Name: The Current State of Play and Upcoming Evolutions of the CCM
Start: 2023-05-26T21:03:00Z
End: 2023-05-26T21:03:47.000Z
Location: BrightTALK
Rating: 0

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Kubernetes has revolutionized how we build, deploy, and manage applications, but it also introduces new complexities. This webinar explores Kubernetes not only from a security perspective but from the lens of developers. We’ll dive into the challenges posed by containerized environments, from managing dependencies to securing CI/CD pipelines. Additionally, we’ll discuss how Kubernetes operates as a cloud in itself and how deploying and scaling it in public cloud environments adds layers of complexity. Whether you’re a developer or a security professional, this session will equip you with key insights to navigate the intersection of development and security in the cloud-native ecosystem.

Kubernetes: Development Challenges and Security Considerations in a Cloud-Native World

Service accounts are everywhere, but their overprivileged, multi-use, and often unmanaged nature makes them a security liability. Managed identities (and other “passwordless” NHIs) are considered a safer alternative, yet they come with their own set of vulnerabilities attackers can exploit.

Join this 30-minute webinar to learn from NHI security researchers:
• The types and common pitfalls of service accounts.
• How to convert service accounts into managed identities in Azure.
• The downsides of managed identities - and a live demo of how attackers exploit them.
• Best practices to avoid common misconfigurations.

*Bonus* Get a practical tool to map all managed identities in your Azure environment (IYKYK).

Service Accounts vs. Managed Identities: Real Exploits & Best Practices

Results from InformationWeek’s State of Endpoint Management Automation survey show that even with endpoint management budgets on the rise, organizations remain mired in manual tasks, legacy technologies, and a distributed technology stack that hinder effective and secure management of endpoint devices.

Register for this webinar to hear from experts discuss the findings from the recent research report and share strategies and tech to help improve the secure patching of your organization's devices in the year ahead.

How to Prep Your ITOps Team for Secure Endpoint Management in 2025

The AI supply chain is becoming increasingly intricate, with multiple components—data sources, models, APIs, and infrastructure—interconnected within dynamic cloud environments. Understanding these relationships and securing the full pipeline is critical to prevent vulnerabilities from being exploited. In this webinar, we will explore the key components of the AI pipeline, how they are linked, and where security risks are most likely to arise.

In this webinar:
• Breakdown of the AI supply chain: how data, models, APIs, and infrastructure are connected.
• Understanding the potential risks in the AI pipeline and how vulnerabilities can propagate through interconnected components.
• Best practices for securing the AI supply chain and ensuring that every component is protected from exploitation.

Unfolding the Complexity of the AI Supply Chain: Securing the Pipeline

Cloud Security for SaaS-Based Startups is a comprehensive guide designed to address the unique challenges faced by SaaS-based startups as they scale and grow. Startups operate in a dynamic environment where security is not just a technical necessity but a cornerstone of customer trust, regulatory compliance, and operational resilience. This guide offers practical, actionable strategies tailored to startups' specific needs, helping them navigate their security journey at every stage.

The document’s phased approach emphasizes the importance of aligning security practices with the startup lifecycle, enabling companies to establish strong foundations during their inception, mature their systems as they grow, and meet the advanced demands of regulated industries and global markets. It covers critical topics such as cloud platform security, data protection, compliance, governance, and incident response, making it an essential resource for any startup looking to scale securely.

In this webinar, the authors of the guide—experienced cloud security professionals—will share their insights and expertise. They will provide a behind-the-scenes look at the research, highlight key takeaways, and share lessons learned from real-world implementations. This session is an opportunity to engage with the creators of this valuable resource, ask questions, and gain practical advice tailored to the startup ecosystem.

Whether you’re just starting your journey or scaling to meet enterprise demands, this webinar will equip you with the tools and strategies needed to build a secure and resilient startup. Join us to explore how to align security with growth and ensure long-term success in today’s fast-paced digital landscape.

Building Security for SaaS Based Startups

With the NIS 2 Directive being rolled out across the continent, organisations operating within the EU must proactively address its stringent cybersecurity requirements. Recent insights from a survey of 1,000 compliance professionals reveal that over 40% of organisations worldwide anticipate being impacted. The directive’s focus on strengthening cybersecurity resilience underscores the critical need for timely preparation to avoid severe penalties for noncompliance.

