Name: Untying the Gordian Knot: Making Sense of SaaS App Permissions Models
Start: 2023-06-27T18:00:00Z
End: 2023-06-27T18:00:39.000Z
Location: BrightTALK
Rating: 4.3

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Kubernetes has revolutionized how we build, deploy, and manage applications, but it also introduces new complexities. This webinar explores Kubernetes not only from a security perspective but from the lens of developers. We’ll dive into the challenges posed by containerized environments, from managing dependencies to securing CI/CD pipelines. Additionally, we’ll discuss how Kubernetes operates as a cloud in itself and how deploying and scaling it in public cloud environments adds layers of complexity. Whether you’re a developer or a security professional, this session will equip you with key insights to navigate the intersection of development and security in the cloud-native ecosystem.

Kubernetes: Development Challenges and Security Considerations in a Cloud-Native World

In this session, we’ll delve into how an industrial company tackled the challenge of securing non-human identities (NHIs) in their Azure environment. As the organization transitioned to cloud-first operations, it quickly faced the complexity of managing a growing number of NHIs. From APIs to service accounts and automated systems, these NHIs were critical to the company's operations, but their proliferation led to serious security and compliance risks.

Using advanced technologies, the company was able to uncover and classify all NHIs across their Azure landscape, enabling a clear understanding of ownership and access control.

Key issues tackled in the session include:
• Discovering and managing NHIs in a complex Azure environment
• Automating the remediation of high-risk identities with excessive privileges
• Ensuring continuous compliance with industry regulations
• Achieving significant reductions in security incidents and operational inefficiencies

By the end of the session, attendees will gain valuable insights on how to integrate NHI security into their own cloud environments and move from reactive to proactive management of these critical assets. The discussion will feature expert commentary on overcoming common challenges and implementing best practices to ensure secure, scalable, and compliant NHI management.

How an Industrial Company Optimized NHIs in their Azure Environment

AI Copilots such as M365 Copilot bring transformative potential, empowering your company employees to access and analyze vast amounts of enterprise data within SaaS applications. While this significantly boosts employee productivity, it introduces new data security and governance risks. In the rush to adopt Copilot adoption, many organizations have overlooked essential data controls, leading to unintended exposure of sensitive information. Employees may unknowingly query confidential data, such as salary details, M&A plans, or even passwords—information they should not be able to access.In this webinar, we will discuss a framework for enforcing best practices for safely adopting AI Copilots such as Microsoft 365. By putting in place robust data security and governance measures, we will explore how to prevent unauthorized data access and ensure that sensitive data remains protected when using Microsoft 365 Copilot within the company.

Key Takeaways:
• Understand the security implications of an unplanned AI Copilot rollout
• How to evaluate your organization’s readiness for AI Copilot adoption
• Implementing a 6-step framework for automating data security and using Copilot safely

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Service accounts are everywhere, but their overprivileged, multi-use, and often unmanaged nature makes them a security liability. Managed identities (and other “passwordless” NHIs) are considered a safer alternative, yet they come with their own set of vulnerabilities attackers can exploit.

Join this 30-minute webinar to learn from NHI security researchers:
• The types and common pitfalls of service accounts.
• How to convert service accounts into managed identities in Azure.
• The downsides of managed identities - and a live demo of how attackers exploit them.
• Best practices to avoid common misconfigurations.

*Bonus* Get a practical tool to map all managed identities in your Azure environment (IYKYK).

Service Accounts vs. Managed Identities: Real Exploits & Best Practices

Results from InformationWeek’s State of Endpoint Management Automation survey show that even with endpoint management budgets on the rise, organizations remain mired in manual tasks, legacy technologies, and a distributed technology stack that hinder effective and secure management of endpoint devices.

Register for this webinar to hear from experts discuss the findings from the recent research report and share strategies and tech to help improve the secure patching of your organization's devices in the year ahead.

