Attendees
Guest: Olaf Streutker
Guest title: CISO Advisor
Company: ABN Amro
Abstract
The Cloud Octagon Model is a new framework for cloud adoption (mostly SaaS adoption). The model was designed in cooperation between ABN-Amro and the Cloud Security Alliance and assists organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud.
Link to CSA Cloud Octagon Model:
https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/
Timing
0:00 |
Intro and introducing the guest and ABN Amro cloud adoption methodology |
12:10 |
The evolution of the Cloud Octagon Model and basic concepts |
11:28 |
How ABN-Amro are dealing with IaaS/PaaS vs. SaaS |
15:30 |
The different phases of the Cloud Octagon Model: Classification |
20.30 |
Core banking applications in the cloud |
24.20 |
The different phases of the Cloud Octagon Model |
31.20 |
Summary and conclusions |
Attendees Guest: Shira Shamban Guest title: CEO & Co-Founder Company: Solvo Abstract In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process. Timing: 0:00 Introducing our guest 3:00 Introducing cloud identity challenges 6:20 Why role management is not enough 11:40 Why we fail to create least-privilege-roles 15:10 How to manage IAM securly - the people angle 18:13 How to manage IAM securly - the process angle 21:08 How to manage IAM securly - the technology angle 31:08 Summary and last words ...
Attendees Guest: Guy Flechter Guest title: CISO Company: AppFlayer Abstract One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he is providing R&D guidelines and support while keeping them motivated and committed to security. Timing 0:00 Intro and introducing Appsflyer and its digital business 10:29 Understanding Appsflyer underlying technology and security challenges 14:20 “We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology 19:55 the people angle: Building the right team and how to work efficiently with R&D team. 27.40 The technology angel: How to make sure developers don’t need security in everyday life, but they are still on the right tracks 37.10 The process angel: building developers autonomy 40.25 Summary and conclusion ...
Guest: Adam Gavish Guest Title: Co-Founder and CEO, DoControl.io Topic: Protecting SaaS services using automation & continuous monitoring Abstract: SaaS services are blooming and organizations are adopting more and more of them. In this episode, we hosted Adam Gavish, co-founder, and CEO at DoControl - an innovative startup that is reshaping the way we govern and monitor SaaS applications - about the business case of SaaS services, the market gaps, and how organizations should catalog, protect and monitor their SaaS portfolio. ...