Join Drata and A-LIGN for an insightful CSA Cloudbyte webinar that delves into the importance of NIS 2 compliance. Our expert panel will explore:

• Key provisions of the directive and how they affect essential and important entities.
• Practical steps to achieve compliance, including gap analysis, policy development, and personnel training.
• The alignment of NIS 2 with frameworks like ISO 27001 to streamline efforts and enhance organisational resilience.

Leveraging A-LIGN’s 15+ years of ISO audit experience and Drata’s robust compliance platform, attendees will gain actionable strategies to simplify their NIS 2 journey and demonstrate trust to regulators, partners, and customers.

Don’t miss this opportunity to future-proof your cybersecurity program. Register today!

NIS 2 Compliance: Why It Matters and How to Prepare

As AI-powered applications become more central to business operations, understanding the ecosystem behind them is essential for securing these systems. In this educational webinar, we will explore the components that form the backbone of AI applications, from data pipelines and models to APIs and endpoints. We will help you understand the vulnerabilities that arise in these environments and provide actionable strategies for protecting your AI systems.

This session will guide you through three real-world use cases to illustrate the challenges and security considerations in AI development:

• Customer Support Chat: Learn about securing interactions, understanding data pipelines, and protecting sensitive customer information.
• IT Assistant Agent: Explore how to apply best practices to AI models that interact with critical system data, mitigating risks and ensuring privacy.
• Ecommerce Smart Recommendation App: Understand the risks associated with consumer data and, and how to protect these models while maintaining compliance.

Understanding the AI Ecosystem: How to Secure AI-Powered Applications in 2024

CNAPPs have brought unprecedented visibility into cloud identity and permissions risks, but visibility alone doesn't solve the problem. Thousands of findings (like unused identities, over-permissioned accounts, and lateral movement risks) have been prioritized, but we’re still asking devs to fix these one by one in a process that never brings meaningful risk reduction. Cloud teams are inundated, struggling to remediate these issues while keeping productivity high.

Join us for an insightful webinar where we discuss how to centralize policy control and bulk remediation that will burn down the CNAPP alert queue. We’ll explore:

• Why identity and permission issues pile up despite CNAPP’s insights
• How to cut through the complexity of manual remediation with bulk actions
• Centralizing and giving control back to the cloud team while still ‘shifting left’

Discover practical approaches to operationalize CNAPP findings, enable bulk fixes, and implement least-privilege practices without compromising productivity. 

If you’re ready to transform CNAPP visibility into real risk reduction, this webinar is for you.

Tackling AWS Identity Risks at Scale—Beyond CNAPP Visibility

Balancing rapid software releases with stringent compliance requirements is a challenge that many organizations face. Compliance and DevOps teams often have competing priorities, leading to bottlenecks, delays, and frustration. But it doesn’t have to be this way.

Join Drata and AWS for an engaging session where GRC and DevOps leaders will discuss their goals and challenges and how starting compliance left has led to faster releases and easier audits. Learn about their best practices on the processes and technologies that help them work together to navigate the complex web of industry regulations and audit requirements.

Topics covered: 
• Best practices for collaboration between DevSecOps and Compliance teams 
• How to create workflows for maintaining checks and balances to help your teams thrive
• How to build a culture of security and compliance across your organization 
• Tools and solutions that enable smoother collaboration and faster time to market while staying audit-ready

If you’ve ever felt the friction between compliance, security, and development, this webinar is for you. Join us to learn how to turn “Compliance vs. DevOps” into “Compliance and DevOps”—better together.

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

Join us for a candid conversation with Mario Duarte, former CISO at Snowflake and now the CISO of Aembit. Mario is now focused on one of cybersecurity’s toughest and most overlooked challenges: securing non-human identities (NHIs) across applications, services, and workloads.In this live discussion, we’ll go behind the curtain and talk about the real issues security teams are facing when it comes to managing access between workloads and sensitive resources. Mario will break down why relying on static credentials is a ticking time bomb and share practical, real-world NHI security solutions for complex and distributed enterprise environments.

