Transforming the CSO Role to Business Enabler

•Download as PPTX, PDF•

1 like•1,001 views

The world is not only getting smaller, it’s getting faster. Today’s CEOs are focused on business agility, innovation and competitive advantage to drive growth and profit. And cloud computing is taking center stage as the disruptive force powering faster, more agile business innovation. But threats to the business are growing, often putting the CSO is the uncomfortable position to say “no," or to — wisely — slow down new initiatives to make sure they are handled carefully. So how does the CSO transform to enabler of business growth and innovation while simultaneously protecting the business? CloudPassage CTO Amrit Williams discusses the case for this transformation, why cloud computing can be your friend, five actionable steps CSOs can adopt to become business enablers, and how the right cloud security platform can help.

Technology

Transforming the CSO Role
to Business Enabler
Amrit Williams, CTO, CloudPassage

CEOs Focus
• Growth & market share
• Profit & the bottom line
• Operational efficiencies
• Business agility & competitive advantage
• Looking awesome on CNBC & being referenced
on the front page of the WSJ

CSOs Focus
Protecting the business while dealing with:
• Increasingly hostile threat environment
o Financially motivated & well-organized
o Nation-state sponsored
o Advanced, sophisticated & targeted
• Rapidly evolving infrastructure
o Data-center transformation (SDDC, private cloud)
o Public / private cloud hybrid
o Mobile devices
• Dizzying array of exciting compliance initiatives
And…never being referenced on the front page of the WSJ!

Rapidly Evolving Infrastructure & Technology
IT enterprise architecture
circa 2006
IT enterprise architecture
circa today
IT enterprise architecture
circa 2000

Too Often, The CSO Has Been Positioned as “Dr. No”
NO!
Can I use my
own smart
phone to
access corp.
resources?
Can we run
our BU’s
workloads on
AWS?
Can you
approve the
use of this
SaaS
application?

So How Do You Become
a Business Enabler?

Tip #1: Commit to Change
• Tell people that you’re committed
• Paint a vision for the future & develop a roadmap
for change
• Engage the business units & understand their needs
• Rally the troops and continue to show progress
towards reaching business objectives

Tip #2: Speak in the Language of the Business
• Translate “security speak” to business value
• Stay away from the technical details
• Become a story teller; use simple language
• Relate what your team is doing to meet business objectives
• Preventing data loss/breaches can be investments in:
o Innovation
o Enhancing the bottom line

Tip #3: Embrace Shadow IT
• Support the business drivers: speed, agility
• Invest in technology that empowers business, but gives
visibility, protection across cloud infrastructure
• Implement a security playbook; then publish it to the business:
o Policies
o Procedures
o Technology

Tip #4: Leverage Analytics
• Use data to make your case
• Present analytics in clear, simple language
• Agree on small set of KPIs to measure progress

Tip #5: Invest in Agile Security…
• Agile security is…
o Portable (works anywhere)
o Scalable (on-demand)
o Automated
o Orchestrated
o Service-oriented
o Flexible, metered licensing
• A flexibly defined set of automated, orchestrated security controls that
work anywhere, at any scale, on-demand

…That Addresses Six Critical Control Objectives
Immediate, consistent, continuous
knowledge of what assets exist, where
they reside, & what they’re doing.
Visibility Strong, layered controls enabling
authorized access & denial of
resources to unauthorized entities.
Strong Access Control
Continuous detection &
elimination of issues that
create exploitable points of
weakness.
Vulnerability Management
Assurance that critical data is
encrypted & used appropriately by
authorized entities while in motion
or at rest.
Data Protection
Capabilities that enable detection &
response to malicious or accidental
compromise of resources.
Compromise Management
Day-to-day management of
technologies & processes
that comprise security &
compliance.
Operational Automation

Want to Learn More?
awilliams@cloudpassage.com
www.cloudpassage.com

What's hot

Intergen Convergence 2017 - Why digital transformation

Intergen

Meeting the Demands of an On-Demand World

Hostway|HOSTING

Intergen Convergence 2017 - Data as your most important asset

Intergen

One thing's for sure, there are many choices when it comes to hardware, software and everything in between. Many organizations choose to have an IT Assessment as their organizations grow to determine the platform for moving forward. An assessment is also a good way to see what other organizations are doing to protect their data and internal operations. We will discuss: IT Internal Controls, Disaster Recovery, Software Audit Trails, Protecting sensitive Data