How to Prep Your ITOps Team for Secure Endpoint Management in 2025

As AI-powered solutions for security become more commonplace, organizations need to understand where human expertise remains crucial. While automation can identify issues, remediation is trickier - the context and business requirements often demand more nuanced solutions that only experienced professionals can provide.

Join Michael St.Onge, Head of Technical Services at Tamnoon, as he opens up the AWS Console and walks through remediating a public S3 bucket.

Does that sound simple enough to let automation handle it? Of course, but we’ll show you why this seemingly easy-to-automate fix requires careful consideration of business needs and user access patterns to implement an effective security solution that goes beyond the standard automated recommendations.

In this session, you're going to learn:
• Real-world demonstration of when to use AI & where humans come into play to remediate a real AWS S3 security issue 
• How to evaluate security findings given a broader organizational context (and when to use AI)
• When to use automation and when to intervene to avoid missing critical business context

Hands-On Cloud Security: AI Remediations vs Human Verification

Make your ephemeral environments as secure as they are fast!

Ephemeral environments enable rapid scaling, efficient testing, and quicker go-to-market times. But they also expand your attack surface, making them prime targets for sophisticated threats.

In this webinar you'll discover:

• Why short-lived environments don't guarantee safety.
• Actionable strategies for securing containers, Kubernetes, and serverless applications.
• Real-world examples of modern ephemeral attacks and how to prevent them.

Make your ephemeral environments as secure as they are fast and don’t leave your cloud infrastructure vulnerable.

Securing Ephemeral Enviroments

As organizations rapidly embrace AI to drive innovation and competitive advantage, explore the critical intersection of enterprise AI adoption and data governance. Learn how leading enterprises are balancing the transformative potential of AI with the imperative to maintain robust security and compliance guardrails. 

We'll explore the unique challenges of protecting sensitive data in AI workflows, from securing training data and model outputs to ensuring responsible AI development practices. Learn how forward-thinking organizations are adapting their governance frameworks to address emerging AI-specific risks while fostering innovation. We’ll discuss practical approaches to building AI governance programs that satisfy security, privacy, and ethical requirements without stifling the agility needed for successful AI initiatives. Join us for this essential conversation about navigating the complex landscape of enterprise AI security and governance.

Enterprise AI Intro & Risk/Governance Implications

The AI supply chain is becoming increasingly intricate, with multiple components—data sources, models, APIs, and infrastructure—interconnected within dynamic cloud environments. Understanding these relationships and securing the full pipeline is critical to prevent vulnerabilities from being exploited. In this webinar, we will explore the key components of the AI pipeline, how they are linked, and where security risks are most likely to arise.

In this webinar:
• Breakdown of the AI supply chain: how data, models, APIs, and infrastructure are connected.
• Understanding the potential risks in the AI pipeline and how vulnerabilities can propagate through interconnected components.
• Best practices for securing the AI supply chain and ensuring that every component is protected from exploitation.

Unfolding the Complexity of the AI Supply Chain: Securing the Pipeline

Security teams everywhere are feeling the squeeze, with limited resources to tackle ever-growing challenges. The good news? IT, Operations, and Infrastructure teams can be powerful allies in building a stronger security posture. In this webinar, we’ll dive into practical ways to turn these teams into key partners, giving them the tools and confidence to take on security tasks. We’ll share real-world examples of how organizations are fostering collaboration, breaking down silos, and building a shared sense of responsibility that drives better results without overburdening anyone. Let’s explore how to work smarter, not harder, in 2025.

Own, now a Salesforce company, empowers organizations of all sizes to ensure the availability, security, and compliance of mission-critical data, while unlocking new ways to gain deeper insights faster.

Breaking Down Silos: How IT, Ops, and Infrastructure Teams Can Be Force Multipliers for Security in 2025

Cloud Security for SaaS-Based Startups is a comprehensive guide designed to address the unique challenges faced by SaaS-based startups as they scale and grow. Startups operate in a dynamic environment where security is not just a technical necessity but a cornerstone of customer trust, regulatory compliance, and operational resilience. This guide offers practical, actionable strategies tailored to startups' specific needs, helping them navigate their security journey at every stage.