What we’ll cover:
• Why static credentials and secrets management vaults are no longer enough.
• How to ensure your workloads authenticate securely to the right resources.
• What parallels can be drawn between human IAM (think username/password) and non-human IAM.
• How to confidently embrace innovative solutions from emerging companies without compromising security.

This is your chance to hear directly from a veteran CISO with a passion for identity management and experience on the frontlines of enterprise security.

A CISO’s Perspective on Securing Non-Human Identities

As with any piece of enterprise software, choosing and buying a PAM solution is a fraction of the battle. Many installations fail or never get rolled out fully due to deployment complications and competing priorities. In this webinar, we will discuss common pitfalls, where implementations typically fail, and what you can do to make sure you are fully prepared to deploy and roll out PAM successfully in your organization.

Join this session to:
• Understand why many PAM rollouts fail
• Explore best practices around deployment
• Put a plan for success together
• Learn about new methodologies that can facilitate success

Unlocking Success: Navigating the Pitfalls of Privileged Access Management Deployment

Cloud Native applications and Services are the workhorses of modern cloud environments. They hold most of the organization's crown jewels and are therefore often the target for insider and outsider threats. Existing cloud security posture management and hardening solutions (CSPM) as well as real time detection and response solution (EDR) operate in Silo mode and are therefore failing to provide systematic security across the lifecycle of Cloud Native assets.

Cloud Security Reimagined: Bridging the Cloud – DevSecOps - Application Security Gap

Vanta’s 2024 State of Trust Report found that cybersecurity risk is the biggest concern for business leaders, higher than both financial and operational risk. With more reliance on third-party vendors and increased use of AI technologies, security leaders face a more complex threat landscape while also managing resource constraints.

Successfully navigating these challenges requires CISOs to go beyond industry standards to address risk, deliver business impact, and build a community of trust. 

In this webinar, we will share key findings from Vanta’s survey of 2,500 IT and business leaders and discuss strategies for building, demonstrating, and strengthening trust across your ecosystem.

The State of Trust: How CISOs Can Go Beyond Industry Standards to Manage Risk

As AI continues to revolutionize industries, the demand for real-time insights and faster decision-making is at an all-time high. However, alongside this growth comes a significant challenge: securing sensitive data during AI model training and inference.

In this webinar, we will explore how Confidential Computing is transforming AI security, using real-world insights from the U.S. Navy’s use case securing LLM workloads. In a groundbreaking POC, the U.S. Navy leveraged Confidential Computing to run secure AI operations on NVIDIA H100 Tensor Core GPUs, ensuring full data privacy without sacrificing performance.

You'll gain a technical understanding of Confidential Computing on GPUs and how the Anjuna Seaglass platform integrates to secure AI workloads at scale. Learn how enterprises and government organizations can unlock secure, AI-driven insights—achieving measurable business value in as little as one hour.

Whether you’re in public sector, finance, healthcare, or any other sector leveraging AI, this session will show you how to secure your most critical data while maintaining the performance and flexibility your business demands.

AI at Its Best: US Navy Explores LLM Trust and Performance with NVIDIA & Anjuna

In this presentation we explore the Interoperability and Portability (IPY) domain of the Cloud Control Matrix (CCM), which comprises four control specifications aimed at ensuring secure and seamless data exchange across multiple platforms and Cloud Service Providers (CSPs). These controls help Cloud Service Customers (CSCs) avoid vendor lock-in and foster an environment where interoperability and portability are not limited by security concerns.

In the Shared Security Responsibility Model (SSRM), both CSPs and CSCs independently share responsibility for ensuring interoperability and portability in the cloud ecosystem. CSPs are typically responsible for implementing standardized communication protocols, maintaining cross-platform compatibility, and ensuring secure data exchange. CSCs, on the other hand, must leverage these tools for secure data backup, transfer, and restoration, as well as manage the integration of cloud environments. Both parties are responsible for documenting data portability obligations, such as defining data ownership and migration procedures.

This presentation will help you understand how effective interoperability and portability controls contribute to a secure, flexible, and vendor-neutral cloud ecosystem.