2015-11-17 Time for an IT Assessment

Raffa Learning Community

Hery Intelligent Technology - Corporate Profile 2015

Khairi Aiman

Intergen Convergence 2017 - The future is here

Intergen

CapabilitiesBrochure_TL

Stephen Giordano

Cloud for-startup

Kesava Reddy

Guy Filippelli, CEO of RedOwl, shared observations and principles honed from experiences leading software teams in Afghanistan and Baghdad, and how such insights ought to be applied to increasingly complex data challenges in security analytics, with a particular focus on insider risk. Guy shared his views on topics such as the importance of vision, the criticality of diverse data, the empowerment of the analyst, and the role of analytics.

Revolutionary, Not Evolutionary

Forcepoint LLC

Alex Sbardella, Redant

Interactive Scotland

DCD Converged Brazil 2016

Scott Carlson

my ppt

shahinashakh

ZekeLabs - Machine learning course Training

zekelabs05

CapabilitiesBrochure_TL_novarnish_2014

Jibu Mathews

3 tips to funding your security program

CloudBees

What's hot (15)

Intergen Convergence 2017 - Why digital transformation

Meeting the Demands of an On-Demand World

Intergen Convergence 2017 - Data as your most important asset

2015-11-17 Time for an IT Assessment

Hery Intelligent Technology - Corporate Profile 2015

Intergen Convergence 2017 - The future is here

CapabilitiesBrochure_TL

Cloud for-startup

Revolutionary, Not Evolutionary

Alex Sbardella, Redant

DCD Converged Brazil 2016

my ppt

ZekeLabs - Machine learning course Training

CapabilitiesBrochure_TL_novarnish_2014

3 tips to funding your security program

Viewers also liked

HyTrust and VMware-Providing a Secure Virtual Infrastructure

HyTrust

As enterprise data centers evolve to private and hybrid clouds, orchestration and automation are key to unleashing business agility. But for most organizations, managing security and application connectivity involves manual, time-consuming processes that are error-prone and slow down the business. Complex application connectivity requirements, bloated firewall policies, poor processes and lack of communication between application developers, network and security teams create business disruptions and expose organizations to risk. Join AlgoSec and guest Forrester Research to learn how organizations can automate security operations in the data center to manage security at the speed of business. By attending you will learn: * How the concept of Zero Trust enables the business and minimizes risk * Why management is the new backplane and security policy orchestration is critical in virtual environments * How to ensure security policy accuracy throughout data center migration and consolidation projects * How to securely deploy, maintain and decommission connectivity for data center applications

Simplifying Security Management in the Virtual Data Center

AlgoSec

Rethinking Security: The Cloud Infrastructure Effect

CloudPassage

Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates

HyTrust

Secure Multi Tenancy In the Cloud

Roger Xia

SDDC Study: SDDC Goes Mainstream

Jason Lackey

Catch the full webinar here: https://www.beyondtrust.com/resources/webinar/eyes-wide-shut-passwords-no-one-watching/?access_code=a4cd9bc071c923daab48132b0bb2e4f3 Check out this presentation from the intensivewebinar of Paula Januszkiewicz, CEO CQURE, penetration tester and mentor of CQURE Academy. Paula demonstrates common encryption and decryption password in use today, with an eye toward revealing technology holes and weaknesses that put passwords at risk. Paula will also demonstrate how to locate passwords in some unexpected places, and then walk you through mitigation of these risks.

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

BeyondTrust

Outcome of democracy

sadaf mansoori

VMware Outlines Its Own Journey to the Cloud

VMware

IT professionals are struggling to adapt to the ever-changing data security landscape. Bolt-on technologies, the lack of required skill-sets and shifting compliance requirements make it nearly impossible for many organizations to secure their technical assets. Learn how new approaches in IT security services can ensure you have all your bases covered through the adoption of a proven, comprehensive security apparatus.