The document’s phased approach emphasizes the importance of aligning security practices with the startup lifecycle, enabling companies to establish strong foundations during their inception, mature their systems as they grow, and meet the advanced demands of regulated industries and global markets. It covers critical topics such as cloud platform security, data protection, compliance, governance, and incident response, making it an essential resource for any startup looking to scale securely.

In this webinar, the authors of the guide—experienced cloud security professionals—will share their insights and expertise. They will provide a behind-the-scenes look at the research, highlight key takeaways, and share lessons learned from real-world implementations. This session is an opportunity to engage with the creators of this valuable resource, ask questions, and gain practical advice tailored to the startup ecosystem.

Whether you’re just starting your journey or scaling to meet enterprise demands, this webinar will equip you with the tools and strategies needed to build a secure and resilient startup. Join us to explore how to align security with growth and ensure long-term success in today’s fast-paced digital landscape.

Building Security for SaaS Based Startups

With the NIS 2 Directive being rolled out across the continent, organisations operating within the EU must proactively address its stringent cybersecurity requirements. Recent insights from a survey of 1,000 compliance professionals reveal that over 40% of organisations worldwide anticipate being impacted. The directive’s focus on strengthening cybersecurity resilience underscores the critical need for timely preparation to avoid severe penalties for noncompliance.

Join Drata and A-LIGN for an insightful CSA Cloudbyte webinar that delves into the importance of NIS 2 compliance. Our expert panel will explore:

• Key provisions of the directive and how they affect essential and important entities.
• Practical steps to achieve compliance, including gap analysis, policy development, and personnel training.
• The alignment of NIS 2 with frameworks like ISO 27001 to streamline efforts and enhance organisational resilience.

Leveraging A-LIGN’s 15+ years of ISO audit experience and Drata’s robust compliance platform, attendees will gain actionable strategies to simplify their NIS 2 journey and demonstrate trust to regulators, partners, and customers.

Don’t miss this opportunity to future-proof your cybersecurity program. Register today!

NIS 2 Compliance: Why It Matters and How to Prepare

As AI-powered applications become more central to business operations, understanding the ecosystem behind them is essential for securing these systems. In this educational webinar, we will explore the components that form the backbone of AI applications, from data pipelines and models to APIs and endpoints. We will help you understand the vulnerabilities that arise in these environments and provide actionable strategies for protecting your AI systems.

This session will guide you through three real-world use cases to illustrate the challenges and security considerations in AI development:

• Customer Support Chat: Learn about securing interactions, understanding data pipelines, and protecting sensitive customer information.
• IT Assistant Agent: Explore how to apply best practices to AI models that interact with critical system data, mitigating risks and ensuring privacy.
• Ecommerce Smart Recommendation App: Understand the risks associated with consumer data and, and how to protect these models while maintaining compliance.

Understanding the AI Ecosystem: How to Secure AI-Powered Applications in 2024

CNAPPs have brought unprecedented visibility into cloud identity and permissions risks, but visibility alone doesn't solve the problem. Thousands of findings (like unused identities, over-permissioned accounts, and lateral movement risks) have been prioritized, but we’re still asking devs to fix these one by one in a process that never brings meaningful risk reduction. Cloud teams are inundated, struggling to remediate these issues while keeping productivity high.

Join us for an insightful webinar where we discuss how to centralize policy control and bulk remediation that will burn down the CNAPP alert queue. We’ll explore:

• Why identity and permission issues pile up despite CNAPP’s insights
• How to cut through the complexity of manual remediation with bulk actions
• Centralizing and giving control back to the cloud team while still ‘shifting left’

Discover practical approaches to operationalize CNAPP findings, enable bulk fixes, and implement least-privilege practices without compromising productivity. 

If you’re ready to transform CNAPP visibility into real risk reduction, this webinar is for you.

