Registration Opens for Cloud Security Alliance Research SummitJanuary 20, 2022
The Cloud Security Alliance (CSA) announced that registration has opened for the CSA Research Summit (March 9-10, 2022). The event, originally scheduled to be held in February in conjunction with the 2022 RSA Conference, will bring together CSA’s top researchers to share their insight and expertise on the issues that will define cloud security.
“CSA’s global community of volunteer researchers are among the industry’s unsung heroes. Their tireless efforts over the last 13 years have resulted in a body of work that has improved the baseline of cybersecurity around the world. I am delighted that we are able to showcase experts from several important working groups in the CSA Research Summit, providing clarity on the issues of today and insights into the future of cybersecurity in the cloud,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
In the weeks leading up to the event, CSA will hold a “road to the summit” webinar series that will kick off on February 16 with “Riding the OpenSource Security Roller Coaster,” in which CSA Chief Blockchain Officer and Director of Special Projects Kurt Seifried will discuss a basic maturity model for dealing with OpenSource security. Additional webinars will be held on February 23 and March 2.
Summit participants will hear from researchers from CSA’s top working groups, who will share their insight on topics such as Zero Trust, top threats in the cloud, vulnerabilities identification and disclosures, and cloud key management. Included in the event are sessions covering:
- Policy Development and Business Alignment for Cloud. Speaker: Jon-Michael Brook. This discussion will show the usage of the enterprise architecture to cover key areas of cloud, as well as utilizing the Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) to build out appropriate controls within policy.
- Pillars for Practical Implementation of Secure DevOps. Speaker: TBD. In this session, we will provide an overview of the research from Cloud Security Alliance’s DevSecOps Working Group. From collective responsibility to automation, researchers will discuss the recommendations from CSA’s Six Pillars of DevSecOps whitepaper series and the current state of security within cloud application development.
- Cloud Dev Wars: Serverless vs Containers & Microservices. Speakers: Anil Karmel, John Yeoh. A combination of serverless functions, application containers, and other microservices are rapidly becoming the foundation of cloud application development and the successor to virtual machines. In this session, researchers from multiple CSA working groups will compare and contrast these tools, articulate the unique security concerns of each, and provide guidance for security strategies encompassing all of these environments.
- Top Threats- Survey Report. Speaker: Jon-Michael Brook. The Top Threats survey report and findings will be reviewed in this session.
- The Failure of Vulnerability Identifiers and How We Fix Them. Speaker: Josh Bressers. In this session, Cloud Security Alliance researchers will discuss the latest developments from our new Global Security Database (GSD) working group, including how existing vulnerability identifiers have failed to keep pace with innovation, along with some of the working group’s high-level goals.
- Taking Control of Your Enterprise’s IoT Security. Speaker: TBD. This presentation will cover the CSA IoT Security Control Matrix and how enterprise organizations can tailor it to their unique risk profiles, leverage the matrix to create or update an Enterprise IoT Security Architecture, and how it can be applied across different industries, including manufacturing, health care operations, and transportation.
- Cloud Security in the Quantum Era: Getting Ready for Y2Q. Speaker: Bruno Huttner. Attendees will get an overview of the quantum computer and quantum threat, as well as possible solutions some of which are based on new algorithms, known as quantum-resistant algorithms.
- Guidance from Health Information Management (HIM) Publications. Speaker: Vince Campitelli. This session will use papers from the HIM Working Group as an outline for providing guidance that can benefit healthcare delivery organizations, medical officials and professionals, and patients.
- The Role Key Management Plays in Encryption. Speaker: TBD. What role does encryption play in protecting customer content? In this session, we explore how key management fits into the protection scheme.
- CxO Trust Initiative: Research for the C-Suite. Speakers: Illena Armstrong, Vincent Campitelli, John Yeoh. This session will give an overview on some of the research ideas and strategies from the CxO Trust Advisory Council, which includes personal identifiable information (PII) in the cloud, SaaS provider security, Zero Trust models, cross-cloud-platform security strategy, security operations and response, confidential computing, regulatory compliance, and cloud expertise, among others.