Control the Creep: Streamline Security and Compliance by Sharing the Workload

aregnerus

Access the full webinar here: https://www.beyondtrust.com/resources/webinar/enemy-within-managing-controlling-access/?access_code=380c50225d67f81afaf12a795543782a In this presentation from the webinar of SANS faculty fellow and industry-recognized security expert, Dr. Eric Cole, discover how identity and access management (IAM) and privileged access management work together to reduce the threat surface and contain attacks. Also, hear how BeyondTrust and SailPoint solutions work together.

Enemy from Within: Managing and Controlling Access

BeyondTrust

Protecting the Software-Defined Data Center from Data Breach

CA Technologies

Cyber security threats for 2017

Ramiro Cid

Viewers also liked (13)

HyTrust and VMware-Providing a Secure Virtual Infrastructure

Simplifying Security Management in the Virtual Data Center

Rethinking Security: The Cloud Infrastructure Effect

Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates

Secure Multi Tenancy In the Cloud

SDDC Study: SDDC Goes Mainstream

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

Outcome of democracy

VMware Outlines Its Own Journey to the Cloud

Control the Creep: Streamline Security and Compliance by Sharing the Workload

Enemy from Within: Managing and Controlling Access

Protecting the Software-Defined Data Center from Data Breach

Cyber security threats for 2017

Similar to Transforming the CSO Role to Business Enabler

The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

Scot Secure 2019 Edinburgh (Day 2)

Ray Bugg

In this provocative and sometimes irreverent presentation, retired Brigadier General Greg Touhill, the United States government's first federal Chief Information Security Officer, will discuss why the legacy perimeter defense model has been overwhelmed and made obsolete by the advent of modern mobility and cloud computing. He'll demonstrate how to make the business case that the shift to the Zero Trust security strategy is now essential for businesses to survive and thrive in today's highly contested global digital economy.

Why Zero Trust Yields Maximum Security

Priyanka Aash

Snapshot UK CIO 2018

David Germain

Shadow IT Risk and Reward

Chris Haddad

The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity. Main points covered: • Information Security maturity • ROPI • Risk Management • Incident Response • Forensic Readiness • Table Top Exercises • Training • Legislation Presenter: Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’. Link the the YouTube video: https://youtu.be/aREo4l-pDgc

How to Boost your Cyber Risk Management Program and Capabilities?

PECB

An AI Maturity Roadmap for Becoming a Data-Driven Organization

David Solomon

The Briefing Room with Barry Devlin and WhereScape Live Webcast on June 10, 2014 Watch the archive: https://bloorgroup.webex.com/bloorgroup/lsr.php?RCID=5230c31ab287778c73b56002bc2c51a The data warehouse is intended to support analysis by making the right data available to the right people in a timely fashion. But conditions change all the time, and when data doesn’t keep up with the business, analysts quickly turn to workarounds. This leads to ungoverned and largely un-managed side projects, which trade short-term wins for long-term trouble. One way to keep everyone happy is by creating an integrated environment that pulls data from all sources, and is capable of automating both the model development and delivery of analyst-ready data. Register for this episode of The Briefing Room to hear data warehousing pioneer and Analyst Barry Devlin as he explains the critical components of a successful data warehouse environment, and how traditional approaches must be augmented to keep up with the times. He’ll be briefed by WhereScape CEO Michael Whitehead, who will showcase his company’s data warehousing automation solutions. He’ll discuss how a fast, well-managed and automated infrastructure is the key to empowering faster, smarter, repeatable decision making. Visit InsideAnlaysis.com for more information.

Smarter Analytics: Supporting the Enterprise with Automation

Inside Analysis

DevSecCon KeyNote London 2015

Shannon Lietz

DevSecCon Keynote

Shannon Lietz

As a CISO, you have been asked why you can't just trust your employees to do the right thing. What benefit to the business comes from technical security controls? You have likely been asked to reduce risk and action every funded project at once. In this session, we will realistically consider which projects can reduce risk most quickly, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface can bring peace of mind and actual direct improvements to your information security posture.

Just Trust Everyone and We Will Be Fine, Right?

