Cloud Security: Defense in Detail if Not in Depth. Part 1: Using Cloud Services to Address the Cloud Threat Environment

  • Wednesday, 01 Nov 2017 1:00PM EST (01 Nov 2017 17:00 UTC)
  • Speakers: Dave Shackleford, Allison Cramer, Mark Butler

The wholesale migration of end user organizations toward the cloud is now moving so fast that both InfoSec and cloud providers have to spend so much effort keeping up with advancements in the status quo that there's no time to think about the bleeding edge.

Results of the 2017 SANS Cloud Security Survey are likely to show big changes compared to last year, when respondents said they wanted more visibility into cloud-provider platforms, low-level access for monitoring and forensic analysis, and the kind of accountability to known standards that is routine with other types of service providers.

This year it's not unusual to see cloud providers support not just accountability, but compliance 'meaning providing help for users trying to extend PCI, HIPAA, FISMA, FedRAMP and SOX across the cloud. 'A lot of the things on last year's security wish list seem not only to have arrived, but, increasingly, to have been automated. That doesn't mean security isn't as big a concern today as last year. Encryption is now routine for most network traffic, but attackers have become more aggressive about at exploiting SSL/TLS weaknesses to undermine it. 'Ransomware has become a major industry, and the success of phishing attacks have helped make exploits against end users one of the most common tactics inside the perimeter or in the cloud.

Many organizations have adopted CASBs and other forms of security-as-a-service to help adapt. But plenty of infrastructure problems remain: Inadequate patching, difficulty establishing how well cloud partners secure infrastructure, potential weaknesses in identity management and access control, and continuing difficulty integrating on-premises security with tools aimed at the cloud all remain major challenges. '

Attend this webcast to learn about the following:

  • Data breaches involving cloud applications
  • Applications and assets that are most commonly targeted
  • Top threats to cloud security
  • Issues and challenges in maintaining cloud security

This session of the 2017 Cloud Security Survey webcast will focus on changes in the threat environment since last year. Part 2, which will be, held on Thursday, November 2 at 1:00 p.m. Eastern, will focus on how organizations have responded to those changes with new systems, controls, policies or organizational decisions 'and how effective those changes have been. Click here to register for Part 2.

Register for this webcast to hear SANS cloud security guru Dave Shackleford discuss the results of the 2017 SANS Cloud Security Survey and to get an idea of how your colleagues are adapting to the enormous threat environment of the cloud and how fast the cloud itself is evolving ways to address it. You'll also be among the first with access to the associated results paper, including analysis of how quickly the cloud security market is maturing and how far it still has to go.

View the associated whitepaper here.