CSA CloudBytes

Upcoming CloudBytes

How to Phish Your Employees For Functional Security
October 18, 2018

How to Phish Your Employees For Functional Security

Presentation by Josh Green of Duo Security
More than 90% of reported data breaches and security incidents in 2016 involved a successful phishing attack*. Attackers rely on phishing as a primary strategy because it continues to be both effective and efficient, as users remain the most vulnerable attack vector. The best defense against phishing is proactively educating your users, through a shame-free campaign that prepares them for real-world phishing attempts. Along with teaching your users what to watch for, an internal phishing exercise can result in faster user reports of possible phish attempts and reinforce your security response plan. In this webinar, you will learn how to: - Quickly and easily assess your security posture - Help build the business case for addressing your organization’s security needs - Build and deploy effective phishing simulations within minutes - Identify vulnerable users and devices - Increase the speed of user reporting for possible phishing messages * Verizon 2017 Data Breach Investigations Report, page 30
Data Breach Myths vs. Reality
October 25, 2018

Data Breach Myths vs. Reality

Presentation by Sami Laine of Okta
Data breaches can happen to any organization, so it's important to understand your organization's risk of a data breach. But where should you start your assessment? What practical and pragmatic steps can you take? In this presentation, we'll discuss the myths vs. the realities on how: - Breaches happen - The rapidly growing cloud and SaaS adoption changes the game for defenders - Identity-driven security can help reduce the probability of a breach happening to your organization
Protecting What’s Left: Cloud Security in the Serverless Age
November 8, 2018

Protecting What’s Left: Cloud Security in the Serverless Age

Presentation by Edward Smith of Cloud Passage
Serverless architectures and FaaS services such as AWS Lambda make application development scalable, easy, and cheap. Plus, there’s no server to maintain or patch! But just because there’s no server doesn't mean there’s nothing to secure. Serverless services and their dependencies still need to be used and configured correctly, which is why it’s important to maintain security visibility into your serverless architecture. Join CloudPassage for an introduction on protecting serverless applications and underlying infrastructure and learn: - What a serverless application looks like from a security perspective - What threats, risks, and potential vulnerabilities could be leaving your organization exposed - Steps you can take to secure your serverless architecture
2018 Data Exposure Report
November 28, 2018

2018 Data Exposure Report

Presentation by Molly Quinlan, Market Research Manager, Code42
Are your C-suiters putting valuable company IP at risk through careless data practices? If they're like most business leaders, they are. Nearly three-quarters of CEOs admit they’ve taken IP, ideas, and data from a former employer, and 95 percent admit to keeping a copy of their work on a personal device. A new report from Code42 and Sapio Research raises startling concerns about the role of human emotions in risky data practices such as these. The Data Exposure Report includes feedback from nearly 1,700 security, IT and business leaders in the U.S. and Europe. Attend this webinar to learn about: - The ways business leaders and employees put data at risk - How lack of data visibility hampers the ability of IT departments to protect data - Strategies for keeping your valuable IP safe--whether you experience a data breach or not

Previously Recorded Cloudbytes

All Regions

Discovering a Competitive Advantage with ISO 27001 Certification
October 11, 2018

Discovering a Competitive Advantage with ISO 27001 Certification

Presentation by Jason Eubanks, CRISC, ISO 27001 Lead Auditor, Principal Consultant, Lockpath
Organizations with mature, enterprise-wide information security risk management programs enjoy a competitive advantage, thanks to ISO 27001 certification that signifies an international standard for safeguarding information. In this webinar, Lockpath's Jason Eubanks, a governance, risk management, and compliance (GRC) consultant and former ISO auditor, will share the business case for earning ISO 27001 certification and the critical role of technology in implementing a successful information security management system (ISMS). You'll learn: •Challenges and pitfalls with ISO 27001 certification •Tips on establishing and maturing an ISMS •Strategies for preparing and passing ISO audits •Technology's role in earning and maintaining certification Learn how ISO 27001 can give you a competitive advantage and strategies for earning certification. Register now to attend this educational webinar.
Crypto Conflagration and Securing the Cryptocurrency Ecosystem
October 4, 2018

Crypto Conflagration and Securing the Cryptocurrency Ecosystem

Presentation by Chris Wysopal, Co-Founder and Chief Technology Officer at CA Veracode
Not only do cryptocurrencies rely on blockchain for their security, but they also rely on an ecosystem of software that runs exchanges, wallets, smart contracts and more. This software ecosystem, as well as the infrastructure on which it runs are required to be secure. Whether you are a builder, investor, or consumer- this webinar will help you learn how to identify the vulnerable aspects of the software that powers the cryptocurrency ecosystem - and how to avoid them.
Past the Perimeter: Earned Access Through A Zero-Trust Model
September 27, 2018

Past the Perimeter: Earned Access Through A Zero-Trust Model

Presentation by Zoe Lindsey of Duo Security
Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter. Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check. The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.
Cloud–delivered Security: Why It’s Your Best Bet
September 20, 2018

Cloud–delivered Security: Why It’s Your Best Bet

Presentation by Greg Mayfield of Tenable
On-prem vs Cloud-based security? It’s an ongoing debate that SecOps teams face daily. With cloud adoption continuing to be a top business initiative, SecOps teams must adapt or risk falling behind. As most on-prem security tools don’t work in the cloud and suffer limitations, SecOps teams are faced with a myriad of new technologies and tools to implement to protect their critical assets. This can be overwhelming as numerous options abound. As the attack surface evolves and expands in the cloud, understanding the current state of assets and assessing their risk is an essential first step. Achieving continuous visibility and protection is then the following challenge. This webinar will discuss the opportunities and benefits that SecOps teams face by utilizing cloud-delivered security solutions vs. traditional on-prem solutions.
Can the Maturity of Your Cloud Security Strategy Make or Break Your Organization
September 13, 2018

Can the Maturity of Your Cloud Security Strategy Make or Break Your Organization

Presentation by Scott Hogrefe, VP of Marketing at Netskope, and Doug Cahill, Senior Analyst at ESG
New research from Enterprise Strategy Group and Netskope shows that there are business ramifications when it comes to your approach to cloud security. Join senior ESG cybersecurity analyst Doug Cahill and Netskope VP Marketing Scott Hogrefe for this webinar to get a deep dive into this research and understand how being a cloud "Discoverer," "Controler," or "Enabler" can make a difference for your organization and your career. What you'll learn by attending this webinar: - Find out if the risks from threats or data loss increase as you change your strategy - Understand the steps other organizations are taking to improve the maturity of their cloud security strategy - See how you compare to other organizations
Improving Cloud Hygiene
September 6, 2018

Improving Cloud Hygiene

Presentation by Scott Pack, Lead Cloud Security Engineer, and Dhwaj Agrawal, Computer Scientist at Adobe
As one of the first companies to commit wholly to the cloud, we have learned a lot about how to keep our security hygiene levels up even as we support rapid development and deployment cycles. Part of this effort is the development of an internal tool called MAVLink. MAVLink enables us to collect and analyze security data from our cloud infrastructure providers, provide context for application and log data sources, and collect evidence of security controls to make the best decisions possible in keeping Adobe and our customers safe from threats. This presentation will discuss… - Why we developed MAVLink - MAVLink's major capabilities - How MAVLink integrates with our cloud infrastructure providers including AWS and Microsoft Azure - How we are using MAVLinkto constantly improve our cloud hygiene We hope this information will be useful to you as you consider your own best practices and tooling around cloud applications. It will be a serverless cross-cloudy security adventure!
How Identity Fits Into a Security-First Approach
August 29, 2018

How Identity Fits Into a Security-First Approach

Presentation by Mark Bowker, Senior Analyst at Enterprise Strategy Group and Swaroop Sham, Senior Product Marketing Manager at Okta
Securing your workforce and users, in the cloud, and on the go can be difficult. A recent Enterprise Strategy Group (ESG) survey discovered that for nearly 75% of organizations, a username and password was the only barrier between a determined attacker and access to your critical resources. Identity Access Management (IAM) can help you drive a security-first approach with usability that your users love and authentication strategies that match your business needs. But IAM doesn’t always have a clear owner. Join this webinar featuring Enterprise Strategy Group, Senior Analyst, Mark Bowker, and Okta to discover how: - Adaptive multi-factor authentication (MFA) benefits your users and admins - Identity protects cloud and on prem applications - To go beyond MFA to manage secure access - Identity fits and integrates into your IT and Security stacks
Managing Top 6 Risks with Cloud Service Providers
August 21, 2018

Managing Top 6 Risks with Cloud Service Providers

Presentation by Cliff Turner, Senior Solutions Architect at CloudPassage
In this webinar, we'll cover the following... •Review top six risks with today’s cloud service providers. •We will analyze these risks, consider the business impact and show you how to proactively manage cloud risk by automating security for your cloud management accounts. •We will use the AWS CIS foundation benchmarks and the CIS Controls to guide our selection of examples for our discussion. •With a growing attack surface, it’s important to be aware of the risks associated with cloud technology in order to secure and manage it properly.
A Path to Achieving Network Security ZEN
August 14, 2018

A Path to Achieving Network Security ZEN

Presentation by Den Jones, Director – Enterprise Security, Adobe
Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. The need to use a certain username and password for some services while saving additional credentials for other services can contribute to a headache for both security pros and users. Is it even possible to balance security and enhancement of the overall user experience? Adobe believes this is possible. We want to help you achieve this balance by sharing our framework known as Project “ZEN.” Project ZEN at Adobe is an initiative based upon principles found in zero-trust frameworks. Since there is no “off-the-shelf” solution to fully deliver on these principles today, ZEN is an investment in pioneering technology and policies to make the path to a zero-trust network more efficient and attainable. In this session you will: (a) learn about the principles behind Adobe ZEN, (b) understand the Adobe experience so you can start your own journey by leveraging existing security technology investments and targeted automation technologies, and (c) explore common issues you might encounter along the journey, with guidance on overcoming those issues.
Next Step – Securing IaaS (AWS, Azure, GCP)
August 9, 2018

Next Step – Securing IaaS (AWS, Azure, GCP)

Presentation by Brandon Cook of McAfee
According to Gartner, the IaaS market grew at a blistering 42.8% in 2017 - twice as fast as SaaS. But, despite last year’s AWS data exposures at Verizon, the RNC, and Dow Jones, most cloud security projects focus on SaaS. We’ve worked with AWS and hundreds of IaaS security professionals to develop a tried and true practice specifically designed to protect IaaS environments and the applications and data within them. Join this session and discover: - Common yet preventable scenarios that result in the loss of corporate data from AWS, Azure and GCP - IaaS security best practices for: security configuration auditing, S3 data loss prevention operations, user and admin behavior monitoring, and threat prevention - Step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements - Recommendations for creating a successful DevOps workflow that integrates security
Extending Network Security Visibility into the Cloud
August 7, 2018

Extending Network Security Visibility into the Cloud

Presentation by Anner Kushnir, VP of Technology at AlgoSec
Enterprises are taking advantage of the economies of scale of cloud computing and migrating applications to public and private clouds. The new technology offers many advantages, but also requires taking a step back and evaluating whether existing network security tools and processes are relevant and effective in these new environments. To maintain their security posture, network security professionals need unified visibility and control as deployments spread to and across clouds. This is critical both to ensure that cloud payloads are protected against the growing number of attacks and breaches and also to satisfy regulatory compliance requirements such as PCI, HIPAA and NERC. In this webinar, Anner Kushnir, VP of Technology at AlgoSec, will share insights on the latest cloud security technologies and best practices for maintaining full-blown corporate security governance as enterprises deploy their applications in the cloud. Attendees will learn: •How to quickly bring enterprise network security best practices to cloud and hybrid deployments •How to gain full visibility into cloud network topology and filtering •Proactively uncover gaps in the compliance posture •How to ensure continuous compliance as part of policy change management
Eliminating Security Blind Spots in your AWS Environments
July 31, 2018

Eliminating Security Blind Spots in your AWS Environments

Presentation by Edward Smith of CloudPassage
As consumption of cloud services increases, security teams struggle to maintain visibility of the cloud assets in use across multiple environments throughout the enterprise. In fact, 43% of security pros say lack of visibility into cloud environments are their biggest operational headache. Cloud defenders struggle to answer two simple, but important questions: what do I have, and is it secure? The only way to answer these critical questions is with comprehensive security visibility of your AWS public cloud environments. Join us for this webinar to learn how to regain security visibility across all of your AWS accounts and how to: - Automatically discover all of your AWS assets in use across accounts, services, and regions - Reduce your attack surface by identifying and remediating security issues - Find and respond to hidden risks by assessing both the control plane and data plane
Reducing Risk in Public Cloud Environments
July 24, 2018

Reducing Risk in Public Cloud Environments

Presentation by Greg Mayfield, Director of Product Marketing, Tenable
As organizations adopt their multi-cloud and hybrid cloud strategies, continuous visibility and protection of these dynamic cloud workloads remains the #1 challenge for security teams. It’s essential to gain live visibility into AWS, Azure and Google Cloud Platform assets in order to continuously assess cloud infrastructure to detect vulnerabilities, malware and misconfigurations. This webinar will benefit SecOps teams by highlighting how they can obtain a unified view into cyber risk across their cloud environment to better prioritize response and mitigation. The discussion will highlight processes and tools to eliminate blind spots, secure cloud assets and applications and better integrate with CI/CD processes for fast and efficient remediation.
Avoiding the Dreaded DNS Hijack
July 12, 2018

Avoiding the Dreaded DNS Hijack

Presentation by Dhivya Chandramouleeswaran of Adobe
With increasing adoption of cloud services by organizations, there is unfortunately often an absence of decommissioning checks when such services are no longer in use. It is often up to developers and operations teams to properly clean them up. DNS records pointing to deleted cloud artifacts - not yet purged from name servers - create dangling DNS records. When these artifacts have the potential to be reclaimed by nefarious actors, organizations may become vulnerable to domain hijacking and subdomain takeover attacks. In this webinar, Dhivya will discuss: - How DNS hijacks differ from domain hijacks - Alternatives for identification of expired cloud artifacts - Attack mechanisms that may be used - Possible monitoring schemes and tools organizations can implement - Defensive measures to prevent dangling records and subdomain takeovers
A GDPR Compliance & Preparation Report Card
June 27, 2018

A GDPR Compliance & Preparation Report Card

Presentation by Neil Thacker, CISO, EMEA -- Netskope
With the General Data Protection Regulation (GDPR) now enforceable, organizations around the world have both interpreted and incorporated new and amended regulatory requirements into their security policies and programs. Join Neil Thacker, CISO, EMEA at Netskope for a discussion of our recent study with the Cloud Security Alliance on how organizations have prepared for meeting the requirements of the GDPR and what has been the initial impact on their businesses. Session topics will include: · Preparation for the GDPR including budget and personnel · Frameworks organizations are using to comply with the GDPR · Company demographics, challenging articles and convergence of security, data protection and privacy roles
User Behavior Study Screams the Need for Backup
June 26, 2018

User Behavior Study Screams the Need for Backup

Presentation by Aimee Simpson of Code42
Digital transformation efforts won’t be successful unless IT accounts for the human element: workforce behavior. What’s the relationship between endpoint devices and employee work habits? We dug into the data to find out. In a new research study, Code42 examined data storage behavior across more than 1,200 laptops to learn how users get their work done–what files they create, where they store them, and how they share and interact with their data. Watch the webinar to learn: - The results of the research study on user behavior - The user work styles we found consistent across all organizations - The types of files users put most at risk of loss, theft or breach - Best practices for mitigating the risk of digital transformation efforts
A Path to Achieving Network Security ZEN
June 21, 2018

A Path to Achieving Network Security ZEN

Presentation by Den Jones, Director – Enterprise Security, Adobe
Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. The need to use a certain username and password for some services while saving additional credentials for other services can contribute to a headache for both security pros and users. Is it even possible to balance security and enhancement of the overall user experience? Adobe believes this is possible. We want to help you achieve this balance by sharing our framework known as Project “ZEN.” Project ZEN at Adobe is an initiative based upon principles found in zero-trust frameworks. Since there is no “off-the-shelf” solution to fully deliver on these principles today, ZEN is an investment in pioneering technology and policies to make the path to a zero-trust network more efficient and attainable. In this session you will: (a) learn about the principles behind Adobe ZEN, (b) understand the Adobe experience so you can start your own journey by leveraging existing security technology investments and targeted automation technologies, and (c) explore common issues you might encounter along the journey, with guidance on overcoming those issues.
Taming the Cloud Together – CCSP & CCSK Cloud Certification Synergy
June 12, 2018