Tackling AWS Identity Risks at Scale—Beyond CNAPP Visibility

Balancing rapid software releases with stringent compliance requirements is a challenge that many organizations face. Compliance and DevOps teams often have competing priorities, leading to bottlenecks, delays, and frustration. But it doesn’t have to be this way.

Join Drata and AWS for an engaging session where GRC and DevOps leaders will discuss their goals and challenges and how starting compliance left has led to faster releases and easier audits. Learn about their best practices on the processes and technologies that help them work together to navigate the complex web of industry regulations and audit requirements.

Topics covered: 
• Best practices for collaboration between DevSecOps and Compliance teams 
• How to create workflows for maintaining checks and balances to help your teams thrive
• How to build a culture of security and compliance across your organization 
• Tools and solutions that enable smoother collaboration and faster time to market while staying audit-ready

If you’ve ever felt the friction between compliance, security, and development, this webinar is for you. Join us to learn how to turn “Compliance vs. DevOps” into “Compliance and DevOps”—better together.

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

Join us for a candid conversation with Mario Duarte, former CISO at Snowflake and now the CISO of Aembit. Mario is now focused on one of cybersecurity’s toughest and most overlooked challenges: securing non-human identities (NHIs) across applications, services, and workloads.In this live discussion, we’ll go behind the curtain and talk about the real issues security teams are facing when it comes to managing access between workloads and sensitive resources. Mario will break down why relying on static credentials is a ticking time bomb and share practical, real-world NHI security solutions for complex and distributed enterprise environments.

What we’ll cover:
• Why static credentials and secrets management vaults are no longer enough.
• How to ensure your workloads authenticate securely to the right resources.
• What parallels can be drawn between human IAM (think username/password) and non-human IAM.
• How to confidently embrace innovative solutions from emerging companies without compromising security.

This is your chance to hear directly from a veteran CISO with a passion for identity management and experience on the frontlines of enterprise security.

A CISO’s Perspective on Securing Non-Human Identities

As with any piece of enterprise software, choosing and buying a PAM solution is a fraction of the battle. Many installations fail or never get rolled out fully due to deployment complications and competing priorities. In this webinar, we will discuss common pitfalls, where implementations typically fail, and what you can do to make sure you are fully prepared to deploy and roll out PAM successfully in your organization.

Join this session to:
• Understand why many PAM rollouts fail
• Explore best practices around deployment
• Put a plan for success together
• Learn about new methodologies that can facilitate success

Unlocking Success: Navigating the Pitfalls of Privileged Access Management Deployment

Cloud Native applications and Services are the workhorses of modern cloud environments. They hold most of the organization's crown jewels and are therefore often the target for insider and outsider threats. Existing cloud security posture management and hardening solutions (CSPM) as well as real time detection and response solution (EDR) operate in Silo mode and are therefore failing to provide systematic security across the lifecycle of Cloud Native assets.

Cloud Security Reimagined: Bridging the Cloud – DevSecOps - Application Security Gap

Proper permissioning is foundational to secure implementation and administration of SaaS applications. Customer demand and vendors build fine-grained and highly flexible permissioning models but inadvertently make understanding who exactly has access to what extraordinarily difficult. Compounding this challenge is each app’s unique approach to permissioning, and even apps that appear to have similar models often differ in nuanced but meaningful ways. Multiply this situation by hundreds of apps in an enterprise portfolio and you understand why applying and maintaining effective permissions is nearly impossible for today's app owners and security team. Join AO Labs and it’s SaaS security experts to understand the realities of modern SaaS permissioning, its challenges, possible attack vectors, and ways you can protect your organization.

Untying the Gordian Knot: Making Sense of SaaS App Permissions Models

Information Security

Cyber Security

Application Security

Application Management

Security Management

Cloud

SaaS

Cloud Security

Enterprise Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Untying the Gordian Knot: Making Sense of SaaS App Permissions Models

Presented by

About this talk

More from this channel