2023 Cloud Trust Summit

The National Institute of Standards and Technology (NIST) is working with the community to update the widely used NIST Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape. Hear from NIST on the process to update the Framework and potential considerations to reflect the increasing use of cloud computing.

In this panel, we’ll discuss, with some relevant members of the CCM community (CCM leadership and co-authors), the current state of play and upcoming evolutions of the matrix and its components, Implementation and Auditing Guidelines, the Shared Security Responsibility Model (SSRM) Guidelines, Metrics and the CCM Lite. We’ll explain the goal, objectives and target audience of the CCM and its components and address critical questions such as: Why should organisations adopt CCM? How can they best take advantage of the framework? How can CCM be used to satisfy industry-specific governance, risk and compliance needs?

The Cloud Security Alliance (CSA) and the Information Security Forum (ISF) have teamed up on a new initiative to provide the cloud/cyber security community with new resources to map and integrate CSA’s Cloud Controls Matrix (CCM) and ISF’s Standard of Good Practice 2022. This presentation topic will enable organizations to have an insight into a CSA-ISF jointly conducted mapping project, involving a mapping and requirements comparison between the two frameworks. The outcome of the project constitutes a valuable tool for cloud organizations to identify the equivalent (overlapping) security requirements between CCM and SOGP, and more importantly the missing (deltas) cloud-specific CCM security requirements in SOGP and vice versa, especially when seeking to integrating these with their cloud security and compliance programs.

In this panel, we'll discuss the cloud security governance, compliance and supply chain risk challenges in this Financial Sector. We'll introduce the missions and goals of the European Cloud User Coalition (ECUC), a leading organization in the Europen Financial sector of the Cyber Risk Institute, and discuss how the collaboration with the Cloud Security Alliance might help the financial sector address the above-mentioned challenges.
The panellists will discuss the role of CCM in supporting FIs in their cloud journey and the possible extension of the framework so as to better satisfy the specific need of global financial service institutions.

Cloud computing has become an essential aspect of the motion picture industry, but it brings new security challenges that must be addressed to protect intellectual property. In this fireside chat, the Cloud Security Alliance and the Trusted Partner Network discuss best practices for cloud security, leveraging CSA's guidelines for risk assessment, data classification, access control, and incident response. TPN provides standardized assessments for service providers involved in media creation and distribution. The chat provides insights on implementing effective cloud security practices, emphasizing the significance of collaboration between industry players, standards organizations, and security experts.

Addressing cybersecurity risk can be a complex challenge. Governments around the world are implementing regulatory measures to raise mandatory minimum cybersecurity standards, including requirements to report cyber incidents to the relevant government authorities. Furthermore, each business sector has its own set of cybersecurity standards to adhere to: ranging from ISO 27001 to PCI DSS to FedRAMP and beyond. This talk is intended for security professionals, cloud architects, and IT leaders who are responsible for developing and implementing cloud assurance programs. It will provide them with an overview of the challenges and opportunities associated with cloud security, and some of the best practices that have been developed to address these challenges.

The CSA STAR Program has finally become a widespread, mature and globally accepted point of reference regarding governance, risk management, compliance, assurance and transparency in the cloud market. The early adopters of the program were the pioneers and the first ones to understand the strategic, technical and business value of the Program. In this panel, with the support of those STAR Champions, we’ll articulate the business, strategic and technical values of the STAR Program; how organizations of any size, geography and business sector can reap the benefits of the program and take advantage of the experience of the mature adopters are.

Data privacy and security issues arise as cloud computing becomes increasingly important to enterprises. The Cloud Security Alliance's Security, Trust, Assurance, and Risk (STAR) initiative helps enterprise CISOs handle these concerns. This talk will discuss how the STAR program improves cloud security, risk management, industry standards, continuous improvement, and security culture. CISOs can assess cloud service provider security controls, streamlining vendor risk management, and comply with industry requirements using the STAR program. Attendees will learn the CSA STAR program's benefits and uses, enabling them to make informed decisions about their organization's cloud security strategy.

This topic will highlight the transformative power of compliance assurance in today's competitive business landscape. It will explore the shift from compliance as a mere regulatory burden to a strategic business opportunity. The session will delve into the critical components of a robust compliance framework, including risk management, process improvement, and continuous monitoring. Avani will share her insights and experience in building compliance frameworks that help businesses achieve their objectives while mitigating risk through assurance. Attendees will learn how to leverage compliance assurance as a competitive advantage and leave with practical tips and strategies to implement in their own organizations.

Large organizations continue to fall for credential-based phishing attacks, which often lead to costly breaches. Traditional multi-factor authentication (MFA) methods are increasingly under attack and are especially prone to phishing. Join us to learn about the journey Okta and its customers are taking to phishing resistant authentication.

In this fireside chat, we will discuss the importance of Cloud Assurance Programs and Ecosystems, specifically focusing on the role of auditors, technology, and education. Cloud computing has become a critical component of modern businesses but presents unique security and compliance challenges. The panelists will delve into how organizations can ensure the security and reliability of their cloud systems by implementing robust assurance programs and ecosystems. The discussion will also explore the latest technological advancements in cloud security, including automation and artificial intelligence, and how they can be leveraged to strengthen cloud assurance. Additionally, the panelists will discuss the importance of ongoing education and training for auditors, IT professionals, and business leaders to keep up with the ever-evolving cloud security landscape. This fireside chat aims to provide insights and practical advice for organizations seeking to establish and maintain effective cloud assurance programs and ecosystems.

In the past governments use of public cloud was limited, today the use of public cloud infrastructure both by governments and organizations is rising and transforming the digital services provided by them.

Adoption of the “cloud first” strategy by governments is one of the accelerators of digital transformation and cloud adoption. The Israeli government adopted the “cloud first” strategy in 2021 and promotes cloud adoption across government through the Nimbus project.

This presentation will introduce the audience to the Nimbus project and the national journey to build trust in cloud computing.

The panel will discuss the importance of a standard-based approach to Cloud Security Governance automation, the role and value of OSCAL as the standardized language to harmonize the assessment and compliance, the role and value of security frameworks such as CIS Controls, and CSA Cloud Control Matrix, the importance of the mapping between the various industries security framework, international standards, legal and regulatory requirements, compliance mechanisms, and the key role of a standard approach to mapping in the OSCAL language to allow effective and efficient assurance interoperability at scale.

In an era where cloud adoption is accelerating, building trust and achieving compliance with data protection regulations is critical. This abstract highlights a joint presentation by Daniele Cattadu, the Chief Technology Officer (CTO) for the Cloud Security Alliance (CSA), and Gabriela Mercuri, the Managing Director of SCOPE Europe, focused on "Building Trust in the Cloud: Find Your GDPR Compliance Path through the STAR Program."
The presentation explores the importance of the CSA's Security, Trust, and Assurance Registry (STAR) Program as a means to navigate the complex landscape of General Data Protection Regulation (GDPR) compliance in cloud environments. Both Cattadu and Mercuri provide valuable insights, emphasizing its role in establishing trust and transparency between organizations and cloud service providers.
By incorporating insights from Cattadu and Mercuri, organizations can confidently navigate the complexities of GDPR compliance, ensuring the privacy and security of personal data while fostering trust in cloud environments.