Taming the Cloud Together – CCSP & CCSK Cloud Certification Synergy

Presentation by David Shearer, CEO, (ISC)2; Jim Reavis, CEO, CSA; Kevin Jackson, GovCloudNetwork ; Rich Mogull, Securosis; B. Dunlap (Mod)
Certain things go together to make the sum of their parts that much better. Peanut Butter and Jelly. Lennon and McCartney. Batman and Robin. In the ever-changing world of the cloud, cyber security professionals need continuous training and certifications to stay up-to-speed and pairing (ISC)2’s CCSP (Certified Cloud Security Professional) with CSA’s CCSK (Certificate of Cloud Security Knowledge) can put any cyber security practitioner ahead in terms of knowledge, skills and job opportunities. On June 12, 2018 at 1:00PM Eastern, join David Shearer, (ISC)2’s CEO and Jim Reavis, CSA’s CEO, along with other subject matter expects as we explore the differences between each program, the training options available for each, and how these programs are synergistic in nature and together were designed to build on one another.
The Evolution of Zero Trust Security: Next Gen Access
June 7, 2018

The Evolution of Zero Trust Security: Next Gen Access

Presentation by Nick Fisher, Security Product Marketing at Okta
As breaches fill the headlines, more organizations are adopting a Zero Trust security model and its key principle of "never trust, always verify." Modern implementations of this model are focusing on "Next Gen Access," where identity and authentication can greatly enhance your security posture with less complexity than network-based solutions. Join Nick Fisher of Okta where we’ll discuss how companies today are having success taking a Zero Trust approach to security.
Secure DevOps: Application Security from Development Through Runtime
June 5, 2018

Secure DevOps: Application Security from Development Through Runtime

Presentation by Nathan Dyer of Tenable
DevOps has become a competitive advantage for organizations competing in the new digital era. Increased speed, rapid experimentation, and continuous change are now guiding operating tenants to win in this market. Unfortunately, cybersecurity has been largely absent in the DevOps conversation despite the growing risks and high profile breaches over the past several years. Cybersecurity must adapt to DevOps, not the other way around, to overcome challenges relating to speed, poor visibility, and limited resources. Join Tenable as we talk about new approaches to secure applications across the entire software development lifecycle with specific examples along the way.
3 Ways to Speed Up Your Incident Response Time
May 31, 2018

3 Ways to Speed Up Your Incident Response Time

Presentation by Abik Mitra of Code42
The pace of cyber attacks on business users is increasing, but the time it takes to detect and recover from them is taking longer. In this webinar, Code42's Abhik Mitra will explore the root cause of this divergence and offer three principles that, when applied, can reverse the trend. These incremental changes in process and technology are actionable by most security and IT teams and can dramatically accelerate incident response.
Wrangling Those Pesky 3rd-party Software Vulnerabilities
May 31, 2018

Wrangling Those Pesky 3rd-party Software Vulnerabilities

Presentation by Mayank Goyal, Sr. Security Researcher, Nishtha Behal, Security Researcher, Adobe
Like many large software companies, Adobe makes use of both open source and commercial off-the-shelf software components to deliver solutions to its customers. From time to time, as with any publicly available software, vulnerabilities may be uncovered that require resolution – creating a cascading challenge in assuring that any solution we have using those components is remediated quickly. To help solve this vexing problem, Adobe developed an in-house solution we call “TESSA.” This session will discuss how TESSA came about, how it is helping to both track and automate remediation of vulnerabilities, and how we integrate it into our software development lifecycle to help us react more quickly to industry vulnerabilities. We would also like to get your feedback during this session to determine if TESSA would be useful to the CSA community as an open source project.
LIVE Cyber Attack Simulation: A Crypto Crime in Action
May 23, 2018

LIVE Cyber Attack Simulation: A Crypto Crime in Action

Presentation by Hank Schless and Christian Lappin from Threat Stack
Crypto mining and cyber crime are at the top of the list for headline-grabbing attacks. Want to see how it’s actually done? The reality of what happens on a day-to-day basis is the breakdown of people and process. Join us on May 23rd for a live simulation of hackers bypassing security controls and executing a crypto mining attack. Watch how a security engineer is able to quickly identify the attack, and then learn the tips you can take home to improve your own security posture.
GDPR: Personal Data Protection Compliance is a Business Matter
May 22, 2018

GDPR: Personal Data Protection Compliance is a Business Matter

Presentation by Prof. Dr. Paolo Balboni, Business Lawyer and Partner at ICT Legal Consulting
Many companies approach compliance activities with the forthcoming European General Data Protection Regulation REGULATION (EU) 2016/679 as a purely legal matter. But this is a very shortsighted approach. Compliance with the GDPR is becoming a necessary business requirement. Only companies that will be able to reassure business partners and consumers regarding their alignment to the new EU Regulation will stay competitive in the digital market. Moreover, if performed in a strategic way, compliance with the GDPR enables businesses to process personal data in manifold ways and thus to extract meaningful information from them in order to better serve actual and future customers, as well as to improve efficiency. During the webinar Prof. Dr. Paolo Balboni (Business Lawyer, Partner at ICT Legal Consulting) will present a strategic approach to GDPR compliance aimed at mitigating the legal risk and maximising the benefits of data processing activities.
5 Steps to Boost Your Security Posture on AWS
May 15, 2018

5 Steps to Boost Your Security Posture on AWS

Presentation by Neelum Khan, Tajvia Willis, and ​Sudha Iyer from Netskope
Many customers have exposed their data in the cloud without proper security solutions. Securing data in the cloud to prevent exposures can present challenges to all enterprises. Despite the rapidly growing need for cloud-native visibility into behavior and activity across AWS environments, many companies are still in the beginning stages learning about best practices and security solutions for AWS. They want to know the best approach and how to get there. In this webinar, you will learn: - Common AWS security concerns - 5 steps you can take to boost your AWS security posture - How to implement these steps
How to Ace Type 2 SOC 2 with Zero Exceptions
May 8, 2018

How to Ace Type 2 SOC 2 with Zero Exceptions

Presentation by Pete Cheslock and Pat Cable of Threat Stack
Achieving Type 2 SOC 2 compliance with zero exceptions was no easy feat for Threat Stack. However, rather than implementing stringent security protocols at every point of production, they implemented and improved SecOps processes to make it happen. Learn how Threat Stack's Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable collaborated to make the SOC 2 journey a success as well as the innovations created along the way (including a Change Management tool called ‘SockemBot’). Join this webinar to learn more about: - The SockemBot, ticketing workflows, and other SOC 2 innovations - Developer-approved operational changes for code and ticket mapping - The SOC 2 business benefits get to reap now
The Road to GDPR Compliance: Tips from the Cloud Security Alliance and Dome9
May 3, 2018

The Road to GDPR Compliance: Tips from the Cloud Security Alliance and Dome9

Presentation by Daniele Catteddu of CSA and Marina Segal of Dome9 Security
General Data Protection Regulation (GDPR) is coming into effect on May 25, 2018. The requirements of GDPR are substantial and the penalties for non-compliance are severe. The new regulation will require companies across the globe to rethink how they store and handle customer data. Has your organization implemented the legal and technological controls required to comply? In this webinar, Daniele Catteddu, CTO of the Cloud Security Alliance (CSA) and Marina Segal, Lead Compliance Product Manager at Dome9, will discuss key challenges and best practices to address GDPR requirements. The webinar will cover compliance automation solutions available to help organizations achieve GDPR compliance and meet the May deadline. Topics we will cover: -Code of Conduct & Certification for GDPR Compliance -Where the most likely GDPR violations will occur -The impact of running workloads in the public cloud on GDPR -Best practices to simplify and speed up compliance
True Detective – Autopsy of latest O365 and AWS threats
April 25, 2018

True Detective – Autopsy of latest O365 and AWS threats

Presentation by Brandon Cook, Thyaga Vasudevan, and Sandeep Chandana of McAfee
How does your organization defend against the latest O365 and AWS threats including KnockKnock and Ghostwriter? Join CSA and McAfee to see an autopsy of two recent cloud threats: KnockKnock (O365) and Ghostwriter (AWS) uncovered CSA by our Cloud Threats Lab. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis and leveraging the “network effect”. Specifically, we will discuss how Information Security teams can: • Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data • Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and AWS • Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
Anatomy of a Cyber Security Breach: The Hero's Journey
April 11, 2018

Anatomy of a Cyber Security Breach: The Hero's Journey

Presentation by Sam Curry of Cybereason; Andrew Hammond and Red Curry of SSH Communications Security; Hector Monsegur of Rhino Security Labs
My mother was washing dishes in the kitchen when the glass window she was looking out shattered in front of her…she was OK but unfortunately my curve ball has never gotten better. The second law of thermodynamics dictates that you can't put together something that has fallen apart. There was no way I could put that shattered glass back together. The second law of thermodynamics applies to breaches. There is no way to go back once you have been breached. We will tell you what are the emerging threats, how to prepare, and how to proactively manage an ongoing breach. We will cover the following types of breaches: - Phishing Scams - Buffer Overflow - Password Hacking - Downloading Free Software - Fault Injection
Understanding the Status of ERP Security in the Cloud
March 21, 2018

Understanding the Status of ERP Security in the Cloud

Presentation by JP Perez-Etchegoyen of Onapsis and Shamun Mahmud of CSA
With ERP vendors reporting double-digit growth in cloud revenue year over year, many organizations are faced with the challenging task of planning a cloud migration of their most critical assets. Because these systems are typically more complex, and also house the organization's critical data and processes, special precautions must be taken when building a migration plan. During this webcast JP Perez-Etchegoyen, CTO of Onapsis Inc and Shamun Mahmud, Research Analyst at CSA, will present their key findings from the recently released white paper, "The State of Enterprise Resource Planning Security in the Cloud." Attendees will learn: - Security requirements of ERP and Business-Critical Applications - Cloud adoption trends - Challenges of migrating ERP solutions to the cloud - Common Security and privacy risks in cloud based ERP applications o SaaS ERP Applications o IaaS ERP Deployments o ERP extensions in PaaS cloud - Conclusions and key take-aways
How to Design Successful Internal Bug Hunts: Squashing Security Bugs on a Budget
March 19, 2018

How to Design Successful Internal Bug Hunts: Squashing Security Bugs on a Budget

Presentation by Pieter Ockers of Adobe
Far too often, testing software for security flaws falls into the “nice-to-have” category, taking a backseat to the demands of the marketplace and inflexible feature release schedules. In addition to the expense of hiring an outside security testing team, testing for and fixing obscure security bugs is a brake on an engineer’s ability to put new code in the hands of their customers. Fortunately, there is a workaround to this dilemma that will allow you to promote application security awareness while helping to reduce security bugs in your applications. An internal bug hunt contest - in which your employees compete for prizes by finding and reporting security bugs - enables you to harness the creativity and problem-solving skills of your workforce while reducing security bugs in your applications. It can also help promote a culture of security awareness - without a large security testing budget. An internal bug hunt contest can you help you: • Find and remediate vulnerabilities before external entities can exploit them • Provide a safe platform for your application owners to test for security bugs • Promote application security awareness • Engage employees outside of the central security team who want to explore the security domain In this webcast, you will learn how an internal bug bounty program can help you find security flaws in your applications before criminals or spies, while improving the security culture at your company.
CSA Summit at RSA Conference Preview
March 14, 2018

CSA Summit at RSA Conference Preview

Presentation by Jim Reavis of CSA,Wayne Anderson of McAfee, Deena Thomchick of Symantec, Jervis Hui of Netskope, and Chris Steffen of Cyxtera
Want to know what you can expect at this years CSA Summit at RSA Conference? Join this webinar to get a preview of several sessions including:  - Appetite for Destruction – The Cloud Edition Over the last two years, the multitude of data leaks and breaches in the cloud has skyrocketed. Many of these leaks are reminiscent of the past security lessons, and some show new attributes unique to our evolving computing environments. In this short talk, we’ll take a look at the past, and peer towards the prospective future being discussed during year’s summit.  - Cloud Security Journey Get a preview of how a major retailer solves the problem of security software chaos and fragmentation while addressing new security requirements. Get a real-world perspective on how they approached cloud security while addressing end-to-end compliance, data governance, and threat protection requirements.  - A GDPR-Compliance & Preparation Report Card With the impending May 2018 deadline for GDPR compliance, organizations worldwide need to account for the regulation in their security policies and programs. Join us for a preview of our recent study with the Cloud Security Alliance on how organizations are preparing for compliance.  - The Software-Defined Perimeter in Action Learn how organizations have taken CSA's Software-Defined Perimeter (SDP) from experimental to enterprise-grade. Join us for a preview of the valuable insights and hear best practices on how enterprises can make SDP adoption a reality that will be discussed at this year's summit.
Making Compliance Count
March 7, 2018

Making Compliance Count

Presentation by Dave Lenoe and Molly Junck at Adobe
It’s a brave new world, with bug bounties and crowd-sourced penetration tests now an up-and-coming way to augment security programs. But can you do the same with your compliance and certification programs? At Adobe, our security team has been working with our internal audit team and outside vendors to see if it’s possible – and the early returns are very encouraging! In this webinar you'll find out more about how you can leverage both internal and external security researchers to help with compliance efforts, while measuring your real-world security risk.
Are Your Containers Compliant?
February 28, 2018

Are Your Containers Compliant?

Presentation by Cliff Turner, Cloud Security Evangelist, CloudPassage
If we could call out two things that are growing in importance in 2018, it’s containers and compliance. Penalties for data breaches are on the rise, all the while organizations are under increasing pressure to expand their DevOps practices and increase their agility, which leads teams to turn to containers. And while containers usher in plenty of opportunities, they can lead to compliance headaches if they aren’t properly configured. Join us for this webinar for helpful tips and best practices on how to create a containerized environment that works with your compliance needs.
Defining the cloud-enabled branch: How cloud apps drive network transformation
February 13, 2018

Defining the cloud-enabled branch: How cloud apps drive network transformation

Presentation by Dan Shelton of Zscaler
Amazon, Azure and SaaS are already on everyone's mind. When your data center workloads move to cloud, is your corporate backhaul the most efficient way to get to the applications? The migration of applications from the data center to the cloud is forcing organizations to rethink their branch network and security architectures to enable local internet breakouts. What are the challenges of local breakouts and the hybrid branch? Join this webcast to discuss considerations for securely moving your branch workloads to the cloud to enable a better user experience, manage costs, and reduce risk.
Automating Security for Cloud Services
February 8, 2018

Automating Security for Cloud Services

Presentation by Peleus Uhley, Lead Security Strategist at Adobe
Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that have been successfully used to address each of those challenges.
ISO/IEC 19086: An Overview and Application
February 1, 2018

ISO/IEC 19086: An Overview and Application

Presentation by John Calhoon of Microsoft
In this webinar, we will take a look at ISO/IEC 19086 which is an international standard for cloud service level agreements (SLAs). Specifically, we’ll discuss the impetus for establishing the standard in the first place, the scope of the work, organization of the parts, key elements and putting the standard to work. 19086 does not prescribe a template for SLAs but rather provides elements to consider when negotiating and drafting SLAs. 19086 introduces Service Qualitative Objective (SQO) as a new term and we’ll discuss the relationship between SQOs and the more traditional SLO (Service Level Objective). We’ll also discuss the relationship between SLAs and cloud service agreements (CSA) and other documents that can be part of a CSA.
Data-driven Cybersecurity Defense for Organizations and their Ecosystems
January 25, 2018

Data-driven Cybersecurity Defense for Organizations and their Ecosystems

Presentation by Phil Marshall of Security ScoreCard
Many companies rely on staticpoint-in-time security assessments to measure the cybersecurity health of their enterprise and vendor ecosystem. This approach is quickly becoming obsolete in today’s dynamic cyber threat landscape, fraught with increasingly sophisticated adversaries deploying malicious tactics to compromise your data. Continuous data-driven monitoring of security in your organization and in every vendor organization with access to your IT infrastructure is the only strategy that will keep you one step ahead of the bad guys. This webinar will outline how you can gain an outside-in, data-driven view of the security posture of your IT infrastructure to: - Empower your team with granular analytics capabilities as well as comprehensive visibility of your network and system vulnerabilities -- all from a hacker’s perspective. - Enable your organization to monitor the the cybersecurity health of any third party/vendor organizations - Uncover predictive breach capabilities - Prioritize areas in which organizations can apply focus to meet regulatory compliance and standards requirements
Returning data control to users - the next frontier for cloud security research
January 22, 2018

