Name: The Implementation Guidelines for the Cloud Controls Matrix v4
Start: 2021-10-20T13:30:00Z
End: 2021-10-20T13:31:07.000Z
Location: BrightTALK
Rating: 4.4

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

CNAPPs have brought unprecedented visibility into cloud identity and permissions risks, but visibility alone doesn't solve the problem. Thousands of findings (like unused identities, over-permissioned accounts, and lateral movement risks) have been prioritized, but we’re still asking devs to fix these one by one in a process that never brings meaningful risk reduction. Cloud teams are inundated, struggling to remediate these issues while keeping productivity high.

Join us for an insightful webinar where we discuss how to centralize policy control and bulk remediation that will burn down the CNAPP alert queue. We’ll explore:

• Why identity and permission issues pile up despite CNAPP’s insights
• How to cut through the complexity of manual remediation with bulk actions
• Centralizing and giving control back to the cloud team while still ‘shifting left’

Discover practical approaches to operationalize CNAPP findings, enable bulk fixes, and implement least-privilege practices without compromising productivity. 

If you’re ready to transform CNAPP visibility into real risk reduction, this webinar is for you.

Tackling AWS Identity Risks at Scale—Beyond CNAPP Visibility

Balancing rapid software releases with stringent compliance requirements is a challenge that many organizations face. Compliance and DevOps teams often have competing priorities, leading to bottlenecks, delays, and frustration. But it doesn’t have to be this way.

Join Drata and AWS for an engaging session where GRC and DevOps leaders will discuss their goals and challenges and how starting compliance left has led to faster releases and easier audits. Learn about their best practices on the processes and technologies that help them work together to navigate the complex web of industry regulations and audit requirements.

Topics covered: 
• Best practices for collaboration between DevSecOps and Compliance teams 
• How to create workflows for maintaining checks and balances to help your teams thrive
• How to build a culture of security and compliance across your organization 
• Tools and solutions that enable smoother collaboration and faster time to market while staying audit-ready

If you’ve ever felt the friction between compliance, security, and development, this webinar is for you. Join us to learn how to turn “Compliance vs. DevOps” into “Compliance and DevOps”—better together.

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

Join us for a candid conversation with Mario Duarte, former CISO at Snowflake and now the CISO of Aembit. Mario is now focused on one of cybersecurity’s toughest and most overlooked challenges: securing non-human identities (NHIs) across applications, services, and workloads.In this live discussion, we’ll go behind the curtain and talk about the real issues security teams are facing when it comes to managing access between workloads and sensitive resources. Mario will break down why relying on static credentials is a ticking time bomb and share practical, real-world NHI security solutions for complex and distributed enterprise environments.

What we’ll cover:
• Why static credentials and secrets management vaults are no longer enough.
• How to ensure your workloads authenticate securely to the right resources.
• What parallels can be drawn between human IAM (think username/password) and non-human IAM.
• How to confidently embrace innovative solutions from emerging companies without compromising security.

This is your chance to hear directly from a veteran CISO with a passion for identity management and experience on the frontlines of enterprise security.

A CISO’s Perspective on Securing Non-Human Identities

As with any piece of enterprise software, choosing and buying a PAM solution is a fraction of the battle. Many installations fail or never get rolled out fully due to deployment complications and competing priorities. In this webinar, we will discuss common pitfalls, where implementations typically fail, and what you can do to make sure you are fully prepared to deploy and roll out PAM successfully in your organization.

Join this session to:
• Understand why many PAM rollouts fail
• Explore best practices around deployment
• Put a plan for success together
• Learn about new methodologies that can facilitate success

Unlocking Success: Navigating the Pitfalls of Privileged Access Management Deployment

Cloud Native applications and Services are the workhorses of modern cloud environments. They hold most of the organization's crown jewels and are therefore often the target for insider and outsider threats. Existing cloud security posture management and hardening solutions (CSPM) as well as real time detection and response solution (EDR) operate in Silo mode and are therefore failing to provide systematic security across the lifecycle of Cloud Native assets.

Cloud Security Reimagined: Bridging the Cloud – DevSecOps - Application Security Gap

Vanta’s 2024 State of Trust Report found that cybersecurity risk is the biggest concern for business leaders, higher than both financial and operational risk. With more reliance on third-party vendors and increased use of AI technologies, security leaders face a more complex threat landscape while also managing resource constraints.

