|Timeline (EDT)||Session Details|
|11:00AM||Welcome & Opening Remarks|
Frank Kim, Event Chairperson, SANS Institute
|11:15AM||Session One | Cloud Security: Shared Fate, Identity, Secure Data and the Coming AI|
Cloud security is a shared responsibility between the cloud provider and the customer. The cloud provider is responsible for the security of the underlying infrastructure, while the customer is responsible for the security of their data and applications - and there is a lot of nuance around that. A shared fate model builds on shared responsibility to improve customer cloud security.
Many traditional cloud security practices focus on the oversized role of identity management, secure configurations, and data security, which are evolving and still very much at the core of our attention. In addition to traditional security measures focused on securing the cloud infrastructure, organizations should also consider the use of cloud-enabled capabilities with artificial intelligence (AI) to improve their cloud security posture and detection/response models. AI can be used to detect and respond to threats more quickly and effectively than traditional security solutions.
Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Dave Shackleford, Senior Instructor, SANS Institute
|12:00PM||Session Two | Navigating Cloud Security Challenges: Principles and Strategies for Cyber Defense|
As organizations embrace the cloud at an ever-increasing rate, they encounter not only operational hurdles but also pose significant challenges for their security teams. These teams are tasked with reshaping their strategies to effectively protect against emerging threats in this new landscape.
With over a billion endpoints, millions of customers, and its massive global cloud presence, this session will discuss Microsoft's principles of cyber defense in the cloud, how it organizes to defend itself, and the feedback loops between all phases of NIST frameworks through its governance. Along with these continuous processes that optimize continuous learning, we will cover how Microsoft utilizes its own products for defense scenarios that the reader can leverage and implement.
Dr. Andre Alfred, Vice President, Microsoft Azure Security
Ryan Nicholson, Certified Instructor, SANS Institute
Session Three | Zero Trust: Getting started, making progress, and iterating your way to improved security
As organizations continually assess fundamental questions such as: “What are the optimal patterns to ensure the right levels of security and availability for my systems and data?” they are increasingly using the term Zero Trust as their way to describe their desired state and set of capabilities. For some, the journey towards Zero Trust has been self-motivated - a natural evolution of cybersecurity in general and defense in depth. For others, the journey is being driven by public policy and regulation from many different corners of the world.
Regardless of the rationale, and despite some of the hype and buzz that surrounds the term, the technical and business outcomes produced by Zero Trust are meaningfully better than what was possible with the previous generation of perimeter-oriented security models. These outcomes are achieved by augmenting network controls with rich signals including identity, device, behaviors, and more to make ever more granular, continuous, adaptive, and sophisticated access control decisions. However, implementing Zero Trust still isn’t as straight forward as it might seem. Organizations still ask: How do I get started? How do I make continued progress? How do I demonstrate ROI?
Join Mark Ryland, the Director of the Office of the CISO for AWS, and Ashish Rajan, SANS instructor and host of wildly popular Cloud Security podcast, as they answer these types of tough questions and share their experience and guidance in ways that will get you beyond debating Zero Trust and into implementation.
Mark Ryland, Director, Office of the CISO, AWS
Ashish Rajan, Associate Instructor, SANS Institute
Session Four | Security Myths and Missteps in Cloud Migration
Despite the well-established benefits of cloud computing — especially in terms of cost, scalability, and efficiency — many enterprises are still reluctant to migrate to the cloud. A key factor in their reluctance is a set of widely held myths about the cloud, including the misconception that it’s less secure than on-premises implementation because security is supposedly the sole responsibility of the cloud services provider. In fact, the shared responsibility model — with the cloud provider and its enterprise customer working together to ensure the protection of sensitive data and business-critical applications — can actually result in significant improvements in security. Myths and misconceptions like this can lead to serious missteps by enterprises and their IT and security organizations, missteps that result in operational inefficiencies, unnecessary costs and wasted investments.
Few security experts are better-qualified to help enterprises make well-informed cloud migration security decisions than Simon Vernon. A SANS Certified Instructor and Principal Technical Architect, he also serves as the CSO of a data center. Join him, Brandon Evans, SANS Certified Instructor and lead author of SEC510: Public Cloud Security: AWS, Azure, and GCP, and Megan Roddie, author of FOR509: Enterprise Cloud Forensics and Incident Response, as they bust cloud security myths and show how to navigate around common missteps.
Simon Vernon, Certified Instructor, SANS Institute
Brandon Evans, Certified Instructor, SANS Institute
Megan Roddie, Author, SANS Institute
Panel Discussion | Straight Talk on Cloud Security
Have you ever wanted to get the straight story on cloud security right from the source? This panel will give you the chance to ask the tough questions about cloud security directly to leaders from AWS, Google Cloud, and Microsoft Azure who will be together for the first time on one virtual stage. Learn what has worked in cloud security, what doesn’t, and what the future holds for cloud workloads.
Frank Kim, Event Chairperson, SANS Institute