Returning data control to users - the next frontier for cloud security research

Presentation by Ryan Ko, Associate Professor, University of Waikato
From the Uber data leakage incident to cases where photographs of young or vulnerable people are stolen and misused on inappropriate websites, there is a fundamental gap: the lack of users' control over their data once it is uploaded onto the Internet. This talk introduces some of the key challenges and scientific trends in returning data control to cloud users, and how STRATUS (https://stratus.org.nz), a 6-year NZD12.23 mil (incl. GST) MBIE-funded cloud security research project, is addressing these gaps. The talk will also cover some of the Cloud Security Alliance's contributions to the STRATUS project.
Introducing HubbleStack: a free, open source project to help automate compliance
January 17, 2018

Introducing HubbleStack: a free, open source project to help automate compliance

Presentation by Christer Edwards of Adobe
Organizations have difficulties handling security auditing and compliance that can be scaled across many teams with varying infrastructure. Adobe found themselves in the same situation and in need of a tool that could provide a window into the complexities of their infrastructure. As a result HubbleStack was developed -- a free open source project. Just like the Hubble telescope gives us a window into the complexities of our universe, HubbleStack gives a window into the complexities of your infrastructure. It includes components for information gathering, file integrity monitoring, auditing, and reporting. This webcast you learn: - Detail on the HubbleStack project - How Adobe has made use of it across all of its cloud services - How you can get and try out HubbleStack for yourself - How you can help us move HubbleStack forward - How you and others can contribute to the development of Hubblestack
Cutting through the Cloud Security Noise: 5 Must-have Architectural Requirements
January 11, 2018

Cutting through the Cloud Security Noise: 5 Must-have Architectural Requirements

Presentation by Steve House of Zscaler
The cloud and mobility have fundamentally changed the IT landscape. Both apps and users have left the network, however traditional security has struggled to keep pace. Developing a strong cloud security strategy is important to help restore visibility and reduce risk, but what is the best approach? While there are many opinions and perspectives, the best security strategy starts in the beginning with the proper architecture. Join this webcast to hear: - 5 key architectural requirements your cloud security strategy can’t live without. - What core building blocks you need to enable and secure your users and apps - Learn how leading enterprises are transforming their security to cloud Speaker Bio: Steve House is a seasoned Product Management leader with over 20 years of experience in the networking and security industries. During that time, he has worked for multiple market-leading organizations including Zscaler, Blue Coat Systems, Packeteer and CacheFlow where he has a consistent track record of helping them innovate and grow their market share. At Zscaler, Steve leads the Product Management team responsible for driving product strategy and execution. Steve’s goal is to help the company through its next phase of growth becoming the standard Internet security platform delivered as a service to any user on any device in any location. Steve holds a Bachelor of Science in Electrical Engineering from Duke University. For more questions about Zscaler, go to www.zscaler.com
Developing a Successful Secure Product Lifecycle (SPLC) Program
January 4, 2018

Developing a Successful Secure Product Lifecycle (SPLC) Program

Presentation by Julia Knecht and Taylor Lobb of Adobe
A secure product lifecycle (SPLC) is integral to ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams. In this webinar, Julia Knecht and Taylor Lobb – Managers, Security & Privacy Architecture at Adobe, will explain how a team of just two security pros helped roll out a successful SPLC program that has scaled to support thousands of engineers by leveraging automation and establishing security ambassadors (champions) within the product engineering teams. Defining security requirements and KPIs for engineering teams is just the first step in creating the SPLC. In order to make the design a reality for several products, thousands of engineers, and millions of lines of code, Adobe’s team was organized into an “as a service” model and utilized automation to scale to meet this demand. Establishing a strong security ambassador program helped ensure the success of the SPLC. The centralized ambassador network has been crucial to the success all product security initiatives throughout the business unit. You’ll walk away with on-the-ground knowledge you can use to establish an effective SPLC in your own organization by establishing and utilizing security ambassadors and providing seamless automation to support these key initiatives.
Top 10 Public Cloud Security Recommendations
December 14, 2017

Top 10 Public Cloud Security Recommendations

Presentation by Matt Keil of Palo Alto Networks
Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.
Exploring CSA’s Cloud Controls Matrix (CCM) for Cloud Security
December 7, 2017

Exploring CSA’s Cloud Controls Matrix (CCM) for Cloud Security

Presentation by Neha Thethi, BH Consulting
As a cloud customer, vendor, security auditor or regulator, you may have been involved with ensuring security in the cloud. Although numerous standards, regulations, and controls frameworks exist to ensure compliance with security best practices, a harmonized and cloud-focused guidance can be quite valuable. In this webinar, we will explore how the CSA Cloud Controls Matrix (CCM) framework provides organizations with such a harmonized guidance and needed structure relating to information security tailored to the cloud industry. We will also discuss how the CCM addresses assurance of legal and interoperability aspects of the cloud.
5 Steps to Prevent AWS Data Exposures
December 6, 2017

5 Steps to Prevent AWS Data Exposures

Presentation by Brandon Cook and Anant Mahajan of Skyhigh
Amazon Web Services has strong security features, but customer misconfigurations have led to a series of very public data exposures over the last few months from Verizon, Dow Jones, Accenture, and Patient Home Monitoring. And now, we are seeing different misconfigurations leading to a new AWS exposure, dubbed GhostWriter, whereby third parties can alter content in S3 buckets, enabling bad actors to use the exposure to conduct MITM phishing and malware attacks. In this webinar, we will outline the proven steps you can take to prevent AWS data exposures, including a Skyhigh Security Cloud demo of: •Auditing AWS to identify and correct unsecure/noncompliant configurations •Preventing employee access to 3rd party GhostWriter-exposed S3 Buckets •Detecting compromised accounts and malicious insiders working with AWS About the speakers: Brandon Cook, VP, Marketing Brandon Cook leads the product marketing team at Skyhigh Networks and has over a decade of experience in the tech industry identifying and developing new markets. Prior to Skyhigh, Brandon worked at Sequoia Capital, Symantec, Clearwell (acquired by Symantec), and IBM. As a regular contributor to the Cloud Security Alliance (CSA) events and blogs and author of the quarterly Cloud Adoption and Risk Report, he has expertise in "shadow IT", cloud security, cloud governance, and cloud regulatory compliance. Brandon holds a B.S. in Economics from Duke University. Anant Mahajan, Senior Product Manager As a senior product manager, Anant Mahajan heads up Skyhigh’s IaaS product for AWS, Azure and Google Cloud. Prior to Skyhigh Networks, Anant led Druva’s Governance product offerings and has a successful track record of driving product innovation in the Cloud Security, Data Protection, eDiscovery and Compliance space. Anant is a software engineer by training and holds an MBA from Imperial College London.
Cloud Security for Startups - From A to E(xit)
November 23, 2017

Cloud Security for Startups - From A to E(xit)

Presentation by Moshe Ferber of CSA Israel and Shahar Maor of Outbrain
Cloud computing perform amazing things for startups, providing young companies with access to enterprise grade infrastructure . But also act as a double edge sword. Lack of proper security controls can lead to multiple challenges varying from longer sales cycles to losing customers & investors trust. The Cloud Security Alliance identified those unique challenges and developed a cloud security for startups guidelines. In the upcoming webinar, the guidelines co-authors will explain the 3 phases security strategy that is recommended for your cloud based startups.
Security Anthropology: How Do Organizations Differ?
November 16, 2017

Security Anthropology: How Do Organizations Differ?

Presentation by Wendy Nather with Duo Security
When planning a go-to-market strategy, it’s common practice to build detailed marketing and sales personas for key security individuals such as the CISO, the IT administrator, the developer, and the end user. Each of these roles has different needs and priorities when considering a security tool, and sales strategy recognizes the need to address each of them. Organizations have different types of business drivers, priorities, constraints, and capabilities as well: for example, an 80-year-old manufacturing company may not care what cute new IoT ideas you might have. These organizational personas must be considered when searching out peers for benchmarking. Security decisions made only by looking at other companies in the same industry doesn’t provide enough data, because there are many other variables that come into play. Building a security anthropology model for comparing organizations provides more context to better design products and services to align with their needs, while helping the security community speak the language of the users it’s serving. Join us for a discussion on how we can excavate a better approach with Wendy Nather, Principal Security Strategist at Duo Security. SPEAKER INFO: Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
Protecting Corporate Data When an Employee Leaves
November 2, 2017

Protecting Corporate Data When an Employee Leaves

Presentation by Michael Osterman of Osterman Research and Drew Neilson of Druva
Employees leave organizations each year, but did your sensitive data leave with them? Osterman Research found that 39% of companies are not sure that they have recovered all corporate data assets, posing a significant risk in terms of data breach, regulatory and compliance implications, while leaving IT trying to locate and contain sensitive information. This presentation with Michael Osterman, president of Osterman Research, as he shares new research, and Drew Nielsen, Director of Enterprise Security, Druva. Key learnings include: * Understanding your organization's data vulnerabilities for data exfiltration * Recommended technologies, policies, and procedures to protect critical information * Preparation that can save IT time from potential audits, investigations or litigation
CISO Challenges with Cloud Computing
October 31, 2017

CISO Challenges with Cloud Computing

Presentation by Moshe Ferber of CSA Israel
Cloud computing provides companies with unprecedented access to robust, scalable infrastructure, but on the other hand, cloud adoption is accompanied with various challenges for security professionals. In this presentation, we will examine cloud security challenges according to based on the different cloud services out there, review the current trends and discuss cloud strategies based on market sector.
Market State of Cloud Security
October 24, 2017

Market State of Cloud Security

Presentation by Nick Mendez of Optiv
Optiv will be sharing their insights on the market state of cloud security and how enterprises should bolster their security programs for the evolution of cloud. We will cover what we see in the field from the cloud security maturity state of most organizations to the IaaS/PaaS security trends that will impact your cloud deployment plans. At the end of this webinar, you will learn how you can accelerate cloud deployments securely so you gain a competitive edge in today’s market.
CASB 2.0: The Next Frontier for CASB
October 17, 2017

CASB 2.0: The Next Frontier for CASB

Presentation by Deena Thomchick of Symantec
The rapid adoption of cloud applications and services has fueled the need for new security solutions, such as Cloud Access Security Brokers (CASBs). But how do these systems weave into your overall security infrastructure? There are many intersections to consider, such as DLP, Advanced Malware Protection, Web Security and Endpoint where organizations are navigating how to best integrate cloud security into their environment. This talk will explore this next frontier of CASB solutions.
Securing the Open Enterprise - API Security Threats, Risks and Solutions
October 10, 2017

Securing the Open Enterprise - API Security Threats, Risks and Solutions

Presentation by Ron Speed of TrustedImpact
Enterprises around the globe are rapidly opening up their back-end systems and databases to the outside world using APIs. Drivers for doing this include everything from improving customer service, to monetizing corporate information assets and meeting regulatory requirements. For businesses and systems, however, that were never designed to be opened up to the outside world, APIs can expose them to a whole new range of major security threats and attacks. This webinar will examine this important and growing industry trend from a vendor-agnostic perspective, including: - What are the emerging threats and risks with APIs? - What API security controls and practices should be considered and how can cloud-based solutions assist? - What to look for when evaluating API security solutions? About Ron Ron, an IT risk, security and compliance executive, has 20+ years experience in international leadership roles, including Big 4 consulting and financial services. He specializes in “building bridges” between business and IT and working strategically with organizations looking to securely adopt new and emerging technologies, such as cloud, mobility, APIs, big data and IoT. Ron’s a recognized thought leader in such areas as cloud risk management and Fintech / blockchain security.
Internal Bug Hunts: Squashing Security Bugs on a Budget
September 19, 2017

Internal Bug Hunts: Squashing Security Bugs on a Budget

Presentation by Pieter Ockers - Sr Program Manager at Adobe
Far too often, testing software for security flaws falls into the “nice-to-have” category, taking a backseat to the demands of the marketplace and inflexible feature release schedules. In addition to the expense of hiring an outside security testing team, testing for and fixing obscure security bugs is a brake on an engineer’s ability to put new code in the hands of their customers. Fortunately, there is a workaround to this dilemma that will allow you to promote application security awareness while helping to reduce security bugs in your applications. An internal bug hunt contest - in which your employees compete for prizes by finding and reporting security bugs - enables you to harness the creativity and problem-solving skills of your workforce while reducing security bugs in your applications. It can also help promote a culture of security awareness - without a large security testing budget. An internal bug hunt contest can you help you: • Find and remediate vulnerabilities before external entities can exploit them • Provide a safe platform for your application owners to test for security bugs • Promote application security awareness • Engage employees outside of the central security team who want to explore the security domain In this webcast, you will learn how an internal bug bounty program can help you find security flaws in your applications before criminals or spies, while improving the security culture at your company.
Challenges in Data Privacy
September 14, 2017

Challenges in Data Privacy

Presentation by Craig Scoon, Consultant in the Risk Advisory Service at Deloitte
There are many challenges for data privacy legislation within a boundary-less cloud computing and World Wide Web environment. Despite its importance, there is limited research around data privacy law gaps and alignment, and the legal side of the security ecosystem seems to constantly be playing catch-up. This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz),
State of Cloud Adoption in Asia Pacific (APAC)
September 13, 2017

State of Cloud Adoption in Asia Pacific (APAC)

Presentation by Ekta Mishra, Research Analyst of CSA and David Siah, Country Manager of TrendMicro Singapore
Cloud as the enabler of Internet of Things (IoT) and data analytics, the incorporation of cloud computing is critical for the successful implementation of these leading-edge technologies. Countries and organizations moving towards Industry 4.0 are highly dependent on cloud computing, as it is the basis for this revolutionary transition. However, complications and confusion arising from regulations (or lack thereof) surrounding cloud usage hinder cloud adoption. During this webcast, we will discuss some of the findings from the CSA “State of Cloud Adoption in Asia Pacific (APAC) 2017” report and examine the availability and affordability of cloud computing in the APAC region.
Privacy Level Agreement Code of Conduct for CSPs: a compliance tool for GDPR
August 17, 2017

Privacy Level Agreement Code of Conduct for CSPs: a compliance tool for GDPR

Presentation by Nicola Franchetto of ICT Legal Consulting
Nicola Franchetto will discuss in a practical and business oriented way, the new provisions of the GDPR and how the PLA Code of Conduct supports compliance with the forthcoming EU Data Protection Legislation. More precisely, Franchetto will highlight the true privacy compliance “game changers” introduced by the GDPR and offer the audience practical inputs on how to set up a sound and effective corporate Data Protection Compliance Programme, which will also include having a PLA in place with Cloud Service Providers.
Backup & Recovery: Your Get out of Ransomware Free Card
August 9, 2017

Backup & Recovery: Your Get out of Ransomware Free Card

Presentation by Andrew Nielsen, Chief Trust Officer of Druva and Jim Reavis, CEO of CSA
Ransomware has become a major concern for organizations around the globe. The U.S. Department of Justice reports that an average of 4,000 ransomware attacks occur daily. These ransomware attacks aren’t just targeting laptops and other end-user devices either. Servers are equally at risk of ransomware attacks as well. There’s good news though - your backup data can be difference between being held hostage and easily recovering from an attack. Join security experts, Andrew Nielsen, Chief Trust Officer from Druva and Jim Reavis, CEO of Cloud Security Alliance to learn: ●The top vulnerabilities exploited for endpoints and servers ●Proactive strategies to protect data before a malicious attack occurs ●How to avoid paying the ransom by leveraging your backup data All registrants will receive a free copy of Druva’s Annual Ransomware Report: 2017 Survey. About the speaker.... Andrew (aka Drew) has more than 15 years of experience in information security, primarily focused on security architecture and product definition. At Druva, Drew is responsible for defining the security and compliance direction of products and services, and his background in both the private and public sectors gives him unique perspective on current and emerging security trends. Prior to Druva, Drew held various security architecture and product roles at FireEye, Hitachi Data Systems, Silicon Valley Bank, and Raytheon.
"Cloud-First" Ransomware - A Technical Analysis
July 27, 2017