Scott Carlson

Beating Sophisticated Attackers at Their Game Using AWS

Amazon Web Services

The Briefing Room with Malcolm Chisholm and Druva Live The emergence of the mobile workforce has left an indelible mark on the enterprise; every employee is now mobile, and business data continues to be dispatched to the far reaches of the enterprise. While this has added enormous opportunity for increased productivity, it has also muddied the waters when it comes to controlling and protecting valuable data assets. As companies quickly evolve to address the new set of challenges posed by this shift in data usage, IT must ensure that all data, no matter where it’s generated or stored, is available and governed just as if it were still safely behind the corporate firewall. Register for this episode of The Briefing Room to hear veteran Analyst Malcolm Chisholm as he explains the myriad challenges that mobile data introduces when addressing regulations and compliance needs, requiring new approaches to data governance. He’ll be briefed by Dave Packer of Druva, who will outline his company’s converged data protection strategy, which brings data center class capabilities to backup, availability and governance for the mobile workforce. He will share strategies to meet regional data residency, data recovery, legal hold and eDiscovery requirements and more.

Rethinking Data Availability and Governance in a Mobile World

Hao Tran

The Briefing Room with Malcolm Chisholm and Druva Live Webcast on June 9, 2015 Watch the archive: https://bloorgroup.webex.com/bloorgroup/lsr.php?RCID=baf82d3835c5dfa63202dcbe322a3ad7 The emergence of the mobile workforce has left an indelible mark on the enterprise; every employee is now mobile, and business data continues to be dispatched to the far reaches of the enterprise. While this has added enormous opportunity for increased productivity, it has also muddied the waters when it comes to controlling and protecting valuable data assets. As companies quickly evolve to address the new set of challenges posed by this shift in data usage, IT must ensure that all data, no matter where it’s generated or stored, is available and governed just as if it were still safely behind the corporate firewall. Register for this episode of The Briefing Room to hear veteran Analyst Malcolm Chisholm as he explains the myriad challenges that mobile data introduces when addressing regulations and compliance needs, requiring new approaches to data governance. He’ll be briefed by Dave Packer of Druva, who will outline his company’s converged data protection strategy, which brings data center class capabilities to backup, availability and governance for the mobile workforce. He will share strategies to meet regional data residency, data recovery, legal hold and eDiscovery requirements and more. Visit InsideAnalysis.com for more information.

Rethinking Data Availability and Governance in a Mobile World

Inside Analysis

ISACA Ireland Keynote 2015

Shannon Lietz

The ‘success trap’ of new, emerging and disruptive technologies

Livingstone Advisory

Elastic's recommendation on keeping services up and running with real-time vi...

FaithWestdorp

"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS. We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."

(SEC402) Enterprise Cloud Security via DevSecOps 2.0

Amazon Web Services

Banks are rich in valuable data and can build and maintain a competitive advantage by identifying and executing on high-value machine learning projects leveraging the rich data available.This webinar will describe use cases fit for big data and machine learning in the banking sector (commercial, consumer, regulatory, and markets) and the impact they can have for your organization. 3 things to learn: * How to create a next generation data platform and why it is important * How to monetize big data using predictive modeling and machine learning * What is needed for automated machine learning as a sustainable, cost-effective, and efficient solution

Transform Banking with Big Data and Automated Machine Learning 9.12.17

Cloudera, Inc.

Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...

EC-Council

On this AppSense webinar, guest speaker Chris Sherman, Forrester Research analyst, shared five principles for an effective endpoint security strategy. Anti-virus software isn't enough anymore. Dan O'Farrell, Sr. Director of Product Marketing for Cloud Computing at Dell, shared how highly-regulated industries have embraced VDI to increase security and reduce costs. And Bassam Khan discussed how AppSense offers privilege management with just-in-time self-elevation and application control through trusted ownership. This allows you to manage and secure your endpoints while providing a great user experience. And our latest product, AppSense Insight, offers endpoint analytics. Contact us to request a demo at iwanttoknowmore@appsense.com.

Protecting endpoints from targeted attacks

AppSense

Similar to Transforming the CSO Role to Business Enabler (20)

Scot Secure 2019 Edinburgh (Day 2)

Why Zero Trust Yields Maximum Security

Snapshot UK CIO 2018

Shadow IT Risk and Reward

How to Boost your Cyber Risk Management Program and Capabilities?

