and traditional VPN’s, to policy-based access to applications, wherever they reside.
In this webinar, a panel of expert speakers will discuss how Zero Trust security was propelled forward in 2020, and the vital role of secure access service edge (SASE) in implementing this approach going forward, as more organizations undergo digital transformations.
- Why move to a user-centric and location-agnostic Zero Trust security model
- How Zero Trust Network Access (ZTNA) can be the next step in your SASE adoption
- How an edge strategy supports organizations’ future digital growth
Third-party security and risk assessments have always been important, but rapid digitization and outsourcing during the COVID-19 pandemic has brought the topic to even greater prominence. High-profile attacks are occurring as a result of third-party vulnerabilities and it’s becoming an increasingly talked about topic at board level, particularly in light of the SolarWinds attacks.
A thorough understanding of the risks within a supply chain will be essential going forward, with external customers and senior leadership within an organization wanting to be satisfied that third party partners are meeting security and regulatory compliance rules.
The traditional approach of sending questionnaires to companies is costly, time-consuming and often ineffective, particularly in the current landscape. In this webinar, a panel of experts will discuss how security and regulatory teams can conduct efficient and accurate assessments of the security vulnerabilities in third parties, as well as ensure data protection rules are being met.
In this session, attendees will learn:
- How the COVID-19 crisis has made it easier for malicious actors to target supply chains, and the potential damage that can be caused by successful attacks
- The inadequacies of current approaches to vendor risk management and the growing availability of cutting-edge solutions
- How to benefit from a centralized risk assessment exchange that combines both enterprise and third-party vendors on the same platform
- How to guard against failures in third party risk management
Secure endpoint management is critical to modern business success. What’s more, the move to mass remote and hybrid working models as a result of the COVID-19 pandemic has pushed endpoint security even further up the importance agenda.
However, challenges persist for organizations in finding the correct balance between endpoint security and productivity, with one threatening to outweigh the other if sound strategy and due diligence are not in place to ensure users are able to operate both effectively and safely.
In this webinar, a panel of security experts will discuss the current enterprise endpoint security landscape, assess how to best balance usability with secure processes and outline the risks of failing to do so for modern organizations.
· A step-by-step guide to hardening your endpoint security strategy
· Why secure endpoint management is a combined business responsibility
· How to address the balance of end point usability and security in modern organizations
In recent years, there has been a huge expansion of devices used within organizations, an issue exacerbated further by the shift to remote working during COVID-19. This has significantly increased the number of endpoints used by organizations, leaving them more vulnerable to attacks.
In this webinar, a panel of experts will highlight the challenges surrounding the management of endpoints in the current environment and explore why new ways of thinking are required to ensure organizations stay secure. The discussion will set out advice for organizations in establishing a strategy to secure device endpoints wherever their employees are based, including the potential benefits of a Unified Endpoint Management (UEM) strategy.
· Major trends within the device management and security landscape
· The key approaches to endpoint management, with real-time use cases
· How UEM can improve device security for remote workers
Moderator: Eleanor Dallaway; Speakers: Greg Heard, Tee Patel, Ally Turnbull and Martin Webley
Choosing your managed security services provider (MSSP) can often feel like a leap of faith – but it shouldn’t. When you sign on the dotted line, you want to know that they can support your team and provide the level of security and assurance you need.
So, what should you be looking for when selecting your MSSP? Including expert advice from Microsoft and industry thought-leaders, this webinar will answer that question and more, arming you with the key information you need to be able to choose your MSSP with confidence.
Register for the webinar to learn:
- What a managed security services provider is – and what it isn’t
- The key trust marks and certifications to look for
How an MSSP should adapt to meet your unique challenges
- How an MSSP can keep you both secure and compliant
- Why your MSSP must operate as a partner, not just a provider
Moderator: Danny Bradbury; Speakers: Anthony Galfo, more TBC
Security certifications such as ISO 27001 and SOC 2 are becoming table stakes for passing vendor assessments when looking to sell to new companies and renew existing contracts. As security demands continue the trend of becoming more and more stringent, information security teams are having to do more with the same or even reduced resources.
In this webinar, a panel of experts will discuss how security teams are tackling this problem and outline some of the tools they use to make managing their increasing workload more manageable, along with highlighting the efficiencies that can be realized when pursuing multiple security certifications.