"Cloud-First" Ransomware - A Technical Analysis

Presentation by Bob Gilbert and Sean Hittel of Netskope
Cloud services have emerged as the preferred attack vector of some of the most dangerous and innovative cloud malware exploits of the past six months. Why?  Because many organizations don't inspect their cloud SSL traffic for malware and the same functionalities of the cloud dramatically increase productivity (sync, share, collaborate, etc) also provide ransomware developers with a perfect medium for faster delivery of malware payloads to more targets. Join Netskope chief evangelist, Bob Gilbert, and Threat Detection Engineer, Sean Hittel, for a fascinating look at how malicious actors now design ransomware to make best use of popular cloud services to hide in plain sight, and do more damage in less time.    Bob and Sean will provide technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs and how to defend against them.  These include:   • Virlock, which encrypts files and also infects them, making it a polymorphic file infector  • CloudFanta, which uses the SugarSync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities • CloudSquirrel, which takes advantage of multiple cloud apps throughout the ransomware kill chain with the intent to steal and exfiltrate user data • The Zepto variant of Locky ransomware, now distributed both by popular cloud storage apps and via DLL
Cloud Services and Encryption: Facts, Myths, Perceptions
July 19, 2017

Cloud Services and Encryption: Facts, Myths, Perceptions

Presentation by Paul Rich of Microsoft
Encryption and terms like "BYOK" have surged to the forefront of cloud service discussions. Both security and compliance stakeholders express great interest in encryption and its apparent promises. However, the expectations built upon encryption and control of encryption keys are often founded on assumptions that fail under scrutiny. In this session we will examine the top myths of cloud encryption and look at factors that have contributed to the growing misperceptions. We will also examine regulatory and legal pressures that impact encryption in this this fascinating and evolving area of cloud services and data privacy. Key takeaways: - The fact and fiction in myths about cloud encryption - The importance of thinking of encryption within legal frameworks - How to spot encryption snake oil
How and Why to Build an Insider Threat Program
June 20, 2017

How and Why to Build an Insider Threat Program

Presentation by Jadee Hanson of Code42
Jadee Hanson, Director of Security at Code42, provides a behind-the-scenes look at what it's really like to run an insider threat program -- a program in which you can take steps to prevent employees from leaking, exfiltrating, and exposing company information. This webinar will provide cloud security professionals with insider threat examples (and why you should care), recommendations for how to get buy-in from key stakeholders, and lessons learned from someone who has experienced it firsthand. About the speaker: Jadee Hanson, CISSP, CISA, is a security professional with more than 13 years of experience. Jadee’s passion for security was born out of a computer science internship and developed into a profession with her first role at Deloitte. After 5 years and a lot of travel, Jadee’s consulting experience led her to Target Corp. where she spent 8 years on its security team, building many of the security programs and functions that exist today. Currently, Jadee is the Director of Security at Code42. In addition to her day job, Jadee is also the founder and CEO of a nonprofit, Building Without Borders.
Security Automation Strategies for Cloud Services
June 15, 2017

Security Automation Strategies for Cloud Services

Presentation by Peleus Uhley of Adobe
Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that can be used to address each of those challenges. About the speaker: Peleus Uhley has been a part of the security industry for more than 15 years. As the Lead Security Strategist at Adobe, he assists the company with proactive and reactive security. Prior to joining Adobe, Peleus was a senior developer at Anonymizer, and a security consultant for @stake and Symantec.
4 Lessons IT Pros Have Learned From Managing ​Outdated Endpoint Backup
June 13, 2017

4 Lessons IT Pros Have Learned From Managing ​Outdated Endpoint Backup

Presentation by Aimee Simpson of Code42, Shawn Donovan of F5 Networks, and Kurt Levitan of Harvard University
Today's organizations face complex challenges as a result of exponential data growth and rapidly evolving ​cyberthreats. Furthermore, as companies move to cloud, it's inevitable that technologies will need to be replaced -- and what may have worked five years ago is no longer a viable solution for today's mobile workforce. In this session, you'll hear​ from IT professionals at F5 Networks and Harvard University, as well as​ a Code42 expert​ as they ​discuss: - Why all endpoint backup isn't created equally - How outdated or insufficient backup solutions leave you with gaps ​that put user data at risk - ​​What technical capabilities you should ​look for in your next ​backup solution About the speakers: Aimee Simpson is a Solutions Marketing Manager at Code42 where she helps internal audiences understand what’s happening in the category and influences product decisions through customer and market research. She has always worked in the technology industry, having launched her career at the data storage company Compellent Technologies. Shawn Donovan is a Windows System Engineer at F5 Networks where he works with a variety of Microsoft enterprise technologies as well as other products such as Cisco Ironport and Code42 backup solution. Kurt Levitan is a Technical Architect at Harvard University where he is responsible for designing and implementing technology solutions, and leading a team of system administrators who provide endpoint management services for the university
How Financial Services can Leverage the Cloud Securely to Drive Business
May 25, 2017

How Financial Services can Leverage the Cloud Securely to Drive Business

Presentation by Miguel Ramos of Forcepoint
Though one of the most mature industries in cybersecurity, the Financial Services industry has seen some of the largest explosion of innovation and technology. While startups and innovators are focused on speed to market and leveraging cloud infrastructure and cloud platforms as a service, the need for security in financial technologies is paramount. In this session, Miguel Ramos will use case studies and his experience to outline key steps that can be taken to secure financial technology innovators, and explain how traditional, cloud and potentially even blockchain technologies can be used by corporations to ensure the security they need to drive business forward.
You can stop shaking if you follow this plan for securing your data
May 17, 2017

You can stop shaking if you follow this plan for securing your data

Presentation by Terence Spies of HPE Security-Data Security and Rich Mogull of Securosis
Data security has a tendency to be intimidating for organizations, users and implementers. Organizations see the value but the challenges of applying a data security solution. Wouldn’t it be great if there were solutions that took the guesswork out of data protection and key management? In today’s data driven environment, there are strategies and technologies to protect data that do not have to be the high-risk propositions feared by organizations, users and implementers - IT professionals. By thinking of data security and key management as data t protection enablers instead of obstacles, you can easily protect data across the infrastructure and beyond. Data security and key management need to interact with the data and the users in a seamless way that doesn’t disrupt their processes or destroy the characteristics of the data. During this webcast we will discuss some of the findings from the CSA Security Guidance v4 report and how data-centric security can help mitigate and manage many of the risks. Think of security as an enabler instead of an obstacle for cloud adoption.
Overcoming the Challenges of Securing Hybrid Enterprises
April 13, 2017

Overcoming the Challenges of Securing Hybrid Enterprises

Presentation by Cryptzone
It’s become clear that organizations need to overcome the challenges of securing hybrid enterprises. Hybrid IT spans platforms, tenancy and locations, which when using traditional solutions often results in a fractured security architecture without a centralized single policy, view or enforcement point. With this shift to hybrid, organizations need to embrace CSA’s Software-Defined Perimeter (SDP) specification to enable a new, transformational approach. Using SDP results in precise network security, automated network policies, reduced compliance effort and reduced attack surface. In this session, we’ll summarize the progress that’s been made with the CSA’s Software-Defined Perimeter (SDP) specification over the past two years, and show how and why an SDP approach enables organizations to overcome the challenges of securing hybrid environments. We’ll conclude this session with a case study, showing real-world benefits achieved by enterprises that have deployed an SDP architecture.
Leveraging the Power of Threat Intelligence
March 15, 2017

Leveraging the Power of Threat Intelligence

Presentation by Ray Pompon and Sara Boddy of F5
It's becoming impossible for cyber security to keep up with paradigm-changing technological advancements which provide fertile new hunting ground for the more sophisticated cyber-criminals. You can't enumerate all possible attacks while calculating probabilities and impacts for each. We need to narrow things down. But when we reach for data, we drown in reports, dashboards, and alerts. We don't need more undigested data. We need answers. Enter threat intelligence. Useful threat intelligence is not data feeds of indicators without context, but interpretation that boils things down to provide recommendations so you can operate safely in the new Internet age. Threat intelligence demystifies the swarm of noise and connects the dots into threads that demystify what is really going on. We'll look at what good, actionable threat intelligence looks like and how you can use it to neutralize potential attacks before they strike. We'll look deeper at the threats against and originating from cloud platforms.
BrightTALK at RSA - John DiMaria: GDPR, Critical Infrastructure & IoT Security
March 6, 2017

BrightTALK at RSA - John DiMaria: GDPR, Critical Infrastructure & IoT Security

Presentation by John DiMaria, Global Product Champion for Information Security & Business Continuity at BSI Group
Join this in-depth interview at RSA Conference with John DiMaria, Global Product Champion for Information Security & Business Continuity at BSI Group. Viewers will learn John's insights around: - Preparing for GDPR - Challenges for the new U.S. administration - Protecting our critical infrastructure - Protecting the IoT: personal accountability, product certifications, regulation - The threat landscape - The importance of security awareness training
Fighting the ‘Gap of Grief’ With Business-Driven Security
March 1, 2017

Fighting the ‘Gap of Grief’ With Business-Driven Security

Presentation by Peter Beardmore of RSA
Defending against human ingenuity demands a new way of thinking. With countless dollars spent and infinite alerts you still don’t have a true picture of what is going on. So when a breach happens, can you answer THE question: “How bad is it?” The inability to do so is what RSA calls the “gap of grief.” To answer, you must connect your security strategy and business risks. RSA’s cybersecurity expert, Peter Beardmore, will provide perspective on this important issue during this pointed webcast designed to help security leaders: - Learn how to garner the right visibility, in the right context to defend what matters most – and fast; - Discover the 6 steps to take command of your evolving security posture in this uncertain, high risk world; and, - Find out what it takes to link your security strategy with your business priorities.
Which CASB Deployment Mode is Right for Me?
January 19, 2017

Which CASB Deployment Mode is Right for Me?

Presentation by Srini Gurrapu and Brandon Cook of Skyhigh
When kicking off a cloud security project, you'll quickly discover that there are multiple deployment options for a cloud access security broker (CASB) – Log Collection, API, Reverse Proxy, and Forward Proxy – delivered via the cloud, on-premises, or hybrid - and with or without agents. But which CASB deployment mode is right for your organization? It depends on which use cases you need to support across which users and devices. In this webinar we’ll share an objective overview of the use cases each CASB deployment option supports. Just as importantly, we’ll detail which use cases each deployment mode does not support and provide case studies explaining how companies like Aetna, AstraZeneca and Western Union leveraged various deployment architectures to cover all their key use cases (visibility, compliance, data security, and threat protection) across O365, Salesforce, Box, and Shadow IT. Speakers: Srini Gurrapu – VP, Solutions Strategy Srini Gurrapu is the VP, Solutions Strategy at Skyhigh Networks, with 20 years of experience in networking, security, virtualization, mobile and cloud security markets. Srini's primary forte is building trusting advisory relationships with customers and delivering innovative solutions that make customers successful in their strategic initiatives. Brandon Cook – Sr. Director, Marketing, Skyhigh Networks Brandon leads the marketing team at Skyhigh Networks and has over a decade of experience in the tech industry identifying and developing new markets. As a regular contributor to the Cloud Security Alliance (CSA) events and blogs and author of the quarterly Cloud Adoption and Risk Report, he has expertise in “shadow IT”, cloud security, cloud governance, and cloud regulatory compliance.
Cloud First, Now What?
January 17, 2017

Cloud First, Now What?

Presentation by Palo Alto Networks
Your executive staff has made a strategic decision to move to the cloud, and your team has the seemingly monumental task of executing on this new direction. The journey to the cloud introduces many unknowns, the least of which is determining the applications and data, including precious customer information, that belong in the cloud. Yet your knowledge is limited and you have little time to immerse yourself in this vast topic. Join us for the the Cloud First, Now What? webinar hosted by Cloud Security Alliance and sponsored by Palo Alto Networks. In this webinar, we will walk through the process by which your company should implement a cloud first strategy. •How to get started •Key players and their responsibilities •Steps involved in continuous improvement
The 2017 Cyberthreat Landscape
December 14, 2016

The 2017 Cyberthreat Landscape

Presentation by Leo Taddeo, Chief Security Officer, Cryptzone
2016 was record-setting … and threats aren’t likely to subside in 2017. Let’s reflect on what happened this year and learn about emerging threat landscape trends. A solid understanding of the threat landscape will help you better formulate your defensive strategy and prioritize security initiatives for 2017 and beyond. This webinar will feature Leo Taddeo, who is uniquely qualified to present his thoughts on the ever-changing threat landscape. Currently Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, software-defined perimeter based security solutions, Leo is former Special Agent in Charge of the Special Operation/Cyber Division of the FBI’s New York office. Leo is a frequent cybersecurity source for business, IT security and global news outlets, such as: Bloomberg, CNBC, CSO Online, Dark Reading, Fortune, New York Times, Washington Post and more. Join the discussion on December 14th!
SIEM for the Cloud? The Essentials You Need to Know
December 6, 2016

SIEM for the Cloud? The Essentials You Need to Know

Presentation by Chris Collard and Mark Campbell of IBM Security
A cloud-delivered security intelligence platform can help you make sense out of the mountains of data collected from your expanded perimeter of cloud workloads and assets. However, it’s easy to get buried in a data avalanche. Join us as we discuss the essentials for making sense out of cloud data and keeping your workloads secure using Security Information and Event Management delivered from the cloud. Speakers: Chris Collard Chris is an information security professional with over 15 years of experience managing information systems and services. He is a Certified Information Systems Security Professional (CISSP) and holds a Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance. He is Offering Manager for QRadar on Cloud. Mark Campbell Mark is the Cloud Security Portfolio Manager for IBM Security. He is a cloud and IT security veteran with more than 15 years of helping clients to adopt security and cloud technologies.
Future Proofing the Connected World - 13 Steps to Developing Secure IoT Product
November 29, 2016

Future Proofing the Connected World - 13 Steps to Developing Secure IoT Product

Presentation by Brian Russell, Drew Van Duren, Steven Markey, Ron Del Rosario; and Elizabeth Lawler
The CSA IoT Working Group released guidance in October 2016 focused on providing IoT product developers with recommendations for securing their products. This panel discussion will explore different perspectives on how the guidance can best be used by organizations seeking to secure IoT products. We will also discuss how to prioritize your security engineering efforts based on schedule and funding constraints. Speakers: Steven Markey, nControl LLC Brian Russell, Leidos Drew Van Duren, Security Innovation Ron Del Rosario, Five9 Elizabeth Lawler, CEO Conjur
CSA SDP for IaaS Initiative: Research Preview
November 15, 2016

CSA SDP for IaaS Initiative: Research Preview

Presentation by Jason Garbis of Cryptzone and Puneet Thapliyal of TrustedPassage
Since March 2016, when the CSA launched this new Software-Defined Perimeter for IaaS initiative, more and more organizations have embraced the Software-Defined Perimeter model and are benefitting from the seamless protection it offers, whether on-premises or in the cloud. SDP can better protect IaaS services for Enterprise usage, and deliver uniform and seamless protection of on-premises and IaaS resources, enabling cost savings and agility, and a more dynamic infrastructure. In this webinar, the leaders of the SDP-for-IaaS initiative will provide a preview of the forthcoming research and use cases that this working group has developed. This research focuses on how SDP can uniquely address security, compliance, IT administration and management challenges for cloud service providers and enterprises alike. If you’d like to hear more about securing your IaaS workloads, you’ll want to attend!
Conducting Security Investigations in Minutes (or Less)
November 8, 2016

Conducting Security Investigations in Minutes (or Less)

Presentation by Doron Shiloach, Senior Product Manager at IBM
Learn how to use threat intelligence to shorten investigation time and improve security decision making. From the right content to the best delivery format, learn the top considerations for picking a threat intelligence source and making it work with your security practice. Join the session to learn how to make the most of threat intelligence, what to look for in a threat intelligence feed, and best practices for integrating feeds into your existing solutions.
Developing a Proactive Approach to GDPR Compliance
November 3, 2016

Developing a Proactive Approach to GDPR Compliance

Presentation by Yael Nishry and Doug Lane of Vaultive
As the May 25, 2018 deadline for compliance with the new General Data Protection Regulation (GDPR) rapidly approaches, enterprise IT organizations must implement a cloud data security strategy that supports compliance and minimizes their organization’s exposure to new breach notification requirements and financial penalties as high as 20 million Euros or 4 percent of total annual turnover. Yael Nishry and Doug Lane from the Vaultive team have extensive backgrounds in risk management and enterprise security technologies. Join them for this event as they discuss what organizations should be doing to prepare for this new regulation. During this webinar you'll learn: · The key cloud data security takeaways from GDPR · What steps can you take to mitigate risk and reduce the notifications required in the event of a data breach · The challenges of data transfers under the new regulation and how to overcome them · What is the role and expectation of your cloud provider when it comes to GDPR · How your company can enforce best-practice segregation of duties between your data and the cloud service provider processing it
Defeating the Insider Threat:  Don't Have Your Head in the Clouds
October 19, 2016

