Cloud Security is complex. Users need to deal with compliance issues, configuration concerns and the convergence and management of public, private and hybrid clouds. There’s also issues around access and, identity and privacy questions to address. To add to this, AI/automation has made quick inroads into cloud management and many don’t know how to deal with these new challenges. This summit will examine many of these issues to help you get the best out of your cloud security strategy.

Cloudy with a Chance of Cyberattacks
Primary Speaker:  Etay Maor,  Sr. Director Security Strategy, Cato Networks

Threat actors are exploiting the trust and capabilities we provide to cloud applications. In the past we saw Living off the Land attacks, now it is Living off the Cloud!
The session will cover how malware operators are now moving their entire infrastructure to cloud based services (legit ones). I will demonstrate how APT29 and APT41 perform attacks that utilize legit cloud services and show how attackers exfiltrate data using these services. I will also discuss a three layer approach (strategic, operational, and tactical) to defending against these threats.

LOL? LOC! Attackers are abusing the trust between enterprises and cloud applications to launch Living Off the Cloud Attacks. In this session we will see a live demo of such attacks, explain the infrastructure and explore mitigation strategies.
 

One Cloud, Two Clouds, Ten Clouds… Managing Security in a Multi-Cloud Environment

Primary Speaker:  Eric Peeters, CISA, CCAK, CCSK, ISO 27001 LA – Senior Manager, Weaver

Whether by strategy or by happenstance, most organizations operate in a multi-cloud environment. Even with careful planning, maintaining an equivalent security posture on premise and in the cloud is an arduous task, made downright daunting if the organization is stumbling into clouds. This session will help security leaders understand the governance and operational challenges at the root of the issue, including vendor management and procurement practices, roles and responsibilities, and cloud-uninformed security practices. Attendees will gain an understanding of organizational changes required to make sure security tools, processes, and practices are included in planning for cloud deployment and migration.

Workload IAM in a Hybrid Multi-Cloud World

Primary Speaker:  Jon-Michael C. Brook, CISSP, CCSK – principal architect, Starbucks Coffee Company
Co-Presenter:  Andrew McCormick – Principal Cybersecurity Engineer, Starbucks

Enterprise IT organizations are moving faster than ever toward a hybrid multi-cloud world that blurs the boundaries of traditional security tools. The wide range of technologies from on-prem datacenter to kubernetes to cloud PaaS to physical hardware creates a uniquely challenging environment for developers to securely handle the secrets and credentials they need to integrate services in an increasingly complex technology ecosystem.

How can security organizations enforce better control over workload-to-workload authentication and authorization at scale without creating another bottleneck in the development process? We’ll walk through a set of patterns to solve these problems in different environments.

A Proven Approach on Automated Security Architecture Pattern Validation for Cloud and On-Prem

Primary Speaker:  Partha Chakraborty, n/a – Associate Vice President, Head - Security Architecture, Engineering & Innovation, Humana Inc. & Sunil Arora, Associate Director, Security Architecture, Humana Inc.

As organizations adopt more complex systems part of their digital journey, ensuring adoption and adherence to approved security architecture patterns become crucial in hybrid, multi-cloud, data center and micro services environments to reduce drifts and vulnerabilities in the environment. This session will showcase security validation approaches used in a Fortune 50 company to ensure alignment with approved security patterns in a technology and platform agnostic way. Automated architectural pattern validations uncover design flaws early in the system development life cycle reducing risks and improves overall security posture.

This session showcases a proven technical approach used in a Fortune 50 company to do automated architecture pattern validations WITHOUT any commercial tool. Ensuring adherence of security design patterns reduce production drifts and vulnerabilities towards improving the overall security posture.
 

Cloud Security Summit - Securing Cloud-Native DevOps: A Zero Trust Approach

Primary Speaker:  Emma Fang, Senior Manager, Enterprise Security Architect, EPAM Systems

In modern software development, organizations often embrace cloud-native development and multi-cloud to build highly scalable, flexible and resilient applications. These emerging trends also bring along complexity and unique security challenges, leaving the DevOps environment and CI/CD pipelines vulnerable to threats like supply chain attacks and lateral movements. This talk aims to address 'Cloud-Native' security challenges in DevOps, through the lens of Zero Trust Model's key principles. Drawing insights from industry studies and past incidents, the DevOps threat landscape will be discussed. It provides actionable guidance for securing CI/CD pipelines, highlighting key priorities and capabilities to consider in DevOps security.

* Please note: This is not included in the Main Conference registration and requires a separate registration.