Name: Navigating the new PCI DSS v4.x Requirements for Cloud Service Providers
Start: 2025-04-18T15:00:00Z
End: 2025-04-18T15:00:59.000Z
Location: BrightTALK
Rating: 0

Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Ever wonder what security leaders across industries are focusing on in the GRC space? What are their top priorities, and how should they shape yours?

Join Vanta’s GRC Subject Matter Expert, Faisal Khan, and Daniele Catteddu, CSA's Chief Technology Officer, for a deep dive on building and scaling GRC programs. They will share their take on the role of trust, AI, and automation in strengthening your foundation and preparing for what’s next.

What to expect:
Point of view on top of mind issues for GRC leaders
Role of trust management in scaling GRC 
Where to prioritize AI and automation in GRC

Scaling GRC with Trust, AI, and Automation

Join us for an exclusive fireside chat with Oasis Security, where industry experts will share insights, experiences, and perspectives on today’s most pressing topics. This informal yet informative session is designed to provide valuable takeaways in a conversational setting.

Top Cloud Threats within AI Security

Identity security has traditionally been viewed as a critical yet limiting layer of defense—a necessary barrier against evolving cyber threats. But what if identity management could become more than a defensive perimeter? In this session, we'll explore how forward-thinking enterprises are leveraging non-human identities, as a catalyst for innovation, agility, and business acceleration. Join us to discover:
• How proactive identity strategies enable rapid adoption of emerging technologies, from generative AI to automated DevOps.
• Real-world examples where robust management of non-human identities empowered organizations to launch new services and solutions confidently and securely.
• Practical guidance on shifting your organization's perspective from seeing identity security solely as a risk mitigation tactic to embracing it as a strategic enabler of growth and innovation.
• Turn identity security into your organization's competitive advantage.

From Barrier to Catalyst: Transforming Identity Security into an Engine of Innovation

As businesses rapidly adopt cloud and SaaS technologies, the traditional model of centralized IT control has given way to business-led technology decisions. Rather than fighting this shift, forward-thinking security teams are embracing it by implementing unified visibility and intelligence across their expanding digital ecosystem. This session explores how modern access security and data-driven governance enables organizations to support business-driven innovation while maintaining security control.

Beyond Shadow IT: Enabling Business Innovation Through Unified Access Intelligence

Cloud security teams are inundated with alerts, making it difficult to prioritize what matters most and resolve issues efficiently. While this isn’t a new problem, understanding the scope and scale of the challenge is key to finding solutions. To dive deeper, we analyzed 3,960,090 alerts from our proprietary data to break down the problem at scale. In this session, we’ll reveal the most common misconfigurations and explore the factors behind dangerously long dwell times and high MTTR, some stretching up to 498 days and 285 days, respectively. What’s adding to the complexity? Inconsistent severity ratings across different tools, making prioritization even harder. But it’s not all doom and gloom. We’ll highlight quick wins you can implement today, along with key alert types to prioritize for faster triage and risk reduction. By the end of this session, you’ll learn from our expert services team how they tackle these problems at scale every day, and you’ll take away your data-backed strategies to cut through the noise, tackle high-risk misconfigurations, and improve your cloud security posture.

From Alert to Remediation: Millions of Alerts Analyzed to Shape Your Strategy

Many people still view AI as primarily Large Language Models (LLMs) like ChatGPT, posing business risks through employee interaction. However, AI now includes various types of language models, productivity platforms like Co-Pilot, and Agentic AI that trains "robots" to perform technical tasks.

These AI agents, driven by specialized language models, operate autonomously and raise cyber risk by using non-human accounts for data access and workflow integration. Despite these risks, they offer benefits in vulnerability management, security operations, and automatic remediation.

Join Illena Armstrong, President of CSA and Rick Dotan, CISO at Carolina Complete Health, as they explore the risks and benefits, current organizational uses, and future developments of this ever evolving technology.

The Risks and Benefits of AgenticAI to Cybersecurity and Your Organization

The integration of Agentic AI and advanced machine learning (ML) in the financial services sector is redefining defensive security practices, enabling organizations to strengthen their ability to respond to cyber threats and ensure regulatory compliance. Agentic AI, with its autonomous decision-making capabilities, combined with ML-driven techniques, is enhancing incident response, policy enforcement, and security operations through automation and real-time adaptation. This abstract explores how Agentic AI and advanced ML are transforming key areas of defensive security, including incident response, playbooks, code reviews, and the creation of security architecture blueprints. These AI-powered solutions facilitate the automation of security processes, such as policy-as-code implementation and the development of configuration baselines that ensure consistency and resilience across complex IT environments. Furthermore, Agentic AI enables dynamic risk assessments by continuously analyzing potential vulnerabilities and suggesting mitigations. By embedding AI and ML into these critical security domains, financial institutions can enhance their proactive defense posture and reduce human error in security operations. The paper also discusses the ethical considerations, regulatory challenges, and best practices for integrating Agentic AI into security frameworks, underscoring its role in creating a more agile, secure, and resilient financial services ecosystem.