Defeating the Insider Threat: Don't Have Your Head in the Clouds

Presentation by Evelyn De Souza and Mary Beth Borgwing
Everything we know about defeating the Insider Threat seems not be solving the problem. That's why the Cloud Security Alliance with special commentary from LemonFish Technologies undertook new research to understand the extent of this issue. Join the Cloud Security Alliance Strategy Advisor, Evelyn de Souza, Mary Beth Borgwing, President of LemonFish Technologies... -Uncover the extent of insider threats -Learn what happens to data after its being exfiltrated -Tools to mitigate insider threats going forward.
IT Security & Privacy Governance in the Cloud
October 18, 2016

IT Security & Privacy Governance in the Cloud

Presentation by Moderated by Rebecca Herold, The Privacy Professor; Jacqueline Cooney, BAH, Daniel Catteddu, CSA, Chris Griffith from HPE
After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud. While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
Working the Numbers: Learn How to Make the Case for a CASB
October 13, 2016

Working the Numbers: Learn How to Make the Case for a CASB

Presentation by Palerra
58% of security professionals expect their budgets to stay the same next year. If you’re like them, you’re trying to secure a growing number of cloud services and infrastructure without a bigger budget. What do you do? Make a bulletproof business case for a Cloud Access Security Broker (CASB). In this webinar you'll learn: -How to demonstrate the financial exposure of not having a CASB -How to align cloud security spending with business objectives -How to demonstrate savings in cyber security expertise through automation
20 Months to a New Global Data Privacy Law – What You Need To Do
October 11, 2016

20 Months to a New Global Data Privacy Law – What You Need To Do

Presentation by Nigel Hawthorn of Skyhigh
The GDPR Covers Anyone with Data on European Residents In May 2018, a new data privacy law comes into effect and any organisation with data on the 500+ million citizens of the European Union (EU) has to comply. Fines can be up to 4% of revenue, mandatory data loss notification to regulators and users comes into force, and class action lawsuits will land on the desk of anyone unfortunate enough to lose data. As with any data loss incident, these costs may be dwarfed by the loss of brand image and customers choosing not to do business with you again. Unmanaged cloud could be your weakest link, so what do you need to do? Join us for this webinar where the author of “GDPR – An Action Guide for IT” will speak and you will learn: · The top ten points of the new regulation · Which departments in your organisation need to be part of the GDPR-Readiness Team · What you need to do today, what you can leave until tomorrow · Policies for collecting, processing, transferring and deleting data · 25 questions to ask yourselves to ensure you are ready
Scared of implementing a data protection solution?
October 6, 2016

Scared of implementing a data protection solution?

Presentation by Rich Mogul of Securosis and Terence Spies of HPE Security--Data Security
Data protection has a tendency to be intimidating for organizations, users and implementers. Organizations see the value of having a data protection program but the challenges of applying a data protection solution often upsets the balance and work flow within the organization, users and create challenges for those implementing. Wouldn’t it be great if there were solutions that took the guesswork out of data protection and key management? Data moves in a non-linear way. Data protection and key management needs to interact with the data and the users in a seamless way that doesn’t disrupt their processes or destroy the characteristics of the data. Fortunately, in today’s data driven environment, there are strategies and technologies to protect data that do not have to be the high-risk propositions feared by organizations, users and implementers - IT professionals. By thinking of data protection and key management as data t protection enablers instead of obstacles, you can easily protect data across the infrastructure and beyond. Join this session and learn how HPE Security – Data Security offers unintimidating data protection and key management solutions that take the guesswork out of data protection. Protecting data through a layered security approach: from data-at-rest to data-in-motion and data-in use.
CSA Research: Mitigating Top Cloud Threats
August 30, 2016

CSA Research: Mitigating Top Cloud Threats

Presentation by Salim Hafid and Rich Campagna of Bitglass, and John Yeoh of CSA
With cloud adoption on the rise, IT leaders are looking to peer organizations to understand security best practices in the cloud. Bitglass and CSA surveyed infosec professionals to uncover the top threats to cloud security and the tools most often used to secure cloud apps. In this webinar, John Yeoh, Senior Research Analyst at CSA, joins Bitglass to discuss the results of the "Mitigating Risk for Cloud Applications" report and to explore the major issues facing organizations in their move to the cloud, from Shadow IT and inadequate visibility to concerns around government access.
Standardization and visibility of security controls in Hybrid
August 24, 2016

Standardization and visibility of security controls in Hybrid

Presentation by Avinash Prasad and Munish Gupta of Infosys Ltd
The needs for IT agility for business, is driving adoption of flexible computing environments including IaaS, Private Cloud among others. The challenge associated with this transformation towards the Hybrid cloud environment is the assurance around the security for the workloads and data. Specific issues arise due to the “Shared security model ” of the varying Cloud environments in terms of implementation of security, compliance and optimization in these environments. The need of the hour is to ensure effective security governance through standardization of security controls/Policies across Hybrid cloud deployments are driven by embedded security mechanisms with lesser bolted-on overhead on the IT security teams. One successful example is the leveraging of “security for the cloud from the cloud” to provide elastic and adaptive security services for the hybrid cloud In this webinar, Avinash Prasad, AVP, Information & Cyber Risk Management and Munish Gupta, Principal – Information & Cyber Risk Management , Infosys (NYSE: INFY) will share their experiences with respect to standardization of security controls in Hybrid cloud environments.
Protect, Detect, Respond and Recover: Mitigating the Risks of Cyber Security
August 16, 2016

Protect, Detect, Respond and Recover: Mitigating the Risks of Cyber Security

Presentation by Mat Hamlin of Spanning by EMC and Will McNae of Microsoft
Information theft is the most expensive consequence of cybercrime, according to a recent Ponemon study. Business interruption following a cyberattack exacts a high price in productivity and business process failures—even greater than the cost of information and revenue losses.1 The more data you share in the cloud, the more you expose it to attack. While there’s no one way to achieve absolute security for your data, there’s a lot you can do to safeguard against attacks and to stop them from crippling your business if they do occur. Join us for this webinar as we explore ways to more effectively protect your cloud-based data, detect threats, respond to attacks, and recover from them.
True Detective: Detecting Insider Threats and Compromised Accounts in Office 365
August 9, 2016

True Detective: Detecting Insider Threats and Compromised Accounts in Office 365

Presentation by Brandon Cook and Santosh Raghuram of Skyhigh Networks
How does your organization combat insider threats and compromised accounts? Join CSA and Skyhigh Networks to learn about cloud threat findings from the research of CSA and Skyhigh Cloud Security Labs. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis. Specifically, we will discuss how Information Security teams can: • Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and other SaaS applications. • Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data • Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
Protect Against New Threats to Safely Enable SaaS
August 4, 2016

Protect Against New Threats to Safely Enable SaaS

Presentation by Palo Alto Networks
The usage of SaaS applications continues to grow rapidly whether they are enabled by IT or your end users. SaaS-based application usage has grown 46 percent over the past three years as shown in the latest Application Usage and Threat Report from Palo Alto Networks. The attackers are now adapting to leverage these applications as a point of insertion and a medium for malware to proliferate. Join us for this live webinar where you will hear from Unit 42, the Palo Alto Networks threat research team, on how malware is using SaaS applications. You will also learn how to: • Protect against the new insertion and distribution points for malware • Gain visibility and granular, context-based control of SaaS applications • Secure corporate data from malicious and inadvertent data exposure
Joining the Cloud Cyber Intelligence Exchange
August 2, 2016

Joining the Cloud Cyber Intelligence Exchange

Presentation by Patrick Coughlin, TruSTAR
CSA, along with support from key corporate members like Rackspace and Intel, has been incubating a new intelligence exchange within the CloudCISC Working Group. Join CSA and technology partner TruSTAR to discuss: - The challenges of building effective intelligence exchange - How the CloudCISC exchange is designed differently - How you can get involved in the growing collection of vetted CSA members exchanging intelligence everyday!
Insights from the 2016 Gartner Magic Quadrant for Secure Web Gateways
August 1, 2016

Insights from the 2016 Gartner Magic Quadrant for Secure Web Gateways

Presentation by Jim Reavis of CSA and Atri Chatterjee of Zscaler
According to Gartner, cloud-based security is continuing to grow at a significant rate, spiking at a 35% CAGR compared to 6% for on-premise appliances. Newer and more advanced threats are creating risks that traditional appliances are struggling to keep up with. Consequently, the report highlights a number of key priorities for your security strategy, including: - The need for ‘advanced threat defense’ and not just a web filtering solution - The critical nature of securing your remote offices Is your security strategy aligned with all of the key recommendations from Gartner? What are the implications for enterprise security? Join Jim Reavis, Co-Founder and Chief Executive Officer, Cloud Security Alliance and Atri Chatterjee, Chief Marketing Officer, Zscaler, Inc., for a compelling webcast providing deep insights into Gartner's findings that are relevant for CISO's and CIO's. They will also address: - Latest security trends for enterprise security - Implications of the recent M&A activity in the security market - Key considerations when making your next web security decision
Five Requirements for Securely Adopting Cloud Applications
July 26, 2016

Five Requirements for Securely Adopting Cloud Applications

Presentation by Mark D. Campbell and Brandon Whichard of IBM Security
The business benefits of cloud applications are undeniable, however security concerns can still slow their adoption. While many mainstream cloud applications offer secure platforms and excellent security capabilities, much of the security burden is still on you. You still need a strategy and the technology tools to ensure your organization can safely and efficiently utilize these cloud apps. Join IBM Security as we discuss five essential requirements for ensuring safe and efficient adoption of cloud applications.
Office 365 Security and Compliance – Enforcing the 4 Layers of Trust
July 13, 2016

Office 365 Security and Compliance – Enforcing the 4 Layers of Trust

Presentation by Brandon Cook and Srini Gurrapu of Skyhigh Networks
Office 365 usage has tripled in the last 9 months as more and more companies enable anytime, anywhere access to Microsoft’s suite of cloud services. But security and compliance require a new level of granularity when users access cloud-based systems of record from a variety of networks, locations, and devices. In today’s cloud-first, mobile-first world, IT Security teams are creating variable trust models based on user, device, activity, and data sensitivity. In this session, we’ll share the proven 4-layer trust model for security and compliance in O365.
Protecting employees on the move with cloud-friendly application segmentation
July 13, 2016

Protecting employees on the move with cloud-friendly application segmentation

Presentation by Paul German of Certes Networks
Changed business practices, such as employees working on the move and the adoption of the cloud and cloud resources, should be mirrored by a change in security strategies. Organizations are commonly reluctant to adopt cloud technologies over concerns with security and control over enterprise data. However at the same time, many of these same organizations opened up access to applications for employees on the move, users on personal devices, external contractors, and other third parties that created a significantly larger attack surface than cloud services would have. To combat these threats, a number of cloud-friendly segmentation and application isolation techniques can be deployed to allow organizations to safely use the cloud whilst reducing their attack surface. Specifically, application segmentation via software-defined security represents a technique to accommodate borderless applications, adoption of the cloud, and modern user behaviours. Paul German, VP in EMEA, will discuss how the challenges presented by the next generation of information security can be overcome with practical examples and best practice tips.
Data-centric protection: the future of BYOD security
July 12, 2016

Data-centric protection: the future of BYOD security

Presentation by Bitglass
Enabling secure BYOD has long been a challenge for IT. Attempts to secure these devices with agents and device management tools like MDM have been met with widespread employee concerns about privacy and usability, and as a result, organizations see low rates of adoption. Requiring that employees use these install these cumbersome device management tools or access data solely from managed devices are solutions fraught with issues. Employees need the flexibility to work from any device, anywhere. In this webinar, we'll discuss how IT can limit risk of data leakage amid changing user habits. Learn how organizations across all industries are enabling secure mobility and productivity with a zero-touch, agentless solution.
Building the Connected Hospital - Securely
June 30, 2016

Building the Connected Hospital - Securely

Presentation by Chris Frenz, Jennifer Cathcart, Yogi Shaw, and Gib Sorebo
The concept of the Connected Hospital offers full integration with Electronic Health Record (EHR) systems, streamlined operations, and enhanced patient safety. Secure implementation of the capabilities that enable a connected hospital is a challenge given the diverse nature of the components involved. Hospitals, integrators and developers must work together to ensure that security is considered at each stage of a product and system life cycle. Device manufacturers and Solution Providers must ensure that their offerings have been securely engineered and have undergone sufficient testing, while health providers must work to apply defense-in-depth strategies to mitigate the threats to their systems and patients. Join us for a panel discussion that examines the challenges associated with building a connected hospital and some of the measures taken to do so securely. We’ll hear from medical device developers, service providers, health care providers and security engineers in an attempt to make sense of the complex health environment being shaped by the IoT. Topics will include: - Hospital concerns and approaches for enabling connected infrastructures and services - Integrator concerns related to creation of connected systems - Developer concerns related to smart, connected healthcare devices - Thoughts on best practices for mitigating threats Panelists include: - Chris Frenz, Director-Infrastructure, Interfaith Medical Center - Jennifer Cathcart, Manager Cyber Security at Clinicomp - Yogi Shaw, Medtronic - Gib Sorebo, Cyber Security Technologist at Leidos
It's Alive! Automating Security Response in the Cloud
June 22, 2016

It's Alive! Automating Security Response in the Cloud

Presentation by Tim Prendergast of Evident.io
The challenges facing teams responsible for creating speed and acceleration in the cloud are numerous, but the most dangerous challenge is discerning security signals from infrastructure noise. We can no longer deploy catch-all appliances or wrap hosts in countless layers of agent-based security technology in modern cloud environments. The context and approach to security has changed drastically in this shared ecosystem. It's time for us, as an industry, to acknowledge this shift and equip ourselves for success in the new world before us through security automation. The application of security automation in an API-centric cloud world represents a net new opportunity for defenders to gain an advantage. In this webcast, attendees will learn: -how to bridge the communications gap between Information Security Professionals and Engineering/Operations Professionals while improving defense capabilities -how to draw on the knowledge gleaned from DevOps to create a world where Security-as-Code is commonplace -how security automation helps to overcome the dire shortage in trained cloud security professionals -how to secure rapidly growing workloads in the cloud more easily as adversaries are also automating their attacks
Infosecurity 2016: The Influence of Privacy Shield on Data Protection
June 14, 2016

Infosecurity 2016: The Influence of Privacy Shield on Data Protection

Presentation by Daniele Catteddu, CTO, CSA & Josh Downs, Community Manager, BrightTALK
- Infosecurity Europe 2016 - BrightTALK were honoured to be joined by the CSA's CTO Daniele Catteddu to get his thoughts on cyber security and cloud defences in particular. Daniele walked through his thoughts on privacy shield and the sharing of EU data with the US; data protection; cyber security in the financial sector and how the banks can better protect themselves; assessing who the key threat actors are; ethical hacking and strengthening your perimeter to keep out zero-day attacks.
Continuous auditing/assessment of relevant security properties
June 14, 2016

Continuous auditing/assessment of relevant security properties

Presentation by John DiMaria of BSI
Module 3 in the CSA STAR Series While the Cloud Security Alliance’s (CSA) STAR Certification has certainly raised the bar for cloud providers, any audit is still a snapshot of a point in time. What goes on between audits can still be a blind spot. To provide greater visibility, the CSA developed the Cloud Trust Protocol (CTP), an industry initiative which will enable real time monitoring of a CSP’s security properties, as well as providing continuous transparency of services and comparability between services on core security properties[1]. This process is now being contributed to by BSI and other industry leaders. CTP forms part of the Governance, Risk, and Compliance stack and the Open Certification Framework as the continuous monitoring component, complementing point-in-time assessments provided by STAR certification and STAR attestation. Join us as we discuss: The concepts behind different evolving approaches to continuous monitoring, the next step in increasing transparency in the cloud.
The CSA Strategy for Securing IoT via the Cloud
June 7, 2016

