Build crucial cyber security skills through interactive training during SANS Cyber Security Mountain 2021. Save $150 thru 6/30.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment

  • Wednesday, November 01, 2017 at 1:00 PM EST (2017-11-01 17:00:00 UTC)
  • Mark Butler, Allison Cramer, Dave Shackleford


  • BMC Software, Inc.
  • Forcepoint LLC
  • Mcafee LLC
  • Qualys

You can now attend the webcast using your mobile device!



The wholesale migration of end user organizations toward the cloud is now moving so fast that both InfoSec and cloud providers have to spend so much effort keeping up with advancements in the status quo that there's no time to think about the bleeding edge.  

Results of the 2017 SANS Cloud Security Survey are likely to show big changes compared to last year, when respondents said they wanted more visibility into cloud-provider platforms, low-level access for monitoring and forensic analysis, and the kind of accountability to known standards that is routine with other types of service providers.

This year it's not unusual to see cloud providers support not just accountability, but compliancemeaning providing help for users trying to extend PCI, HIPAA, FISMA, FedRAMP and SOX across the cloud. A lot of the things on last year's security wish list seem not only to have arrived, but, increasingly, to have been automated. That doesn't mean security isn't as big a concern today as last year. Encryption is now routine for most network traffic, but attackers have become more aggressive about at exploiting SSL/TLS weaknesses to undermine it. Ransomware has become a major industry, and the success of phishing attacks have helped make exploits against end users one of the most common tactics inside the perimeter or in the cloud.

Many organizations have adopted CASBs and other forms of security-as-a-service to help adapt. But plenty of infrastructure problems remain: Inadequate patching, difficulty establishing how well cloud partners secure infrastructure, potential weaknesses in identity management and access control, and continuing difficulty integrating on-premises security with tools aimed at the cloud all remain major challenges. 

Attend this webcast to learn about the following:

  • Data breaches involving cloud applications
  • Applications and assets that are most commonly targeted
  • Top threats to cloud security
  • Issues and challenges in maintaining cloud security

This session of the 2017 Cloud Security Survey webcast will focus on changes in the threat environment since last year. Part 2, which will be, held on Thursday, November 2 at 1:00 p.m. Eastern, will focus on how organizations have responded to those changes with new systems, controls, policies or organizational decisionsand how effective those changes have been. Click here to register for Part 2.

Register for this webcast to hear SANS cloud security guru Dave Shackleford discuss the results of the 2017 SANS Cloud Security Survey and to get an idea of how your colleagues are adapting to the enormous threat environment of the cloud and how fast the cloud itself is evolving ways to address it. You'll also be among the first with access to the associated results paper, including analysis of how quickly the cloud security market is maturing and how far it still has to go.

View the associated whitepaper here.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Allison Cramer

Allison Cramer joined BMC in 2015 and serves as senior director of security, compliance & automation. Prior to BMC, Allison was director of product marketing for Continuous Delivery at CA Technologies, playing a lead role in DevOps. Before joining CA, Allison held leadership positions at Dell and Cummins.She began her career in the consulting industry with Arthur Andersen and BearingPoint, with a focus on federal government. Allison earned her MBA from Indiana University's Kelley School of Business and has a BSBA in international business from American University.

Mark Butler

Mark Butler is Qualys' chief information security officer. A former CISO at Fiserv, Mark advocates the needs of CISOs throughout Qualys' global customer base and serves as a resource for achieving business-aligned information security leadership. With over 24 years of experience leading enterprise security teams, delivering security consulting services and supporting security products, Mark has built and developed effective information security functions, establishing the right blend of technical, administrative and physical controls while providing stakeholders such as executive management, IT leadership and legal counsel visibility into real business threats and opportunities. Previously, he held roles in global security consulting, independent technical research, comprehensive assessment services and several foundational security roles.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.