An AI Maturity Roadmap for Becoming a Data-Driven Organization

Smarter Analytics: Supporting the Enterprise with Automation

DevSecCon KeyNote London 2015

DevSecCon Keynote

Just Trust Everyone and We Will Be Fine, Right?

Beating Sophisticated Attackers at Their Game Using AWS

Rethinking Data Availability and Governance in a Mobile World

ISACA Ireland Keynote 2015

The ‘success trap’ of new, emerging and disruptive technologies

Elastic's recommendation on keeping services up and running with real-time vi...

(SEC402) Enterprise Cloud Security via DevSecOps 2.0

Transform Banking with Big Data and Automated Machine Learning 9.12.17

Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...

Protecting endpoints from targeted attacks

More from CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...

CloudPassage

CloudPassage Careers

CloudPassage

Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures? Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss: Recent findings from RightScale's State of the Cloud survey Why hybrid cloud is the standard of choice 3 strategies for existing cloud server workloads Benefits and security challenges of migrating to cloud infrastructures Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility

Webinar compiled powerpoint

CloudPassage

Security and Compliance for Enterprise Cloud Infrastructure

CloudPassage

Just when you thought DevOps was the new black, along comes SecDevOps. In this webinar, Andrew Storms, Sr. Director of DevOps at CloudPassage and Alan Shimel Co-Founder of DevOps.com will discuss the emerging hybrid role of DevOps and Security. Tune in to hear them cover the following topics and why DevOps should want to play a bigger part in security: Go beyond the traditional using DevOps tools, practices, methods to create a force multiplier of SecDevOps Orchestrate and Automate - Deputize everyone to incorporate security into their day to day responsibilities Examples of security automation, case situations minimizing risk and driving flexibility for DevOps See how SaaS provider CloudPassage integrates security into its own development and operations workflows

SecDevOps: The New Black of IT

CloudPassage

Technologies You Need to Safely Use the Cloud

CloudPassage

Enterprises today cannot get by without a clear strategy for cloud security. Whether the organization’s adoption of cloud environments (private, public or hybrid) is mandated by business strategy or by unsanctioned employee use, CISOs and their security teams need to be prepared for this inevitable infrastructure shift. Attend and learn how to build a cloud security strategy that makes your CISO successful. Join Rich Mogull, lead analyst at Securosis, and Nick Piagentini, Solution Architect at CloudPassage as they discuss the following topics: -Cloud is Different, But Not the Way You Think -Adapting Security for Cloud Computing Principles -Getting Started: Practical Applications -CISO Cloud Security Checklist

Cloud Security: Make Your CISO Successful

CloudPassage

Secure Cloud Development Resources with DevOps

CloudPassage

Join CloudPassage CEO, Carson Sweet and Sumo Logic Founding VP of Product & Strategy, Bruno Kurtic, for a webinar on “45 minutes to PCI Compliance in the Cloud”. What You Will Learn: -Understand the typical challenges faced by enterprises for achieving PCI on cloud infrastructure -Learn how purpose-built SaaS-based cloud security solutions can save you tens of thousands in audit costs by speeding your time to compliance -Get a quick demo of the CloudPassage Halo and Sumo Logic solutions that provide the telemetry and query/reporting engines respectively for cloud PCI

45 Minutes to PCI Compliance in the Cloud

CloudPassage

Andras Cser, VP Principal Analyst at Forrester Research and Carson Sweet, CEO at CloudPassage discussed a new enterprise security architecture that will: -Apply elastic compute power, big data, and massively horizontal distribution of security controls and telemetry. -Automate security and compliance monitoring in a scalable and portable manner across both traditional datacenter and cloud environments. -Address both data at rest and in motion and create minimal resource impact across environments.