The CSA Strategy for Securing IoT via the Cloud

Presentation by Jim Reavis
Internet of Things will lead to a future where virtually every physical item has a microprocessor and all industries will be disrupted. In this presentation, CSA CEO Jim Reavis discusses key security trends for Internet of Things and Cloud Computing. He will make the case that the cloud platform is the key strategy for attaining secure IoT implementations and will explain the CSA roadmap for converging cloud and IoT security.
CSA SDP for IaaS Initiative: Best Practices and a Progress Report
June 2, 2016

CSA SDP for IaaS Initiative: Best Practices and a Progress Report

Presentation by Jason Garbis of Cryptzone
Enterprise adoption of IaaS environments has brought tremendous benefits, in terms of cost savings and agility, and enabled a more dynamic infrastructure. However, these changes have created new security, compliance, and IT administration challenges for enterprises, and management challenges for cloud service providers. The good news is that a Software-Defined Perimeter (SDP) approach can solve these problems. SDP can better protect IaaS services for Enterprise usage, and deliver uniform and seamless protection of on-premises and IaaS resources. In this webinar, Jason Garbis, Cryptzone’s VP Products, and IaaS Initiative Workgroup Chair, will provide a progress report from the new IaaS SDP Working Group initiative and an update on how SDP can uniquely address these problems for IaaS. Whether you’re with a cloud provider looking to improve management capabilities, or an enterprise that wants to bolster IaaS security initiatives, you’ll want to tune in.
Cloud Trust Protocol (CTP) Demo
May 20, 2016

Cloud Trust Protocol (CTP) Demo

Presentation by Alain Pannetrat of Cloud Security Alliance
The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. This video illustrates in concrete details how CTP can be used to monitor the security level of cloud assets. We follow Alice, a cloud customer, who provisions a set of webservices from a SaaS provider and uses the CTP API to monitor two security parameters in real time: uptime and SSL/TLS cryptographic strength. The presented demo was constructed to mimic a real cloud service using software containers and the open-source CTP prototype implementation currently developed by CSA.
Mitigating risk with application isolation and cryptographic segmentation
May 11, 2016

Mitigating risk with application isolation and cryptographic segmentation

Presentation by Adam Boone of Certes Networks
There is a direct correlation between the size of an enterprise’s attack surface and its risk profile. The greater the number of networked applications supported by the enterprise and the greater number of users granted access, the greater the chance that one of those users will be compromised and hackers will gain a foothold to the broad enterprise application environment. In fact, this attack vector has been exploited by hackers in most of the high profile data breaches dominating headlines over the past two years. However, enterprises are now adopting more advanced application isolation and segmentation techniques that actually shrink the attack surface and reduce the risk of a data breach. This presentation will cover use case examples of application isolation, cryptographic segmentation, and role-based access control methodologies that limit application exposure while containing and minimizing the damage of breaches when they occur.
The Business Value of Operational Risk Management
May 11, 2016

The Business Value of Operational Risk Management

Presentation by John DiMaria of BSI
Risk Management is not a standalone activity carried out by a company’s risk experts; it is part of the responsibilities of management and a concern to all of the organization’s stakeholders. Risk identification and management are vital to strategic planning, project development and change management. Correctly instituted, Operational Risk Management (ORM) is a cross-functional and dynamic process that is critical in helping decision-makers reach informed choices based on facts and data, not opinions. It helps management prioritize actions and distinguish the best route amid alternative courses of action. Securing information and assets is not a silo within the security or IT business unit. The benefits are many, but ORM, once implemented, facilitates reducing operational and compliance costs and provides a detection system that will help reduce future exposure to risk. Ultimately it means a more resilient organization. Some industries are under more regulatory pressure than others, but the federal government is now also pushing forward risk-based frameworks. Organizations dubbed as “Critical Infrastructure” will need to ensure they have the controls and processes in place to meet requirements outlined by risk-based frameworks such as the NIST Cybersecurity Framework. Attendees will learn: - How risk based security is defined and harmonized internationally - What ORM look like in real life business models - The importance of the combination of People, Process and Technology in reducing risk - How Operational Risk Management fosters Operational Resilience
Risky Business: Key Cloud Security Metrics your Board Needs to See
May 10, 2016

Risky Business: Key Cloud Security Metrics your Board Needs to See

Presentation by Srini Gurrapu, Skyhigh Networks
A recent study by Ponemon showed that the likelihood of an enterprise data breach of involving more than 10,000 records is approximately 22%. This risk, with an average associated cost of $3.79 million, has catapulted cloud security into an executive and board level. What key metrics should you track and share with your board? How should you structure your cloud security strategy to best protect your organization? Join Skyhigh Networks and CSA for a discussion of best practices that leading enterprises have embraced for managing and communicating cloud risk with the board. In this session, you’ll learn how to:  • Develop a comprehensive cloud security and governance framework  • Map your organization’s maturity based on current practices • Identify key business outcomes across the 4 pillars of cloud security  • Implement best practices for presenting cloud security metrics to the board Registrants will also receive a “Cloud Security and Governance Report for Executives and the Board” template to jump start the discussion. We look forward to seeing you at the webinar!
Improve CX, Productivity, Revenues and Security with Identity Coherence
May 5, 2016

Improve CX, Productivity, Revenues and Security with Identity Coherence

Presentation by Steve Tout of Forte Advisory
Customers expect a seamless experience across services and devices, critical to ensure successful conversions and renewals in e-commerce. At the same time, the impact of disconnected user experience on employee productivity can have significant financial implications. Big egos, politics, a shortage of skilled talent, legacy systems and complexity can also conspire to undermine the success of your IAM program unless you plan for and take massive action today. Join Steve Tout as he presents Identity Coherence, a blueprint for creating massive value and success with IAM in a multi-vendor, multi-cloud environment.
Meeting international requirements and leveraging CSA STAR for supply chain mana
May 4, 2016

Meeting international requirements and leveraging CSA STAR for supply chain mana

Presentation by John DiMaria, BSI
When an organization adopts cloud services, it is in fact expanding its operations from a local or regional presence to a more global one. As a result, the corresponding organizational operations’ strategy needs to be adjusted to align with these changes. You need to be in line with international requirements as well as your supply-chain. A more formal analysis of the supply-chain as part of a more comprehensive due diligence review also needs to be considered.1 It is not always clear how the CSP handles incidents, encryption, and security monitoring. Organizations are rarely aware of all the risks they take when working with a CSP. In fact, the risks are multifaceted and are far more complex than those they experienced before moving to the cloud. An organization that rushes to adopt cloud services may subject itself to a number of business impacts including - Contractual issues over obligations regarding liability, response, and/or transparency - Mismatched expectations between the CSP and the customer - Lack of internal training and awareness within the user organization - Potential for software designers/engineers that are developing software to be unaware of associated risks Many organizations are turning to the cloud because of the resources required to manage complex supply chains. It can be challenging for most organizations to understand the supply-chain structure of the CSP’s environment; however, an increase in transparency will increase trust. At this session we will discuss: -Quick review of module 1 -How CSA STAR maps to international requirements -How you can use CSA STAR to manage and monitor your supply-chain.
Cloud security threats and resolutions: A meeting of the minds
April 27, 2016

Cloud security threats and resolutions: A meeting of the minds

Presentation by Jim Reavis of CSA, David Baker and Arturo Hinojosa of Okta
According to the 2016 Top Threats report from CSA, the ramifications of poor cloud computing decisions is no longer an IT issue but rather a boardroom issue. Executives at the highest levels are under scrutiny about security posture, and their response to a breach, from stakeholders, regulators and consumers. The growth of cloud and mobile technologies in the workplace has forced IT and security professionals to re-think their security strategy. A traditional network perimeter built on firewalls, VPNs, IDS, and DLP does not address the new threat landscape of phishing, social engineering, and data breaches. Join CSA CEO, Jim Reavis and Okta CISO, David Baker, for a discussion on the top threats organizations face, how the landscape is changing and best practices for improving the security of your organization. You’ll take away: -Highlights from the CSA 2016 Top Threats report -How to build a new security perimeter based on user identity, capable of detecting and stopping attacks in real time -How to improve visibility into user behavior and implement controls without sacrificing productivity
Beyond the Firewall: Securing the Cloud with a CASB
April 26, 2016

Beyond the Firewall: Securing the Cloud with a CASB

Presentation by Mike Schuricht and Salim Hafid, Bitglass
As organizations transition from on-premise data storage and device-centric security to the cloud, the need for a data-centric solution becomes critical. Organizations need the ability to protect data in the cloud, at access, on the network, and across all devices. While cloud app vendors now offer robust functionality, they lack the level of granular control and deep visibility many organizations need, either for compliance purposes or simply to enable an increasingly mobile workforce. In this webinar, we'll discuss how CASBs leverage APIs and proxies to control data on both managed and unmanaged devices, enabling secure SaaS and BYOD. Join us to learn how Cloud Access Security Brokers can help protect data in the cloud by providing comprehensive security and real-time data protection.
Mind the Mobile Gap
April 26, 2016

Mind the Mobile Gap

Presentation by Dan Wolff, IBM
Throwing a safety net over mobile cloud app usage leaves the enterprise having to balance manageability and security against the user experience. This session covers how you can gain visibility into mobile cloud app usage, defend against malware and threats, and enforce corporate policies for mobile—all while enabling BYOD and protecting the user experience.
Public, Private, Hybrid…Secure Your Cloud’s Future
April 20, 2016

Public, Private, Hybrid…Secure Your Cloud’s Future

Presentation by Sai Balabhadrapatruni Palo Alto Networks
The demand for business to be more agile to meet customer demands and stay competitive is driving a change in the way applications are developed, deployed, and adopted. The challenge has become balancing the agility needs of the business with improving the security of the applications and more importantly the data as it moves between the various clouds. Gaining visibility and preventing attacks that are attempting to get access to the data both from an external location and through a lateral attack becomes imperative in all locations the applications and data reside without adding additional complexity or cost. Organizations require visibility, control, and prevention capabilities across all major private and public cloud environments enabling consistent security policies and protection no matter where it is deployed. This webinar will cover: • Visibility:  Consistent visibility across clouds is one of the most common issues with multi-cloud deployments.  • Threat prevention: Block known and unknown threats is a critical requirement to protect applications and data no matter where they reside.  • Automation: The ability to natively integrate into a variety of environments to match the dynamic and on demand nature of cloud services. • Centralized management:  Manage your virtualized and physical firewalls from a single management console, delivering consistent policy and features across all clouds.
Dramatically Improve Network Security using SDP
April 13, 2016

Dramatically Improve Network Security using SDP

Presentation by Jason Garbis, Cryptzone
It’s time to recognize that traditional network security tools grant users too much access and therefore create a serious security gap. A typical user may be authorized to access only a few resources across the enterprise, but from a network perspective can see, and send packets to, every service running on every server on the network. This is even more of a problem as organizations move to dynamic cloud-based infrastructures. And once an attacker obtains a foothold, they quickly exploit vulnerabilities to escalate privileges, traverse the network, and gain access to the organization’s crown jewels. Jason Garbis, VP Products from Cryptzone, will lead a lively talk about how, using concepts of the Software Defined Perimeter, organizations can stop attackers from accessing your organization’s crown jewels.
Reducing the Enterprise Attack Surface with Cloud-Friendly App Segmentation
April 12, 2016

Reducing the Enterprise Attack Surface with Cloud-Friendly App Segmentation

Presentation by Satyam Tyagi, Certes Networks
The large volumes of data being stored as well as the multiple siloes, users and applications using the data, means that organizations are constantly under threat of a data breach. Certes Networks, will discuss how, despite the numerous threats and vulnerabilities currently faced by organizations, there are new ground-breaking cloud-friendly segmentation and application isolation techniques that can combat these threats, allowing organizations to safely use the cloud, keep their networks secure, and reduce their attack surface.
Best Practices for Protecting Your Data in a Hybrid Cloud Environment
April 11, 2016

Best Practices for Protecting Your Data in a Hybrid Cloud Environment

Presentation by Jason Wolford of Rackspace and Imam Sheikh of Vormetric
Your business has capitalized on managed cloud services to host many of your IT workloads. Now, you need to expand your cloud IT deployments further with public cloud services using Amazon Web Services or Microsoft Azure to scale cloud computing and storage resources to meet growing IT business demands. Suddenly, you have data center and cloud environments to manage to ensure your sensitive data remains protected and secure across your cloud providers. How do you get the most out of each of your cloud environments while maintaining control and protection of your sensitive data? Learn how a comprehensive cloud data protection solution will allow you to meet your data protection and compliance requirements across your private, public and hybrid cloud environments. You’ll find ways to centralize your security controls to efficiently and effectively implement the data security solution to fit your business operational needs consistently in a hybrid cloud environment. Join the Rackspace and Vormetric discussion about: · Data-centric security architectures for the cloud · Data-at-rest encryption to protect all copies of your data wherever they reside · Key management and access control administration in hybrid cloud environments · Security intelligence to monitor and detect advanced security threats and attacks
Cloud Security: What You Should Be Concerned About
March 31, 2016

Cloud Security: What You Should Be Concerned About

Presentation by Raji Samani of Intel Security and Jim Reavis of CSA
Intel Security conducted a survey regarding cloud adoption and cloud security. This webcast will discuss the findings and answer questions like... -Is cloud for everyone? -How much are companies investing in cloud? -What are the top concerns?
2016 Information Security Trends and Cloud Security Alliance Priorities
March 22, 2016

2016 Information Security Trends and Cloud Security Alliance Priorities

Presentation by Jim Reavis, CEO of Cloud Security Alliance
An informal look at the important security trends identified by CSA experts and the activities initiated by Cloud Security Alliance to address key industry issues.
How to Determine Responsibility for Cloud Security?
March 21, 2016

How to Determine Responsibility for Cloud Security?

Presentation by Rich Campagna, Bitglass
Rich Campagna of Bitglass explains in this short video the WSJ test -- an easy way to determine the security responsibilities of SaaS vendors and their clients.
Not “If” but “When”: Protecting Your Data with a Cyber Resiliency Plan
March 15, 2016

Not “If” but “When”: Protecting Your Data with a Cyber Resiliency Plan

Presentation by Santosh Raghuram, Skyhigh Network
In today's security landscape, a security breach is not a matter of "if," but "when." Is your organization prepared to minimize and mitigate the effects of a breach? Join the Cloud Security Alliance and Skyhigh Networks for a webinar discussing how to create a data-driven cloud cyber resiliency plan. In this session, you'll learn: -How to use statistics on the prevalence of different cloud security incidents to create your strategy? -What methods are best tuned for surfacing cloud data exfiltration vs. insider threat vs. compromised accounts? -Best practices for responding to a breach should one occur.
Data Breaches are Inevitable: Reduce your Risk with Cloud-Friendly Segmentation
March 15, 2016

Data Breaches are Inevitable: Reduce your Risk with Cloud-Friendly Segmentation

Presentation by Eugen Rusen, Certes Networks
The mass of data breaches that hit the headlines in 2015 show organizations must accept that breaches are inevitable, and breach detection and protection strategies are no longer enough to keep the hackers at bay. To prepare for a breach, organizations should put in place a breach containment strategy that assumes a breach will happen, and limits the scope of a breach when it does occur. Application isolation, role-based user access control and cloud-friendly segmentation are examples of techniques that can limit a hacker’s access to sensitive applications. These techniques have become more widely adopted lately, based on the assumption that breaches are inevitable, and that no network, user or device is every fully trusted. Eugen Rusen, Technical Director, for Certes Networks, will discuss how organizations can prepare for security breaches with practical examples and best practice tips.
The Borderless World: Bridging the Cloud with On-Prem Systems
March 10, 2016

The Borderless World: Bridging the Cloud with On-Prem Systems

Presentation by Farshad Ghazi and Chris Griffith, HPE Security
Learn more about the new CSA Top Threats Report and how to protect yourself. In the borderless world of Cloud computing, everything changes. You cannot deliver a cloud enabled business without a fundamental redesign of your security infrastructure. On-prem systems are increasingly integrated to cloud-based platforms which creates an abyss for data to spread to the farthest corners of earth, across the globe. Data flowing out of your control imposes significant security risks on the corporation, network, IT and the day to day activities of the business. Between all these touchpoints, a tremendous chasm must be traversed efficiently and safely, while maintaining control and ownership of data. With a mountain of sensitive data flowing back and forth daily, a new era of data security must evolve. Organizations must be savvy enough to combat threats while protecting the valuable assets – the data. During this webcast we will discuss some of the finding from the CSA Top Threats report and how data protection can help mitigate and manage the risks. Think of security as an enabler instead of an obstacle for cloud adoption.
Securing IaaS - The Forgotten component of Cloud Access Security Brokers
February 25, 2016