Successfully navigating these challenges requires CISOs to go beyond industry standards to address risk, deliver business impact, and build a community of trust. 

In this webinar, we will share key findings from Vanta’s survey of 2,500 IT and business leaders and discuss strategies for building, demonstrating, and strengthening trust across your ecosystem.

The State of Trust: How CISOs Can Go Beyond Industry Standards to Manage Risk

As AI continues to revolutionize industries, the demand for real-time insights and faster decision-making is at an all-time high. However, alongside this growth comes a significant challenge: securing sensitive data during AI model training and inference.

In this webinar, we will explore how Confidential Computing is transforming AI security, using real-world insights from the U.S. Navy’s use case securing LLM workloads. In a groundbreaking POC, the U.S. Navy leveraged Confidential Computing to run secure AI operations on NVIDIA H100 Tensor Core GPUs, ensuring full data privacy without sacrificing performance.

You'll gain a technical understanding of Confidential Computing on GPUs and how the Anjuna Seaglass platform integrates to secure AI workloads at scale. Learn how enterprises and government organizations can unlock secure, AI-driven insights—achieving measurable business value in as little as one hour.

Whether you’re in defense, finance, healthcare, or any other sector leveraging AI, this session will show you how to secure your most critical data while maintaining the performance and flexibility your business demands.

AI at Its Best: US Navy Explores LLM Trust and Performance with NVIDIA & Anjuna

What are the must-know secrets to multicloud security? Refactoring applications and AI-driven development reshape cloud security, presenting new challenges to organizations. Security experts must figure out how to be the defenders of their cloud without hindering the teams who build and deploy applications in the cloud.

Join Jason Williams, senior product marketing manager at Palo Alto Networks, for a webinar that explores the six key requirements for securing multicloud environments.

In this webinar, you'll gain insights into:
• Achieving unparalleled multicloud visibility that actually helps you understand your clouds and detect threats swiftly.
• Prioritizing and neutralizing risks effectively to maintain a strong security posture amidst evolving threats.
• Implementing advanced security measures to safeguard sensitive information across all cloud environments.

Equip yourself with the knowledge to enhance your multicloud security strategy. Register now to secure your spot and stay ahead in the ever-evolving world of cloud security.

6 Key Requirements to Multicloud Security

Small and medium-sized businesses understand the need for SOC 2 to show proof that they are protecting those they do business with, growing their business safely, and closing deals. But where do you get started? 

Join Drata and AWS for a technical deep-dive into achieving and maintaining compliance with your AWS infrastructure. You will learn how to leverage automation to increase efficiency and reduce human error and build a SOC 2 roadmap that helps you achieve compliance today while keeping infrastructure and code compliant year-round. 

Topics covered: 
• Key areas to focus on when approaching SOC 2 on AWS infrastructure
• How to leverage automation and AI to increase efficiency and shift left on your compliance program
• What to expect before, during, and after the audit
• How to stay proactive with your compliance program

* Attendees are eligible for a free compliance assessment. *

Smart SOC 2: Automating Compliance with Drata and AWS

Did you know that for every human identity created  there are 92 Non-human Identities? As more and more NHIs & secrets are  being created by the R&D teams, the number and variety of NHIs per organization are exploding. This webinar will explore the importance of integrating Non-Human identity management into a modern application security program. 

• Key challenges organizations face when it comes to NHI's 
• Best Practices 
• The latest and greatest tools and techniques for discovering, managing, monitoring, and protecting NHIs & Secrets. 

Its time to reclaim control over our Non-Human identities!

It’s Time to Reclaim Control Over Your Non-Human Identities

In today’s fast-paced, multi-cloud world, Identity and Access Management (IAM) has become the cornerstone of enterprise security architecture. As traditional firewalls lose effectiveness, identity now serves as the ultimate control surface, ensuring that only trusted users—whether human or machine—can access the right systems, at the right time, and for the right reasons. But what makes a successful IAM strategy?

This webinar will introduce you to the new 7 A’s of Identity and Access Management, a comprehensive framework for managing identity across: Authentication, Access Control, Authorization, Administration, Attributes, Audit, and Availability. Each of these functions plays a crucial role in protecting your organization’s identity data, ensuring compliance, and boosting your overall security posture. By understanding and applying these concepts, you can lay the foundation for identity-first security in your organization and empower a more flexible, scalable, and secure approach to managing identities.

