CISOs and their teams have been discussion more frequently how to leverage a comprehensive zero trust strategy to improve their organizations' risk tolerance. For many, its overarching business value also is incontrovertible. However, conveying an easily digestible manner to other CxOs and boards of directors just how it strengthens cybersecurity, resilience and privacy postures, as well as the ways it contributes to enhancing and evolving business operations can prove trying at times. We discuss how CISOs of organizations that have or are pursuing a Zero Trust strategy helped management and other internal stakeholders understand the positive impacts to cybersecurity operations, their continuing digital transformations, and their companies' futures, as well as share tactics to getting much-needed support and the buy-in to actually execute and progress Zero Trust.
Unleash the Full Power of Secure Digital Transformation with Zero Trust
Learn how zero trust architecture secures users, workloads, and IoT/OT devices by addressing critical security shortcomings of legacy network architecture. This session covers key steps in a phased zero trust transformation journey as well as advice for winning the support of organizational leadership.
Join this session and learn to:
- Recognize issues inherent to routable networks
- Identify initial steps and key phases of zero trust transformation
- Demystify zero trust architecture for business leaders
Come join Corey Smith from Qualys as he walks you through how attackers attempt to use Ransomware in your cloud environments. You will learn a few of the common ways Ransomware gets onto and propagates in your cloud, and Corey will talk about the multi-faceted approach that is required for preventing ransomware in the cloud.
In today’s digital and modernized businesses, simply having visibility in your cloud ecosystem is no longer sufficient. It’s essential for IT and business leaders to have context and a comprehensive understanding of how their data is moving, who has access to it, and the full extent of their digital supply chain. Without this contextual understanding, it’s difficult to effectively manage cloud resources to ensure security, compliance, and cost-effectiveness for 2023. CISOs, CIOs, and CEOs need to be able to make informed decisions about their cloud ecosystem for the business, and this requires visibility and context of their data and systems. Today’s panelists will discuss the challenges businesses face with visibility and no context. They will also discuss how context, observability, and security strategies are helping organizations be successful in the cloud.
Learn how AI will be critical in turning the tables against attackers and how Microsoft is using AI in its security products to make defenders more effective and efficient in hunting for threats and responding to security incidents.
Cloud Security in the Quantum Era: Getting ready for Y2Q
Quantum computers are a reality today. They can already perform computations, deemed impossible or at least very lengthy with classical computers. Having access to improved computing power is great news in many areas. However, this also represents a threat for most of our communications and especially for the Cloud. Indeed, cryptography, which is underpinning the security of our communication infrastructure, is based on some hard mathematical problems, which will become tractable with a quantum computer. Cloud Security has to be revamped.
The Cloud Security Alliance has been a pioneer in promoting awareness about the quantum threat. The Quantum-Safe Security working group was created eight years ago, bringing together industry people and academics from different backgrounds. Today, we continue our educational and awareness program, for example, with our Y2Q (year to quantum) countdown, presented on the CSA website. Based on current estimations, a quantum computer should be able to break our cybersecurity infrastructure in about 7 years. This countdown is aimed at emphasizing the imminence of the threat and the need to find and implement new solutions.
This presentation will start with a brief explanation of the quantum computer and explain the quantum threat. We will then present possible solutions. Some are based on new algorithms, known as quantum-resistant algorithms. They can be complemented with quantum solutions, which utilize the same peculiar properties of the quantum world to thwart the quantum computer threat. Together, they will be part of a new quantum-safe infrastructure, which will recover and even improve cloud security.
UN ICC Cloud Strategy - Mission Critical and Sovereign
In this keynote, Ms. Soni explains how the unique needs of the United Nations agencies are resulting in a carefully designed security model and architecture spanning public and private clouds. She will also provide key insights into the importance of digital sovereignty and key future trends her organization is tracking.
New York is one of the most technologically advanced states in the country. How does the state's executive branch identify cybersecurity priorities and strategic direction? Colin Ahern, New York's first-ever Chief Cyber Officer will share insights and experiences about the state's embrace of the cloud, its zero-trust future, and offer some lessons learned on how New York is strengthening its cyber resilience, investing in necessary cybersecurity personnel, building relationships internally and externally, and partnering with the private sector and academia.
Cloud Security Is Broken, but It Doesn’t Have to Be
Cloud development is fast, but remediation is manual and slow and doesn’t keep up with the speed of attacks in the cloud. Teams use tools to detect misconfigurations and vulnerabilities, but they're overwhelmed by alerts and slow remediation. Developers are frustrated with the security team and the security team is frustrated with the lack of visibility into the dev processes and the slow remediation. In this session, Dazz CEO Merav Bahat will discuss modernizing cloud risk discovery and remediation to reduce risk windows from weeks to hours, improving the partnership between security and development teams.
The Perfect Storm: Preparing Today for the Future State of Cloud Security
Hybrid IT environments are no longer the exception for the modern enterprise; they are now the rule. Faced with this new reality, today’s IT leaders need to manage and secure a continuously changing attack surface. In fact, CrowdStrike has seen a 288% increase in attacks targeting cloud workloads, with an average breakout time, the point where the adversary can move laterally, of just under 90 minutes. Embracing hybrid IT allows your organization to innovate more rapidly and achieve better business outcomes through technology. But you have to achieve these outcomes while minimizing risk - that’s the goal.
Achieving that resilience requires an adversary-focused approach that provides comprehensive visibility, and continuous protection of cloud workloads, containers, and serverless environments. Come join Tina Thorstenson, VP, Industry Business Unit & Executive Strategist at CrowdStrike and Jeff Farinich, SVP Technology Services and CISO of New American Funding for this keynote to:
- Key insights of cloud attack vectors and adversary techniques from the latest CrowdStrike Global Threat Report - and the impact to your business.
- Learn best practices for modern cloud security strategies to defend multi-cloud environments.
- Discover how New American Funding secured their environment and transformed its cloud environment to accelerate business.
Organizations can meet compliance/regulatory responsibilities in the cloud, but still be susceptible to a threat actor escalating privileges, exfiltrating data, and targeting you for ransomware. Threat actors today have become cloud experts. Their TTPs are evolving quicker than most want to believe. Therefore, it's time we start thinking like them and mimicking the detection of their attack behavior.
Fireside chat with Oliver Newbury and Ronald Ritchey of Barclays
Two CISOs from Barclays discuss both the benefits and the challenges for Cloud Security and how “policy is the new perimeter.” Also discussed is the difficulties presented by the rapid innovation put forth by cloud vendors.