March FinCloud: AI in Financial Services for Defensive Security

2025 is already proving to be a dynamic year for cybersecurity professionals, who continue to face a multitude of threats, challenges, and external pressures. This panel webcast, led by Illena Armstrong, President of CSA, will delve into critical issues such as cloud security strategies, AI governance and regulation (including the emergence of DeepSeek), effective board interaction and reporting, and the potential impact of the new administration in Washington, D.C. on the cybersecurity landscape. Join us for discussion and debate on these topics and earn CPE credit for attending.

Navigating the New Year: What to Expect in 2025

Compliance in a global context requires harmonization across borders, regulations, and standards. This session will explore the roles of international cooperation and standardization in building a consistent compliance landscape. We’ll discuss the critical role of regulators and the importance of dialogue between industry leaders and regulatory bodies to foster shared understanding and guidelines. Additionally, we’ll examine the areas where standardization is most needed, from data protection to AI ethics, and consider how global standards can streamline compliance processes for multinational organizations. Participants will leave with insights into the future of compliance on the world stage and the collaborative efforts required to achieve it.

International Cooperation and Standardization

Join Jim Reavis, CEO of the Cloud Security Alliance (CSA), and Phil Venables, Chief Information Security Officer at Google Cloud, for an insightful fireside chat announcing the Compliance Automation Revolution. This initiative seeks to redefine how compliance and assurance are approached in an era of exponential challenges, including data and compute sprawl and the rapid evolution of Generative AI. In this engaging discussion, Reavis and Venables will explore key strategies to tackle escalating compliance demands, including: Harnessing Automation to streamline processes and improve efficiency. Promoting Regulatory Harmonization to navigate complex frameworks. Driving Control Framework Normalization for consistency and scalability. Leveraging Real-Time Information Exchanges to enhance collaboration and response. Discover how innovative technologies, evolving standards, and best practices are enabling continuous auditing, monitoring, and collaborative compliance solutions that align with today’s fast-paced innovation landscape. Be part of the conversation shaping the future of compliance, risk reduction, and operational efficiency. This is your chance to contribute to a transformative movement driving quality, security, and sustainability in the compliance space. Don’t miss it!

Fireside Chat: Jim Reavis & Phil Venables on the Compliance Automation Revolution

Resiliency is an increasingly important global business and compliance priority across different jurisdictions and business sectors, particularly financial services and those considered to be critical infrastructure. This panel discussion will provide practical organizational and architectural guidance for leveraging Zero Trust security strategy principles to achieve operational resiliency and regulatory compliance.  Key global regulatory requirements for resiliency will be examined, along with aspects of operational resilience where Zero Trust principles can be beneficial in achieving both operational and compliance objectives.

Building Resiliency: Strategies for Compliance and Operational Excellence

Struggling with time-consuming vendor assessments and security questionnaires? Discover how AI-powered tools are revolutionizing third-party risk management. Join Nick Sorensen, CEO of Whistic, in this live webinar to explore game-changing features, including automated security documentation analysis, instant compliance checks, and AI-driven questionnaire responses. This exclusive session will provide CSA members with insights into simplifying vendor assessments, securing documentation, and leveraging a Whistic Trust Center to enhance transparency. Attendees will also gain access to a free 3-month trial of Whistic’s AI-powered assessment tools and lifetime access to the Trust Center. Don’t miss this opportunity to streamline your compliance processes and stay ahead in a rapidly evolving security landscape.

Transform Vendor Assessments and Security Compliance with AI

As organizations seek to meet complex compliance requirements, automation offers promising solutions. In this session, we’ll dive into Compliance as Code, a powerful approach that treats compliance requirements as executable code, enabling teams to automate compliance checks and enforcement. We'll also explore “compliance by design” principles and defaults that make compliance integral to systems and workflows. We’ll examine the convergence of security and compliance automation, focusing on tools and techniques that support governance frameworks and reduce the burden of manual compliance tasks. Finally, we’ll delve into the impact of AI and ML on Compliance Automation. Attendees will gain a practical understanding of how automation can simplify compliance while enhancing organizational resilience.

The Future of Compliance Automation

This opening session will set the stage by exploring the changing landscape of compliance and assurance in cybersecurity. We'll define core concepts like trust and assurance and discuss how these are impacted by evolving legal and regulatory standards, market demands, and disruptive technologies such as artificial intelligence. Through examining market needs from the viewpoints of service providers, customers, auditors, and regulators, this session aims to identify the most pressing compliance challenges. By understanding these foundational issues, participants will be better prepared to engage with the modern solutions covered in later sessions.