Join Eric Olden—co-author of the SAML standard, author of Identity Orchestration for Dummies, and CEO of Strata Identity—and host Mark Callahan, Chief Solution Storyteller, as they walk us through each of the 7 A’s, providing real-world examples of how enterprises are putting them to work in today’s complex cloud environments. This thought-leadership session will explore the challenges and opportunities facing organizations in the era of Zero Trust identity and provide actionable takeaways to help you build a resilient and secure IAM strategy.

Achieve Zero Trust Identity with the new 7 A’s of IAM

The skyrocketing adoption of AI has raised the stakes for cloud data protection.  The sheer volume of cloud data has made it difficult to discover and classify sensitive data, let alone prioritize the most critical risks to it.  

Join Tenable Cloud Security experts for an in-depth discussion on how to uncover, prioritize and take action on cloud data exposure with Tenable Cloud Security. 

Register for the session to learn how to: 
• Automate and tailor sensitive data discovery and classification across multi-cloud environments using integrated DSPM capabilities
• Use granular identity and access management insights to better prioritize data risk based on potential impact 
• Enforce least privilege access and AI configuration best practices to cloud AI data used in training and inference. 
• Maintain compliance with regulatory requirements and communicate data exposure risk

Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?

Cloud Threat actors are exploiting vulnerabilities and compromising identities to gain unauthorized access to resources in the cloud. With the escalating frequency of cloud-specific threat vectors, cloud security needs to evolve beyond posture management to threat detection and response across all cloud workloads. Watch this webinar with cloud security experts to learn more about:

• What are cloud-conscious adversaries, and how do they operate? 
• Why does cloud security need threat detection and response?
• What makes detection and response different in the cloud
• How multi-cloud workloads can be protected through cloud detection and response

Defending Against the Cloud Adversary: Detection and Response in the Cloud

The phrase “it's not if, it's when”, has been around for decades. However, businesses still aren’t prepared to recover or resist and therefore be resilient to major incidents. In today’s digital landscape, SaaS data is the lifeblood of every organization, and for compliance leaders, safeguarding this critical asset goes beyond traditional cyber security measures—it's about ensuring continuous data protection, compliance, and resilience against growing threats.

Join us this Cyber Security Awareness Month for an exclusive webinar focused on data in SaaS applications like Salesforce, ServiceNow, and Microsoft Dynamics.  We’ll explore ways to preserve the integrity of historical data and changes needed to build trust in your digital future.

The webinar will cover:
• What causes this lack of preparedness and how do we combat it? 
• How can we more accurately estimate the impact and prepare to ensure core operations will continue?
• Proven strategies for fast identification and recovery from unauthorized access and breaches in SaaS applications.

This session will equip you with the tools to build a resilient foundation for swift recovery from cyber attacks. Don't miss the chance to review your data security strategies and ensure your organization is prepared.

Cyber Attacks: It's not if, It's when! Why aren't we prepared?

Join us for an insightful webinar, "Uncovering Gaps: Enhancing Cloud Security Posture Management," where we will delve into the critical aspects of securing your customers’ cloud infrastructure. 

As organizations migrate to the cloud, ensuring robust operating system security has become paramount. This webinar focuses on identifying and mitigating blind spots in Cloud Security Posture Management (CSPM).

As part of the Shared Responsibility Model, our expert speaker will discuss essential strategies for implementing and managing secure landing zones to form a hardened security foundation to fortify your customers’ infrastructure, ensure resiliency, mitigate threats, and comply with industry regulations.

Key Topics:
• Understanding Cloud Security Posture Management: An overview of CSPM and its importance in maintaining operating system security in the cloud.
• Securing Landing Zones: How to leverage security best practices in landing zones to support compliance.
• Build versus Buy: Reduce time and avoid misconfigurations when securing your customers’ cloud migrations and deployment.
• Addressing Gaps: Techniques for identifying and mitigating operating system security blind spots in cloud infrastructure.

While relevant to all organizations utilizing the cloud, this webinar is designed for cloud service provider partners and resellers looking to offer their customers an elevated level of security in their cloud infrastructure.