Interoperability and Portability

What are the must-know secrets to multicloud security? Refactoring applications and AI-driven development reshape cloud security, presenting new challenges to organizations. Security experts must figure out how to be the defenders of their cloud without hindering the teams who build and deploy applications in the cloud.

Join Jason Williams, senior product marketing manager at Palo Alto Networks, for a webinar that explores the six key requirements for securing multicloud environments.

In this webinar, you'll gain insights into:
• Achieving unparalleled multicloud visibility that actually helps you understand your clouds and detect threats swiftly.
• Prioritizing and neutralizing risks effectively to maintain a strong security posture amidst evolving threats.
• Implementing advanced security measures to safeguard sensitive information across all cloud environments.

Equip yourself with the knowledge to enhance your multicloud security strategy. Register now to secure your spot and stay ahead in the ever-evolving world of cloud security.

6 Key Requirements to Multicloud Security

Small and medium-sized businesses understand the need for SOC 2 to show proof that they are protecting those they do business with, growing their business safely, and closing deals. But where do you get started? 

Join Drata and AWS for a technical deep-dive into achieving and maintaining compliance with your AWS infrastructure. You will learn how to leverage automation to increase efficiency and reduce human error and build a SOC 2 roadmap that helps you achieve compliance today while keeping infrastructure and code compliant year-round. 

Topics covered: 
• Key areas to focus on when approaching SOC 2 on AWS infrastructure
• How to leverage automation and AI to increase efficiency and shift left on your compliance program
• What to expect before, during, and after the audit
• How to stay proactive with your compliance program

* Attendees are eligible for a free compliance assessment. *

Smart SOC 2: Automating Compliance with Drata and AWS

In this presentation we explore Universal Endpoint Management (UEM) domain of the Cloud Controls Matrix, which includes fourteen control specifications focused on mitigating risks associated with endpoints, including mobile devices. The primary concerns in endpoint security relate to user behavior and awareness regarding acceptable use policies for devices, whether they are managed, unmanaged, enterprise-owned, or personal.

Under the Shared Security Responsibility Model (SSRM), both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) have independent yet complementary roles in implementing UEM controls. CSPs are responsible for managing endpoint capabilities, including maintaining inventories, approving acceptable services and applications, and implementing security measures like automatic lock screens, firewalls, anti-malware, and data loss prevention technologies. CSCs, in turn, must securely manage their own devices, ensure compliance with CSP security policies, and protect their data.

Universal Endpoint Management

Trust in the Cloud: Find your GDPR Compliance Path with the STAR Program

Standards-based Cloud Security Governance Automation: CIS-CSA-NIST collaboration

National Roadmap to Cloud Adoption The Trust Factor: Trust in Cloud Computing

A Fireside Chat: Roles of Auditors, Technology, and Education in Cloud Assurance

Defend your workforce with phishing-resistant MFA

Transforming Compliance into Competitive Advantage: Building a Robust Framework

Discover the Cloud Security Alliance's STAR Program: Enterprise CISOs Must Know

Examining the business, strategic, and technical values of the STAR Program

Simplify Regulatory & Compliance Requirements in the Cloud

Cloud Security and Best Practices in the Motion Picture Association

The CCM for Financial Services

CSA-ISF Partnership: CCM and SOGP Framework and their Mapping Alignment

Journey to the NIST Cybersecurity Framework 2.0

2023 Cloud Trust Summit

In this panel, we’ll discuss, with some relevant members of the CCM community (CCM leadership and co-authors), the current state of play and upcoming evolutions of the matrix and its components, Implementation and Auditing Guidelines, the Shared Security Responsibility Model (SSRM) Guidelines, Metrics and the CCM Lite. We’ll explain the goal, objectives and target audience of the CCM and its components and address critical questions such as: Why should organisations adopt CCM? How can they best take advantage of the framework? How can CCM be used to satisfy industry-specific governance, risk and compliance needs?

The Current State of Play and Upcoming Evolutions of the CCM

Cyber Security

Information Security

Cloud Security

Cloud

Security

IT Security

Data Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Current State of Play and Upcoming Evolutions of the CCM

Presented by

About this talk

More from this channel