The Evolution and Challenges of Modern Compliance

Modern-day compliance has become increasingly complex and dynamic. Scaling a business in a multi-cloud environment while navigating evolving compliance landscapes requires a strategic approach. Join us for a webinar on “GRC in the Cloud at Growing Companies or GRC in the Cloud Unplugged — Becoming Compliance Ready at Scale,” where we’ll discuss effortlessly managing compliance as your cloud environment grows.

This webinar will explore practical strategies to integrate compliance seamlessly into your cloud operations. Our experts will share real-world examples and actionable tips to help you:
• Build Sustainable Compliance Processes: Discover how to automate compliance and address critical challenges in an organization’s multi-cloud ecosystem.
• Implement Risk Controls: Deploy strategies to address different types of risk, including vendor risks, cloud access vulnerabilities, and infrastructure misconfigurations.
• Scale with Confidence: Best practices to meet compliance needs in a growing cloud ecosystem
• Navigate Regulations: Understand how to keep up with evolving regulations and ensure your cloud practices remain up-to-date and effective.

Register now and learn more about building and sustaining a long-term cloud GRC strategy and scaling business in a complex regulatory environment.

GRC in the Cloud: Becoming Compliance Ready at Scale

How do 800 security professionals view and experience Non-Human Identity Security?

Join us for an insightful 30 minutes webinar where we unveil and deep dive into the state of the emerging threat of unmanaged non-human identities (API keys, service accounts, OAuth tokens, secrets etc). 

Some of the key findings include:
• Alarming Incident Rate: Nearly 1 in 5 organizations have experienced a security incident involving NHIs.
• Low Confidence: Only 15% of organizations feel confident in their ability to secure NHIs.
• Top Challenges: Managing service accounts and discovering NHIs are the biggest hurdles.
• Outnumbered: NHIs often outnumber human identities 20 to 1, amplifying security challenges.
• Investment Surge: 1 in 4 organizations are already investing in NHI security, with many more planning to do so within the next 12 months.

And much more..  Don’t miss this chance to gain critical insights and practical steps to secure your NHIs. Register now!

Non-Human Identity Security: Data-Driven Insights

The CSA Annual SaaS Security Survey, commissioned by Adaptive Shield, surveyed over 450 IT and security professionals from large organizations from various industries and locations to better understand the industry’s priorities and plans around SaaS security.

In an era where SaaS platforms power a wide spectrum of industries and the threat of SaaS breaches looms large, SaaS security is on the radar, more than ever.

Join Maor Bin, CEO and Co-founder of Adaptive Shield to delve into the key findings around:
• Budget and resource allocation – during a period of contracting budgets and workforce reductions, organizations increased investment in SaaS security and added dedicated SaaS security team members
• Top pain points in SaaS security – the threats many organizations are struggling to stay ahead of and the tool that’s leveling the playing field
• Solutions in use or in evaluation – increased reliance on SaaS Security Poture Management (SSPM) and Identity Threat Detection & Response (ITDR) to secure the SaaS stack

Securing SaaS: Security’s Newest Top Priority

Mapping the Cloud Control Matrix (CCM) 4.0 to PCI DSS 4.0

Bon Appetite: Determining Cyber Risk Appetite Pertinent to Cloud Computing

Securing Robotic Process Automation in Finance: Safe & Efficient Automation

ON2IT Zero Trust Implementation for Financial Institutions

Empowering Cloud Security Professionals in Financial Services

CSP Perspective Working with Financial Services

Best Practices for Effective Third-Party Management

Governance in the Cloud - Managing Data Regulation

State of Cloud Security for Financial Services

FinCloud Fridays

The PCI DSS v4.x has some new requirements that go into effect March 31, 2025 and cloud service providers need to be aware and ready. Among the more significant changes, the updated Appendix A1:  Additional Requirements for Multi-Tenant Service Providers will require providers to demonstrate good security of payments environments with clear separation between customers and facilitate logging and incident response.  

Join Troy Leach, Chief Strategy Officer at Cloud Security Alliance, along with a panel of PCI compliance experts, for our next FinCloud Friday webinar. This session will break down key changes, their impact on cloud service providers, and what your organization must have in place before the deadline. Stay ahead of compliance challenges and ensure your security controls align with the latest PCI DSS v4.x standard.

Key Topics:
• Overview of the new requirements for multi-tenant service providers
• Engagement strategies for partnering with cloud service providers
• Expert insights on best practices  to meet PCI DSS objectives

Don’t miss this essential discussion—register today to ensure your organization is ready!

Navigating the new PCI DSS v4.x Requirements for Cloud Service Providers

Cloud

Cloud Security

Cyber Security

Financial Services

Information Security

Security

PCI Compliance

PCI DSS

PCI Standards

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Navigating the new PCI DSS v4.x Requirements for Cloud Service Providers

Presented by

About this talk

More from this channel