- The business and competitive benefits of pursuing security certifications such as ISO 27001 and SOC 2
- How to deal with increased security demand with limited resources
- Best practice for achieving and maintaining security certifications
2020 saw many organizations impacted by various new and altered security vulnerabilities as networking norms shifted dramatically.
Securing the new work-from-home environment became an overnight priority as businesses made efforts to improve overall security posture with increased testing throughout the SDLC, continuous security testing of assets, and rapid vulnerability remediation.
In this webinar, a panel of experts will discuss the key security trends of last year, outline the most common ongoing vulnerabilities and provide an analysis of what you, as a security professional, can do to close gaps and proactively improve security posture.
By attending this webinar, you’ll walk away knowing key security findings from 2020, including:
- The most common vulnerabilities by category and asset type
- How average vulnerability severity has changed YoY and why
- How to increase the cost of attack and resistance
- How to find vulnerabilities that aren’t found through traditional approaches using a crowdsourced security testing platform
Pharma is vulnerable. The sector, which bridges the healthcare–business divide and deals extensively with data and intellectual property (IP), is a tantalizing prospect for malicious actors. It is now one of the most targeted sectors, according to Deloitte, with over a fifth of companies suffering at least seven attacks.
Perhaps the greatest threat facing the pharma industry, however, lies inside its own walls. That’s because insider threats can hamper a pharma company’s ability to remain competitive, thus posing a risk to potential patients.
Alongside a discussion between industry experts, this webinar will include an interactive section, throwing attendees into an emerging insider threat simulation taking place at a fictional pharmaceutical company. In this scenario, participants must use their decision-making skills to find the insider threat, manage the growing crisis and prevent the loss of potentially billions of dollars.
Join us for this webinar to:
· See the impact of the human element in crisis management and response
· Gain a greater understanding of how decisions in a threat scenario have a business-wide impact
· Discover how to strengthen your organization on both sides of “the boom,” so it’s as ready before the impact as it is after it
Applications have been powered by APIs for years, but heavier focuses on automation and cloud-native design are greatly affecting the security landscape. APIs are at the heart of any business regardless of industry and are increasing in both volume and capabilities. Hackers realize the vital role APIs have in connecting critical data and services, and so have increased their focus on attacking APIs. Old ways of thinking about API security must change too.
In this webinar, a panel of experts will bust five common industry myths surrounding API security today, discussed the pitfalls of some misguided API security approaches, cut through the fluff of a handful of security industry trends and share recommendations on how to improve your organization’s API security strategy.
- The impacts of technology trends like zero trust, cloud enablement, containerization and shift-left mantra to API security
- Are traditional security controls enough for API security, or are they one component of an API security strategy?
- Why a full lifecycle approach is important when wrestling with API security
- If the scope of your organization’s API security problem is larger than suspected, what capabilities should you seek in dedicated API security solutions?
After a year of home working, security teams are fatigued. In this context, security leaders must find the energy to push forward with security maturity and overcome any operational obstacles to establish a security by design strategy in their organization.
Including a detailed, real-world case study of a recent SOC transformation, this session explores the techniques and business value of collectively focusing on a big, positive goal – of planning and implementing secure operations as part of a renewed focus on future recovery and growth. Learn how standardizing for scale will allow you to make impactful decisions from your SOC and how exploring automation and outsourcing will enhance productivity and build internal capabilities as strategic business partners.
Attendees at this session will learn how to:
• Establish a comprehensive, scalable SOC platform with container-based architecture
• Implement interactive investigation and workflow tools to empower security analysts
• Build incident case management supported by applied threat intelligence and contextualised/enriched data
As the COVID-19 pandemic continues to plague the world, vaccination efforts are now underway in many nations as they seek to jab their way out of lockdowns, economic turmoil and unprecedented healthcare challenges.
Upon that backdrop, and with reports of new, more contagious variants commonplace, the efficiency, safety and security of COVID-19 vaccines is critical to defeating the virus and seeking some form of normality.
However, cyber-threats lurk at every turn, with scammers, anti-vaxxers, cyber-criminals and state-sponsored actors seeking to unsettle, exploit and disrupt vaccination efforts in various ways for manipulative gain.
In this webinar, a panel of security experts will assess the cyber-risks that threaten COVID-19 vaccines and outline how to ensure the whole supply chain is adequately protected from these threats.
- What cyber-threats surround COVID-19 vaccines, and how much damage can they cause?
- Ensuring the security of key elements of vaccination success including information, supply chain and distribution management
- The role of information security in ongoing and future vaccination efforts