Securing IaaS - The Forgotten component of Cloud Access Security Brokers

Presentation by Ganesh Kirti, Palerra
ShadowIT Discovery and security of SaaS are often considered key capabilities of Cloud Access Security Broker. There is, however, one critical capability which is often overlooked; security of IaaS. Many organizations are finding out the hard way that focusing on security of SaaS is only part of the puzzle. They must address the security of their entire cloud environment, including IaaS such as AWS and Azure. Coupled with the need to secure custom apps developed on top of IaaS, security of IaaS is becoming an important capability that organizations must consider as part of their overall cloud security strategy.
The State of Office 365 Security
February 17, 2016

The State of Office 365 Security

Presentation by Doug Lane, Vaultive
Microsoft Office 365 adoption skyrocketed in 2015, but security and compliance questions are still keeping many organizations on the sidelines. What built-in security features does Microsoft provide, and under what circumstances are they good enough? Which industries and use cases call for a third party Office 365 security solution? Join us as we discuss these questions and provide an overview of the state of Office 365. You’ll walk away with everything you need to jump start your Office 365 security planning efforts in 2016.
Road Map to CSA Star Certification: Module 1
February 11, 2016

Road Map to CSA Star Certification: Module 1

Presentation by BSI
ROAD MAP TO CSA STAR CERTIFICATION – OPTIMIZING PROCESSES, REDUCING COST AND MEETING INTERNATIONAL REQUIREMENTS With Japan’s introduction of the quartz wristwatch in 1969, the majority Swiss market share dropped from 80% at the end of World War II to only 10% in 1974 . Ironically, it was the Swiss who had invented the quartz watch but failed to see its potential. * When a paradigm shifts, you cannot ignore change and count on past success. New technology, like the quartz in watchmaking, can revolutionize a market, creating a tectonic shift in accepted practice. The advent of the Cloud is such an advancement in technology and optimization of its capability - the new paradigm. Technological developments, constricted budgets, and the need for flexible access have led to an increase in business demand for cloud computing. Many organizations are still wary of cloud services, however, due to apprehensions around security issues. There is a real concern across the globe about the accelerated rate that companies are moving information to the cloud and the subsequent demise of physical boundaries and infrastructure. How organizations evaluate Cloud Service Providers (CSPs) has become key to maximizing that optimization. CSA STAR Certification has proven to be the security standard of excellence in the cloud security market. In this first of three modules being offered by the co-authors of CSA STAR Certification - The British Standards Institution (BSI) and The Cloud Security Alliance, you will learn the history behind the vison and take the journey down the road to the certification, but more importantly review data on how it helps organizations optimize processes, reduce costs and meet the continuing rigorous international demands on cloud services. * Innovation in the Watch Industry by Aran Hegarty, Chapter 1, November 1996 accessed online June 2014
Next-Gen Mobile Security: What comes after MDM?
February 3, 2016

Next-Gen Mobile Security: What comes after MDM?

Presentation by Salim Hafid and Neal Mhaskar, Bitglass
BYOD is an adoption, not a rollout. In fact, 57% of employees refuse MAM or MDM on their personal devices. What are the drawbacks of MDM? How can your organization both drive adoption and effectively secure BYOD? In this webinar, we'll answer those questions and discuss next-generation mobile security solutions that can help secure corporate data across managed and unmanaged mobile devices.
Emerging Approaches in a Cloud Connected Enterprise: Containers and Microservice
January 28, 2016

Emerging Approaches in a Cloud Connected Enterprise: Containers and Microservice

Presentation by Anil Karmel, Co-Founder and CEO of C2 Labs
Containers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken industry by storm, resulting in over 400 million downloads and 75,000+ containerized applications in this open source platform. With all this new found power come significant challenges and concerns. Come learn how containers and micro-services work, understand the security challenges with approach, and strategies to address the same.
Making Trusted Decisions to Use the Cloud: A New Model to Succeed
January 14, 2016

Making Trusted Decisions to Use the Cloud: A New Model to Succeed

Presentation by Jeffrey Ritter
You know that every decision to use the Cloud will be challenged, whether by investors, executives, customers, or members of your own team. Behind every challenge is the same question, "Can we trust the decision?" This presentation introduces a new decision model that will transform the confidence you can earn from others that your decisions are to be trusted.
Cloud Access Security Brokers: Critical Capabilities
December 9, 2015

Cloud Access Security Brokers: Critical Capabilities

Presentation by TBD
Cloud Access Security Brokers (CASBs) are the hottest security technologies on the market. They provide organizations with much needed visibility and control over corporate data as it moves beyond the firewall via the public cloud. In this webinar, experts from Bitglass will dive into the architecture of CASBs and explain how the wide range of functionality offered by CASBs can enhance security of corporate data and we'll show real-world case studies of how leading organizations are deploying CASBs.
Can I Still Use The Cloud? Now That Safe Harbor is Dead
November 24, 2015

Can I Still Use The Cloud? Now That Safe Harbor is Dead

Presentation by Nigel Hawthorn
A webinar for IT Security, Legal and Compliance Managers. The EU-US Safe Harbor agreement for data transfers has been declared invalid. Hear what this means for you, your organization and your data on EU citizens. Can you save data in US cloud services, and if so, what do you need to know to ensure you don’t break privacy laws. Join us for this webinar to hear: · What does the recent European Court of Justice ruling mean to me? · Do I need to review my contracts with US cloud providers? · Am I responsible for shadow IT services in the cloud? · What other steps can I take to be lawful? · How can I proactively protect my data in the cloud?
Keeping your Data and Applications Safe from the CSA Top Threats
November 10, 2015

Keeping your Data and Applications Safe from the CSA Top Threats

Presentation by Farshad Ghazi and Chris Griffith--HP Security
The cloud presents all kinds of opportunities for today’s enterprise, from anywhere access to anything-as-a-service. Cloud computing imposes significant security risks on the corporation, network, IT and the day to day activities of the business. How do they maintain compliance, control and ownership of sensitive data as they move from the physical environment to a cloud world? The distribution of data onto devices may not be completely controlled by the data owner, and there is liability confusion as cloud service providers take on a larger role. As a result CIOs are looking at technologies and strategies to assure security while delivering the required services. Fortunately, this model of enterprise computing doesn't have to be the high-risk proposition. By thinking of security as an enabler, instead of an obstacle for cloud adoption, you can easily protect and maintain control of data across multi-cloud environments while maximizing the business potential of the cloud. During this webcast we will discuss ways to address the key security challenges you’re facing as you move to the cloud.
Office 365 Compliance and Data Protection: Cargill’s Blueprint for Success
October 21, 2015

Office 365 Compliance and Data Protection: Cargill’s Blueprint for Success

Presentation by Matt Brunsvold of Cargill and Srini Gurrapu of Skyhigh
Skyhigh’s Office 365 Cloud Adoption and Risk report shows that the average enterprise uploads 1.37TB of data across SharePoint, OneDrive, and Yammer each month, 17.4% of which is sensitive.  With Office 365 use exploding and vast volumes of data headed to the cloud, IT Security teams are working to determine how they can enforce security, compliance, and governance policies seamlessly for O365.  Cargill has been at the forefront of this movement, and in this webinar Matt Brunsvold, Infrastructure Security Architecture and Engineering Advisor at Cargill will share the findings of his research into Microsoft Office 365 controls and how they’re leveraging a Cloud Access Security Broker (CASB) to achieve comprehensive data protection. The webinar will cover: - Top 10 security, compliance, and governance requirements for Office 365 - Proven tactics for extending DLP, Secure Collaboration, and DRM for Office 365 - How to combine broad and fine-grained policies to achieve compliance and data protection
Top 3 Reasons Why Growing Organizations are Moving Their Security to the Cloud
September 24, 2015

Top 3 Reasons Why Growing Organizations are Moving Their Security to the Cloud

Presentation by James Kawamoto, Zscaler Inc.
The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down. Data security, privacy and compliance have never been more at risk than in today’s social and mobile world. According to recent reports: · 50% of IT professionals rank security as a top reason for migrating applications to the cloud · 84% of CIOs report that they have cut application costs by moving to the cloud · 50% of cloud users have reduced their IT spend by 25% Why should your organization’s security move to the cloud? Join James Kawamoto, the Senior Director of Product Management, Zscaler Inc., for a compelling webcast that will highlight key reasons why growing organizations are moving their security to the cloud. We will also talk about: · The latest strategies and techniques cyber-criminals are using today · Concrete steps you can take to keep your organization safe · What to do about Internet security in today's cloud and mobile first IT landscape · Key benefits of moving your security in the cloud
Professionalizing the Cloud Security Workforce
August 20, 2015

Professionalizing the Cloud Security Workforce

Presentation by Jim Reavis, CEO of Cloud Security Alliance and David Shearer, CEO, (ISC)²
(ISC)² and CSA recently developed the Certified Cloud Security Professional (CCSP) credential to meet a critical market need to ensure that cloud security professionals have the required knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Join Jim Reavis, CEO of Cloud Security Alliance and David Shearer, CEO, (ISC)² on August 20, 2015 at 1:00PM Eastern to learn more about the CCSP, the qualifications for it and the future of cloud security.
Leveraging Data Control and GRC for Securing Data on the Cloud
July 15, 2015

Leveraging Data Control and GRC for Securing Data on the Cloud

Presentation by Ryan Ko- CSA APAC Research Advisor, Vibhav Agarwal – Associate Director - Product Marketing, MetricStream
Leveraging Data Control and GRC for Securing Data on the Cloud - A Practical Guide for Immediate Challenges and An Overview of Long-Term Research Challenges Data security for cloud applications is a perennial challenge due to the lost of control and oversight over data placed within clouds. As cloud becomes mainstream, various industries need to comply with an increasing number of regulations and stipulations for its cloud application portfolio. To manage these evolving challenges, we need to (1) address immediate challenges with a defensive, in-depth and resilient Cloud security strategy based on a robust Governance, Risk and Compliance (GRC) framework and (2) address long-term challenges via researching on the returning control of data to users. This will not only enable enterprises to step forward and leverage cloud in a more standardized manner, but also reduce their dependancies on third parties involved – assuring a high level and sustained assurance over data security. In this webinar, the experts aim to highlight the following areas: Part 1- Vibhav Agarwal – Associate Director - Product Marketing, MetricStream · Managing Information Security on Cloud: 101 · Best practices for a safer and secure cloud environment · Key aspects of a GRC framework for managing cloud security Part 2 by Dr Ryan Ko, CSA APAC Research Advisor & Head, Cyber Security Lab, University of Waikato, New Zealand) · Requirements and scientific challenges for returning data control to users · Overview of the NZ STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) Research Project · CSA's role in STRATUS and contributions to its data governance and accountability project. · Some demos and future directions of the STRATUS project.
Myth or Reality: Insider Threat Victims DON'T Have Their Heads in the Cloud
July 8, 2015

Myth or Reality: Insider Threat Victims DON'T Have Their Heads in the Cloud

Presentation by Evelyn de Souza, Data Governance Workgroup Chair, Cloud Security Alliance & Data Privacy and Compliance Leader, Cisco Systems
We can safely predict that an insider threat targeting cloud will be the cause of a major data breach over the next 12 months. While cloud insider threats consistently rank as a top concern, they have not been decomposed and mitigated like enterprise exploits. We will uncover threat vectors and behavioural traits and present new techniques for discovering and mitigating cloud insider threats. This webcast will also include a breakdown and comparison of different cloud models. Attendees will also learn: • Techniques for reconstructing audit trails to help with the deconstructing of an insider threat • Ways to quickly recover from the effects of an insider threat to minimize business disruption and impact
Cloud Standards - Ready for Prime-time (part 2)
June 30, 2015

Cloud Standards - Ready for Prime-time (part 2)

Presentation by Michel Drescher, EGI; John Messina, NIST; Peter Deussen, Fraunhofer FOKUS
Cloud computing will not reach its full potential without fully developed and stable management and context standards. Customers indeed expect freedom of choice, increased control and interoperability, as a tool for fair competition and unfettered innovation. Effective interoperability demands common technical and legal parameters, which are related to open standards and governance. While part one of the CloudWATCH webinar focused on technical aspects of existing and widely deployed Cloud-related standards, this part two will highlight governance and governmental issues around Cloud standardisation: - Which combination of standards suits best your specific use case, and what is the status and position of governmental standards adoption such as expressed in ISO and IEC bodies? - If you are using a cloud standard or would like to, we want to hear why, if the benefits as you expected, and what pitfalls or moments of enlightenment have you had. Moderator: Michel Drescher, Technical Manager, EGI & CloudWATCH Speakers: - John Messina, NIST Cloud Computing Program, Chair of the IEEE P2301 CPIP Working Group Chair IEEE - P2301 - Guide for Cloud Portability and Interoperability Profiles (CPIP). - Peter Deussen, Fraunhofer FOKUS ISO/IEC JTC 1/SC 38 Distributed Application Platforms and Services.
Lessons Learned From the Biggest Security Breaches
June 25, 2015

Lessons Learned From the Biggest Security Breaches

Presentation by Jim Reavis, CSA; Michael Sutton, Zscaler
Learn about the biggest security breaches and what it means for your organization. The risk of experiencing a security breach is now higher than ever. Over the last 12 months, some of the highest profile companies have been compromised including Anthem, Sony, Home Depot, JPMorgan Chase, Target and more. 2015 is turning out to be no different. There have been 150 breaches already, exposing over 88 million records* across multiple sectors including healthcare, banking and government. Clearly no organization is immune to a breach and human error continues to play a primary role. Join Michael Sutton, Vice President of Security Research, Zscaler, Inc., and Jim Reavis, Co-founder of Cloud Security Alliance for a thought provoking and interactive webcast addressing: - Key trends and traits common to high profile security breaches - Critical takeaways and lessons learned for a comprehensive security strategy - Best practices to reduce the risk of a security breach
Cloud Standards - Ready for Prime Time
June 9, 2015

Cloud Standards - Ready for Prime Time

Presentation by Michel Drescher, EGI; Alan Sill, OGF, Texas Tech University; Alex McDonald, NetApp; David Wallom, Oxford e-Research Centre
Cloud computing will not reach its full potential without the full development and stable management of standards. Customers expect the freedom of choice, increased control, and interoperability as a tool for fair competition and unfettered innovation in cloud services. Effective interoperability demands common technical and legal parameters, which are related to open standards and governance. This webinar with CloudWATCH provides user experience on standards-based interoperability. It will see authors and users of standards already implemented in EGI Federated Cloud. Learn from the experience of others as they showcase benefits and best-practices. If you are using a cloud standard or would like to - Why is it needed - Are the benefits as expected? - What pitfalls have you had? - What moments of enlightenment have you had?
How to Negotiate a Proper SLA
May 19, 2015

How to Negotiate a Proper SLA

Presentation by Jesus Luna, CSA; Frederic Engel, Market Engal SAS;Daniele Catteddu, CSA; Arthur van der Wees; Arthur's Legal; Said Tabet, EMC
The typical cloud customer easily grasps perceived advantages and user-friendliness in the cloud, but they are not security experts. Matching an customer's security requirements with what is being offered by CSPs can be the biggest challenge. Even though most CSPs include security provisions in their SLAs (Service Level Agreements), the variety of customer requirements make it all too easy to over/undershoot the security target. This is where the benefits of a template SLA kicks in. This webinar will present expert opinions on the topic of cloud security SLA (secSLA) negotiation taking into consideration standards, technical, legal and social aspects.
Preparing for 2015: Internet security best practices from the Global 1000
May 12, 2015

Preparing for 2015: Internet security best practices from the Global 1000

Presentation by Jim Reavis, CEO at the Cloud Security Alliance & Dan Druker, CMO at Zscaler
The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down. So what can you do today to keep your security ahead of these trends? In this webcast, we will share actionable best practices gleaned from more than 5,000 leading global organizations - including United Airlines, Humana, Sealed Air, British American Tobacco, the United States Marines and NATO. We will also talk about the latest strategies and techniques cyber-criminals are using today and the concrete steps you can take to keep your organization safe.
Platform as a Service: Build Cloud Applications Rapidly and Reliably
March 19, 2015