Don’t miss this opportunity to gain valuable insights and knowledge into how you can leverage best practices and resources from the Center for Internet Security (CIS) on to enhance the security of cloud infrastructure hosted on AWS, Azure, Google Cloud, and Oracle Cloud.

Uncovering Gaps: Enhancing Cloud Security Posture Management

Data is one of the most frequent targets for cyberattacks and also one of the hardest assets to protect. With growing data volumes, increased regulatory requirements and the shift toward AI, organizations face significant challenges in understanding which sensitive data they hold, who has access to it and where it’s exposed.

To regain visibility and control, organizations are exploring data security posture management (DSPM) and data detection and response (DDR) solutions. These technologies help discover, classify and secure sensitive data, providing the necessary tools to manage data risks effectively in an increasingly complex digital landscape.

Watch Prisma® Cloud's webinar to hear from our senior product marketing lead, Sharon Farber, and gain a better understanding of how to:
• Get started with data discovery and classification in cloud complex datastores.
• Discover agentless tools that allow you to see a full picture of data risk in your environment within 24 hours, without impacting other business operations.
• Monitor data and respond to incidents in near-real time.

Securing the Data and AI Landscape with DSPM and DDR

According to a recent survey, 44% of organizations now recognize compliance as a growth opportunity, but 38% of companies stated that not having an adequate compliance posture slowed their sales cycle. By leveraging innovative strategies and tools, you can transform security and compliance from a necessary burden into a powerful sales enabler.

Join Drata and AWS in a fireside chat with Sign In Solutions to learn how they’ve shared their real-time security and compliance posture and greatly expanded their business. By turning trust into a competitive advantage, Sign In Solutions closed 40% more enterprise deals while decreasing the time they spent on security questionnaires by 25%. 

We will cover:
• How transparency can build trust and be an essential business driver
• Steps to empower your sales teams to self-serve security answers
• Best practices when sharing your security and compliance posture

Conquering Security Reviews: How Sign In Solutions Closed 40% More Deals with Compliance Transparency

Enterprises with stringent security and regulatory requirements face the dual challenge of managing complex Public Key Infrastructure (PKI) operations while securing cloud infrastructure against diverse threats. Legacy PKI systems often impede scalability and efficiency, while the shared responsibility model of cloud computing raises significant data privacy concerns.

To address these challenges, Keyfactor and Anjuna have formed an alliance. This partnership integrates Keyfactor's EJBCA Enterprise, a robust PKI platform, with Anjuna Seaglass, the Universal Confidential Computing Platform. Together, they offer a unified solution that simplifies digital identity management and enhances data security.

Join our webinar to learn how this collaboration empowers organizations to navigate PKI complexities and secure cloud environments, ensuring compliance and operational efficiency. Discover practical insights and strategies to streamline your digital identity management and fortify your cloud infrastructure against emerging threats.

Streamline Digital Identity & Secure Your Cloud: Insights from Keyfactor & Anjuna

The Cloud Security Alliance has published the Implementation Guidelines for the Cloud Controls Matrix version 4. The CCMv4 Implementation Guidelines are tailored to the security and privacy control specifications of the 17 cloud security domains of the CCM, with their main goal being to provide “how-to” guidance and recommendations in support of their proper implementation.

Given a certain CCM control specification, the document explains what should be done to effectively implement and monitor a CCM control in alignment with the Shared Security Responsibility Model (SSRM), which specific best practices should be followed, what the specific regulations of reference are, and what the differences are when implementing a control from the SaaS-PaaS-IaaS perspective.

The CCM Implementation guidelines are a collaborative product from volunteering subject matter experts within the CCM Working Group, and it is based on shared CSPs and CSCs experiences in implementing and securing cloud services when leveraging the CCM controls.

Speakers:
Vani Murthy, Senior Information Security and Compliance Advisor, Akamai Technologies at Cambridge
Ashish Vashishtha, Cybersecurity Manager and Security Architect, IBM
Erik Johnson, Senior Enterprise Cloud Security Specialist, USA, Federal Reserve Information Technology

The Implementation Guidelines for the Cloud Controls Matrix v4

SSRM

Cloud Controls Matrix

CSPs

CSCs

Cloud Service Providers

CCM Implementation

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Implementation Guidelines for the Cloud Controls Matrix v4

Presented by

About this talk

More from this channel