Comprehensive Cloud Security Requires an Automated Approach

CloudPassage

Enterprises that offer Software-as-a-service (SaaS) solutions are able to provide their customers with clear benefits over on-premise software - lower upfront costs, simplified IT infrastructure and painless updates. However, security and compliance are the #1 inhibitors to enterprises building SaaS applications. Unlike the old days of selling boxed software, where securing the on-premise environment was your customer’s problem, as a SaaS provider, you now need to be responsible for the security of your entire SaaS infrastructure stack. At the same time, the vast majority of security tools at your disposal were never designed for this new agile, elastic model and are therefore inflexible and unable to cope. Ultimately, poor security choices can impact your SaaS business, slowing down sales opportunities, and hurting customer trust and company brand. But a new breed of security architecture has now emerged. Born in the cloud and purpose-built to secure SaaS environments, these security-as-a-service solutions automate security and compliance monitoring, and are built to support the scalability, portability and depth of protection you need to secure these elastic environments. What You Will Learn: Why static security architectures break Software-as-a-Service business models What a SaaS business needs to secure its infrastructure Security-as-a-Service: A new security architecture for SaaS How CloudPassage Halo has helped secure SaaS business

Security that works with, not against, your SaaS business

CloudPassage

Integrating Security into DevOps

CloudPassage

What You Need To Know About The New PCI Cloud Guidelines

CloudPassage

Did you know that 4 out of 5 companies are using cloud architectures? Did you also know that 22% of cloud hosting users believe that their cloud service provider is responsible for the security of their cloud server instances, yet 38% have a high level of concern with losing control of their servers and data in public cloud environments? Join Andrew Hay, Chief Evangelist at CloudPassage, and Wendy Nather, Research Director at 451 Research, as they dive into these and other findings from the CloudPassage 2012 Security and the Cloud survey. Wendy Nather will also discuss cloud security related trends and observations from 451 Research's findings. During this live 30-minute webinar, you will learn about: -The challenges and fears identified by individuals looking to embrace cloud architectures -Current cloud adoption trends and future individual and organizational expansion plans -How people are securely delivering applications using cloud architectures

What You Haven't Heard (Yet) About Cloud Security

CloudPassage

Meeting PCI DSS Requirements with AWS and CloudPassage

CloudPassage

Delivering Secure OpenStack IaaS for SaaS Products

CloudPassage

CloudPassage Overview

CloudPassage

Join the discussion with Andrew Hay, Chief Evangelist of CloudPassage and Dave Shackleford, Senior Vice President, Research and Chief Technology Officer of IANS. In this presentation, we will discuss: - How compliance is affected by using private, hybrid, and public cloud environments - What to consider when researching providers who offer "PCI-compliant" clouds - Recommendations for improving compliance and security posture in the cloud

PCI and the Cloud

CloudPassage

Halo Installfest Slides

CloudPassage

Automating Security for the Cloud - Make it Easy, Make it Safe

CloudPassage

More from CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...

CloudPassage Careers

Webinar compiled powerpoint

Security and Compliance for Enterprise Cloud Infrastructure

SecDevOps: The New Black of IT

Technologies You Need to Safely Use the Cloud

Cloud Security: Make Your CISO Successful

Secure Cloud Development Resources with DevOps

45 Minutes to PCI Compliance in the Cloud

Comprehensive Cloud Security Requires an Automated Approach

Security that works with, not against, your SaaS business

Integrating Security into DevOps

What You Need To Know About The New PCI Cloud Guidelines

What You Haven't Heard (Yet) About Cloud Security

Meeting PCI DSS Requirements with AWS and CloudPassage

Delivering Secure OpenStack IaaS for SaaS Products

CloudPassage Overview

PCI and the Cloud

Halo Installfest Slides

Automating Security for the Cloud - Make it Easy, Make it Safe

Recently uploaded

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

WSO2

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Architecting Cloud Native Applications

WSO2

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

rightmanforbloodline

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

caitlingebhard1

DBX First Quarter 2024 Investor Presentation

Dropbox

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Introduction to use of FHIR Documents in ABDM

Kumar Satyam

Key topics covered: - Understanding the basics of IAM and its significance in the modern enterprise. IAM in a platformless environment - Tackling real-world issues like prioritizing frictionless yet secure user access, securing high-value APIs, integrating to business, compliance, and adapting to cloud native environments with scalable solutions - Practical demonstrations of how WSO2 products can be instrumental in deploying efficient IAM solutions - Preparing for upcoming trends and innovations in identity management

Navigating Identity and Access Management in the Modern Enterprise

WSO2

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Simplifying Mobile A11y Presentation.pptx

MarkSteadman7

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Recently uploaded (20)

Platformless Horizons for Digital Adaptability

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Architecting Cloud Native Applications

Artificial Intelligence Chap.5 : Uncertainty

Introduction to Multilingual Retrieval Augmented Generation (RAG)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Corporate and higher education May webinar.pptx

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....