Platform as a Service: Build Cloud Applications Rapidly and Reliably

Presentation by Jonathan Sage, IBM; Mike Edwards, IBM; Achille Pinson, PrepMyFuture.com
CloudWATCH webinars aim to evangelise the merits of cloud services to SMEs and governments. This particular session on building cloud applications will explain Platform as a Service. Cloud technologies, such as Bluemix, make app development easier, more practical, and cost effective. Also, Achille Pinson, founder of PrepMyFuture.com, will share his experience as a cloud service provider close to app developers in education related apps. We offer the opportunity to ask questions in this interactive webinar. Speakers: Jonathan Sage, IBM Government and Regulatory Affairs Mike Edwards, Senior Technical Staff Member at IBM's Hursley Park labs Achille Pinson, PrepMyFuture.com founder
Panel: Leveraging Security Analytics in the Fight Against Cyber-Threats
February 17, 2015

Panel: Leveraging Security Analytics in the Fight Against Cyber-Threats

Presentation by Peter Wood (moderator); Prof. John Walker, James Brown (Alert Logic), Bernd Jaeger (Cloud Security Alliance)
Join this exciting panel session with some of the industry's leading thought leaders including: Peter Wood, CEO, First Base Technologies Prof. John Walker, Researcher, Writer & Speaker, Cyber-Vault Stephen Coty, Chief Security Evangelist, Alert Logic Bernd Jaeger, Cloud Security Alliance The panelists will discuss topics ranging from predictive security, real-time threat intelligence, combining structured and unstructured data sources and more.
Cloud CISC Virtual Summit
February 5, 2015

Cloud CISC Virtual Summit

Presentation by Paul Kurtz, Dave Cullinane
The Cloud Security Alliance (CSA) has chosen to specifically focus on the problem of cyber incident information sharing and find innovative approaches that break down the barriers inhibiting sharing. CSA has selected a partner, TruSTAR Technology, to create what we are calling the industry’s first Cloud CISC (Cyber Incident Sharing Center). We believe it is very important that we educate the government as to our information sharing capabilities to assure that any new legislation is appropriate, proportionate, and synergistic to the private sector. Cloud CISC will have a role for both cloud providers and other cloud security experts. Cloud providers will be able to directly access the Cloud CISC information sharing system. The larger community of cloud security experts will have an important role in the governance of Cloud CISC, the development of vendor neutral best practices and technical standards, and the development of policies aligning Cloud CISC to industry and governmental mandates on an international basis. As always, CSA believes it will be important to leverage existing standards and communities as much as possible, and operate with the greatest transparency possible. The initiative homepage is https://www.cloudsecurityalliance.org/cloudcisc/
An Approach to Cloud Services Risk Management for Today’s Enterprises
February 4, 2015

An Approach to Cloud Services Risk Management for Today’s Enterprises

Presentation by Deepayan Chanda, Wesley Cheng, Security Solutions Architects, Advanced Services, Cisco Systems
This session provides a methodology and a Business Risk Framework for assessing the risk of an ever-increasing number of cloud services. It builds upon the Cloud Security Alliance Cloud Controls Matrix by enabling users to add new controls and address risk vectors such as the financial viability of a cloud service provider, traffic data, and business criticality.
An Approach to Cloud Service Provider Risk Management for Today’s Enterprises
February 4, 2015

An Approach to Cloud Service Provider Risk Management for Today’s Enterprises

Presentation by Derick Fogt, IT Risk Management, Cisco Systems
A great many enterprises leverage the Cloud Security Alliance Cloud Controls Matrix as a primary component for identifying cloud service provider risks. What’s also needed is a way to measure these risks. This session will focus on building a risk rating framework and on better quantifying and operationalizing risk management activities. Presenter: Derick Fogt, IT Risk Management, Cisco Systems
Service Management: What Standards Can Do For Business – The Example of FitSM
January 29, 2015

Service Management: What Standards Can Do For Business – The Example of FitSM

Presentation by Dr. Thomas Schaaf, Dr. Michael Brenner, Owen Appleton, Sy Holsinger
To meet customer needs and provide valuable services, it is important to maintain a high quality of service, which in itself requires a well-structured approach to IT Service Management (ITSM). Existing approaches such as ITIL and the ISO/IEC 20,000 standard are useful but not always well suited to the challenges of providing cloud or other distributed services, especially federated environments. This webinar will provide a clear-cut view of the challenges for service management, and the FitSM standard, a new lightweight approach suitable for cloud, distributed, federated and research services. It provides requirements based on international standards and commercial best-practice, as well as concrete support in terms of templates, guides and tools useful in implementing ITSM. The webinar will be presented by the authors of FitSM as well as representatives of service providers implementing the standard. You should attend if you have an interest in implementable and actionable standards, especially if you are CIO in a big company, CEO of an SME, an academic.
IoT Security Challenges for Early Adopters
December 4, 2014

IoT Security Challenges for Early Adopters

Presentation by Brian Russell, Chief Engineer CyberSecurity Solutions at Leidos
The Internet of Things (IoT) offers enhanced technology capabilities in diverse industries. In the health care setting, IoT will bring new connected medical devices that support near real-time monitoring of patient health information. In the transportation industry, connected vehicles will communicate securely with each other and with the environment surrounding them, offering safer commutes. In the Utility industry, energy consumption will be regulated more efficiently which will reduce the risk of grid overload. These are only a small set of examples that illustrate how the IoT will change the way we all interact with technology and with each other. Implementations of IoT vary greatly in the protocols that are used for communications and the security controls applied to their design. Examples range from devices that communicate using short range communications with smart phones, to entertainment components that are always connected to the Internet over your home’s wifi connection, to systems that communicate using proprietary protocols like ZWave. Many device types also communicate directly with each other (Machine-to-Machine). In some instances these communications are conducted over encrypted channels and in other instances that is not the case. Organizations looking to deploy IoT components within their infrastructure must be aware of the threats that are introduced along with those components and take proactive actions to mitigate those threats through a careful consideration of their Enterprise security architecture. This talk will examine some of the challenges facing early adopters of the IoT which will be a focus of our first CSA document, providing industry guidance to help mitigate IoT Security Challenges for Early Adopters.
Monitoring in a Cloud Environment
November 26, 2014

Monitoring in a Cloud Environment

Presentation by Eliot Salant, Dario Bruneo, Avi Miron - Cloud Wave; Kyriakos Kritikos - PaaSage; Michel Drescher - EGI, CloudWatch
Monitoring resource consumption in a Cloud environment is becoming an increasingly important research topic in order to provide optimal management of both the underlying Cloud infrastructure and executing applications. Clouds are complex environments composed of many different entities and layers. Each of them may be provided with mechanisms offering various management actions. Different situations call for different actions often simultaneously. Indeed, isolated or contradictory actions may negatively affect Cloud application quality and Cloud infrastructure performance. This means that correctly selecting and effectively combining these operations in a given situation is a critical challenge of Cloud computing that only tight monitoring can address successfully. In this webinar with CloudWatch, representatives of three European Union sponsored projects will discuss their findings in cloud monitoring. Topics will range from multi-action performances to network monitoring and operational monitoring in a Cloud federation context. Listeners to the live event will be given the opportunity to ask questions to our experts. Speakers: Eliot Salant – Cloud Wave Dario Bruneo (University of Messina) – Cloud Wave Avi Miron (Technion) - Cloud Wave Kyriakos Kritikos (ICS-FORTH) - PaaSage Michel Drescher, (EGI) - EGI-InSPIRE, CloudWATCH
Reducing Risk in the Cloud with the CCM
October 15, 2014

Reducing Risk in the Cloud with the CCM

Presentation by John Yeoh, Sr. Research Analyst, CSA; Sean Cordero, Co-Chair, CSA CCM Working Group
Cloud computing promises to deliver efficiencies through reduced time to market and greater agility for organizations. While the impact of cloud computing is profound, many organizations remain hesitant to consider the cloud. This is often due to a lack of clarity over the unique security risks introduced in the cloud computing model and a perceived lack of transparency by both providers and customers. During this talk we will provide an overview of the most common cloud security risks and provide insight into the industry leading standard and framework to assess and measuring information security controls within the cloud.
The Role of Certification and Standards for Trusted Cloud Solutions
October 2, 2014

The Role of Certification and Standards for Trusted Cloud Solutions

Presentation by Daniele Catteddu, CSA; Dr. Michaela Iorga, NIST; Marnix Dekkar, ENISA; Claudio Belloli, GSA
Security and privacy certifications have been identified as one of the most effective means to increase the level of trust in cloud services and stimulate their adoption. Based on this assumption, it was critical to focus on the appropriate standards and their interoperability. Therefore, a number of efforts have started in Europe, mainly led by the European Commission, in collaboration with ENISA and the Cloud Standards Coordination ETSI effort, as well as in the USA and other regions of the world. In this webinar the panellists will discuss the role that security certification and standards can play in supporting a more mature and pragmatic approach to cloud computing. On 2 October you will have the opportunity to ask questions in this interactive webinar. Webinar details Date: Thursday, 2 October Time: 15:00 – 16:00 (CEST) Speakers: · Daniele Catteddu, Managing Director, EMEA, Cloud Security Alliance · Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing, NIST · Marnix Dekker, Security Expert and Information Security Officer, ENISA · Claudio Belloli, Information Systems Security Manager, GSA
New Opportunities for Data Privacy and Data Protection Harmonization
September 24, 2014

New Opportunities for Data Privacy and Data Protection Harmonization

Presentation by Evelyn De Souza, Cisco; Dan Blum, Respect Network; Mary Beth Borgwing, Advisen
This week the CSA and Cisco announced the results of a comprehensive survey of cloud security professionals on data privacy considerations. The survey responses highlight a growing and strong interest in harmonizing privacy laws towards a universal set of principles. But what does this really mean as you develop cloud services for your organization? And, how do you build in data privacy consideration into the development phase of cloud, IoT and Big Data versus bolting it on post implementation? Join the Cloud Security Alliance and our panel of experts in: - Discussing key findings from the Data Protection Heat Index survey - Identifying key areas of commonality versus deviations in data privacy regulations - Gaining insights into how to consider building privacy into Cloud, IoT and Big Data during the development phase
Big, Open, and Properly Protected Data?
September 24, 2014

Big, Open, and Properly Protected Data?

Presentation by Mariusz Jarzebowski, demosEUROPA; Ratko Mutavdzic, PROJEKTURA; DR. Gwendal Le Grand, CNIL; Patrice Chazerand, DIGITALEUROPE
Big data keeps making the headlines. Open data is high on governments’ agenda. This CloudWATCH webinar will hear contributors to the research paper ‘’Big & Open Data in Europe: A growth engine or a missed opportunity?” debating the impact on the economic potential of various parts of Europe – North, South and East. CNIL, France’s Data Protection Authority, will then describe the main challenges of privacy from a European perspective. The stakes are high indeed to make sure that legitimate concerns for privacy will not hamper a free flow of data and hold back the development of industry, thus depriving citizens and consumers of the benefits of the digital era. On 24 September you will have the opportunity to ask questions in this interactive webinar. Speakers: Mariusz Jarzebowski, Technology Policy Advisor, demosEUROPA Ratko Mutavdzic, Founder and Experience Architect at PROJEKTURA Dr. Gwendal Le Grand, Director of technology and innovation at CNIL, the French Data Protection Authority Moderator: Patrice Chazerand, Director, DIGITALEUROPE
HP Cloud Security Total Infrastructure Model for Cyber Defence & Event logging
September 23, 2014

HP Cloud Security Total Infrastructure Model for Cyber Defence & Event logging

Presentation by Ilia Tivin- CISSP, CCSK- Senior SIEM consultant and Hiroshi Masuda- HP APJ TSC ITAS(Security) Lead
Cloudbytes is a Webinar/Webcast for the APAC region which would be held monthly for all the CSA chapter members. The CloudBytes program will look to bring the most important topics to the forefront for education and discussion. Security is one of the major barriers to cloud adoption and transformation when we think IT risks in order to contribute to business outcome. Especially recent drastic increase of the number and impact of cyber-attack is one of the major security risks in WW. On the other hands, we still also face with huge damage from internal threat and human errors have occurred frequently in a long IT history. In the cloud days to create complexities and transformation, ad hoc and spot protection are not enough to manage total security risk but it is the necessary point to think about security infrastructure totally with flexibility and scalability. Guest experts can discuss what is the “to-be” architecture for total security infrastructure including cloud specific threat protection and how HP can support for that. Presentation Topics -What is Event Logging -Logging in the cloud -In house logging vs Logging as a service -Different architectures -Challenges of logging events inside the cloud -Incident response in the cloud -HP approach and processes -Summary
Multi-tenancy in Federated Clouds
August 28, 2014

Multi-tenancy in Federated Clouds

Presentation by Michel Drescher, European Grid Infrastructure; Jesus Luna, CSA; Ian Osborne, Knowledge Transfer Network; Colin Wallis, NZ Gov
However popular multi-tenancy has become in cloud computing, this concept still sounds a bit like a mystery. This CloudWATCH webinar will provide you with a chance to get a crystal-clear take of the concept by clarifying how tenancy is defined, how relations between tenants and their behaviour should be designed. Indeed, in a typical multi-tenancy environment, multiple users who do not even see each other’s data can share the same applications run on the same operating system, using the same hardware and the same data storage centre. We will also cover issues related to tenant identification, federation models and data access and probe advantages and possible downside of running multi-tenancy systems: cost savings, consistency, safety, etc. On 28 August you will have the opportunity to ask questions in this interactive webinar. Speakers: Michel Drescher, European Grid Infrastructure Jesus Luna, CSA Ian Osborne, The Knowledge Transfer Network Colin Wallis, NZ Government, Tech Services
Triaging the Cloud: 5 Steps to Putting the Cloud Controls Matrix to Work....
July 24, 2014

Triaging the Cloud: 5 Steps to Putting the Cloud Controls Matrix to Work....

Presentation by John Howie, Cloud Security Alliance; Doug Meier, Pandora; Krishna Narayanaswamy, Netskope
The Cloud Security Alliance’s Cloud Controls Matrix is a rich source of cloud security best practices designed as a framework to provide fundamental security principles to cloud vendors and cloud customers. It serves as a useful guidepost for app developers and technology decision-makers alike. But what if you really want to put it to work across all of the cloud services your organization is using, whether sanctioned or “shadow IT?” And how do you triage those services once you know what they are and how enterprise-ready they are? Join Cloud Security Alliance Chief Operating Officer, John Howie, Pandora Director of Information Security, Doug Meier, and Netskope Chief Scientist, Krishna Narayanaswamy, for a practical discussion and set of next steps to making the CCM work for you and triaging the apps you discover. Attendees will: • Learn guidelines for when and how to use the CCM • Hear how security experts are bringing the CCM to life in their organizations • Gain practical advice for how to triage your cloud services once you know what they are and how enterprise-ready they are • Discover ways to exert CCM controls even in cases of “shadow IT”
Legal Issues for Cloud Computing
July 15, 2014

Legal Issues for Cloud Computing

Presentation by Paolo Balboni, ICT Legal Consulting; Lucio Scudiero, ICT Legal Consulting
Cloud Computing Users increasingly attempt to negotiate contract terms for cloud computing services, in order to make them more suitable for their specific needs. However, despite the efforts they make, contracts are still often concluded on a take-it-or-leave-it basis, because of the negotiating power enjoyed by bigger cloud service providers against small service clients. The webinar is a contribution to clarify what are the most common contractual issues between the parties of a cloud contract, such as, amongst the many, Jurisdiction, Service Level Agreeements and Privacy Level Agreements, and what is the level of advancement of the initiative undertaken by the European Commission under the European Union Cloud Strategy which will lead to the drafting of a Code of Conduct for Cloud Service Providers, to which Paolo Balboni is associated as a member of the drafting group.
2 Minutes on BrightTALK: What are your weak points?
May 16, 2014

2 Minutes on BrightTALK: What are your weak points?

Presentation by Daniele Catteddu, Managing Director EMEA, Cloud Security Alliance
Hear what Daniele Catteddu recommends to strengthen your IT security posture - from risk assessments to mobile and cloud computing.

Getting Started

Thank you for your interest in participating in the CSA CloudBytes webinar series. CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. We envision CSA working groups and CSA members using this platform as a tool to inform our audience of trending topics, new technologies, and latest research that can help increase awareness in the cloud. It also allows audience members the opportunity to earn CPE Credits.

We are always seeking SME's who can bring these topics to our audience in the form of education and discussion in a vendor neutral environment.

If you are interested in learning more about sponsorship options please contact Hillary Baron [email protected].