4 Days left to get an iPad Pro, Surface Pro, or $400 Off with Online Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment

  • Wednesday, November 1st, 2017 at 1:00 PM EST (17:00:00 UTC)
  • Dave Shackleford, Allison Cramer, and Mark Butler
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsors

  • BMC Software, Inc.
  • Forcepoint LLC
  • McAfee
  • Qualys

You can now attend the webcast using your mobile device!

Overview

The wholesale migration of end user organizations toward the cloud is now moving so fast that both InfoSec and cloud providers have to spend so much effort keeping up with advancements in the status quo that there's no time to think about the bleeding edge.  

Results of the 2017 SANS Cloud Security Survey are likely to show big changes compared to last year, when respondents said they wanted more visibility into cloud-provider platforms, low-level access for monitoring and forensic analysis, and the kind of accountability to known standards that is routine with other types of service providers.

This year it's not unusual to see cloud providers support not just accountability, but compliancemeaning providing help for users trying to extend PCI, HIPAA, FISMA, FedRAMP and SOX across the cloud. A lot of the things on last year's security wish list seem not only to have arrived, but, increasingly, to have been automated. That doesn't mean security isn't as big a concern today as last year. Encryption is now routine for most network traffic, but attackers have become more aggressive about at exploiting SSL/TLS weaknesses to undermine it. Ransomware has become a major industry, and the success of phishing attacks have helped make exploits against end users one of the most common tactics inside the perimeter or in the cloud.

Many organizations have adopted CASBs and other forms of security-as-a-service to help adapt. But plenty of infrastructure problems remain: Inadequate patching, difficulty establishing how well cloud partners secure infrastructure, potential weaknesses in identity management and access control, and continuing difficulty integrating on-premises security with tools aimed at the cloud all remain major challenges. 

Attend this webcast to learn about the following:

  • Data breaches involving cloud applications
  • Applications and assets that are most commonly targeted
  • Top threats to cloud security
  • Issues and challenges in maintaining cloud security

This session of the 2017 Cloud Security Survey webcast will focus on changes in the threat environment since last year. Part 2, which will be, held on Thursday, November 2 at 1:00 p.m. Eastern, will focus on how organizations have responded to those changes with new systems, controls, policies or organizational decisionsand how effective those changes have been. Click here to register for Part 2.

Register for this webcast to hear SANS cloud security guru Dave Shackleford discuss the results of the 2017 SANS Cloud Security Survey and to get an idea of how your colleagues are adapting to the enormous threat environment of the cloud and how fast the cloud itself is evolving ways to address it. You'll also be among the first with access to the associated results paper, including analysis of how quickly the cloud security market is maturing and how far it still has to go.

View the associated whitepaper here.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.


Allison Cramer

Allison Cramer joined BMC in 2015 and serves as senior director of security, compliance & automation. Prior to BMC, Allison was director of product marketing for Continuous Delivery at CA Technologies, playing a lead role in DevOps. Before joining CA, Allison held leadership positions at Dell and Cummins.She began her career in the consulting industry with Arthur Andersen and BearingPoint, with a focus on federal government. Allison earned her MBA from Indiana University's Kelley School of Business and has a BSBA in international business from American University.


Mark Butler

Mark Butler is Qualys' chief information security officer. A former CISO at Fiserv, Mark advocates the needs of CISOs throughout Qualys' global customer base and serves as a resource for achieving business-aligned information security leadership. With over 24 years of experience leading enterprise security teams, delivering security consulting services and supporting security products, Mark has built and developed effective information security functions, establishing the right blend of technical, administrative and physical controls while providing stakeholders such as executive management, IT leadership and legal counsel visibility into real business threats and opportunities. Previously, he held roles in global security consulting, independent technical research, comprehensive assessment services and several foundational security roles.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.