How to Troubleshoot Apps for the Modern Connected Worker

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

DBX First Quarter 2024 Investor Presentation

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Introduction to use of FHIR Documents in ABDM

Navigating Identity and Access Management in the Modern Enterprise

CNIC Information System with Pakdata Cf In Pakistan

Simplifying Mobile A11y Presentation.pptx

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Transforming the CSO Role to Business Enabler

1. Transforming the CSO Role to Business Enabler Amrit Williams, CTO, CloudPassage

2. CEOs Focus • Growth & market share • Profit & the bottom line • Operational efficiencies • Business agility & competitive advantage • Looking awesome on CNBC & being referenced on the front page of the WSJ

3. CSOs Focus Protecting the business while dealing with: • Increasingly hostile threat environment o Financially motivated & well-organized o Nation-state sponsored o Advanced, sophisticated & targeted • Rapidly evolving infrastructure o Data-center transformation (SDDC, private cloud) o Public / private cloud hybrid o Mobile devices • Dizzying array of exciting compliance initiatives And…never being referenced on the front page of the WSJ!

4. Rapidly Evolving Infrastructure & Technology IT enterprise architecture circa 2006 IT enterprise architecture circa today IT enterprise architecture circa 2000

5. Too Often, The CSO Has Been Positioned as “Dr. No” NO! Can I use my own smart phone to access corp. resources? Can we run our BU’s workloads on AWS? Can you approve the use of this SaaS application?

6. So How Do You Become a Business Enabler?

7. Tip #1: Commit to Change • Tell people that you’re committed • Paint a vision for the future & develop a roadmap for change • Engage the business units & understand their needs • Rally the troops and continue to show progress towards reaching business objectives

8. Tip #2: Speak in the Language of the Business • Translate “security speak” to business value • Stay away from the technical details • Become a story teller; use simple language • Relate what your team is doing to meet business objectives • Preventing data loss/breaches can be investments in: o Innovation o Enhancing the bottom line

9. Tip #3: Embrace Shadow IT • Support the business drivers: speed, agility • Invest in technology that empowers business, but gives visibility, protection across cloud infrastructure • Implement a security playbook; then publish it to the business: o Policies o Procedures o Technology

10. Tip #4: Leverage Analytics • Use data to make your case • Present analytics in clear, simple language • Agree on small set of KPIs to measure progress

11. Tip #5: Invest in Agile Security… • Agile security is… o Portable (works anywhere) o Scalable (on-demand) o Automated o Orchestrated o Service-oriented o Flexible, metered licensing • A flexibly defined set of automated, orchestrated security controls that work anywhere, at any scale, on-demand

12. …That Addresses Six Critical Control Objectives Immediate, consistent, continuous knowledge of what assets exist, where they reside, & what they’re doing. Visibility Strong, layered controls enabling authorized access & denial of resources to unauthorized entities. Strong Access Control Continuous detection & elimination of issues that create exploitable points of weakness. Vulnerability Management Assurance that critical data is encrypted & used appropriately by authorized entities while in motion or at rest. Data Protection Capabilities that enable detection & response to malicious or accidental compromise of resources. Compromise Management Day-to-day management of technologies & processes that comprise security & compliance. Operational Automation

13. Want to Learn More? awilliams@cloudpassage.com www.cloudpassage.com

Transforming the CSO Role to Business Enabler

Recommended

Recommended

More Related Content

What's hot

What's hot (15)

Viewers also liked

Viewers also liked (13)

Similar to Transforming the CSO Role to Business Enabler

Similar to Transforming the CSO Role to Business Enabler (20)

More from CloudPassage

More from CloudPassage (20)

Recently uploaded

Recently uploaded (20)

Transforming the CSO Role to Business Enabler