Cloud Security Alliance Bangalore Research Work

Monthly Event

Home

events

research

About us

Annual event

Research by

The Chapter

Technology &

Cloud Security Maturity

Research

Technology & Cloud Security Maturity Global Report

Release Date: 02/03/2022

The goal of this survey is to better understand the maturity levels of organizations for the cloud and technology both currently and in the near future.

Key areas of interest include:

Current cloud use and strategy
Top drivers for using multi-cloud environments
Current and future cloud security strategies and solutions
Predicted changes in the use of cloud and related technologies

Editors

Contributors

Akash Gupta

Akshata Mongha

Alex Kaluza

Brent Jenkins

Carole Murphy

Harley Adams

Hillary Baron

Joe Leung

John Yeoh

(Alphabetic order )

Josh Buker

Krishna Pandey

Madhukeshwar Bhat

Manjesh Pai

Niel Pandya

Pooja Agrawalla

Preeti Bheesikar

Ramses Gallego

Sailaja Vadlamudi

Satyavathi Divadari

Savitha Gowda

Sean Heide

Shamun Mahmud

Shirish Verma

Spiros Liolis

Stan Wisseman

Sujatha Yakasari

Vandana Verma

Satyavathi Divadari

CSA Bangalore

Hillary Baron

Cloud Security Alliance

Carole Murphy

CyberRes by OpenText

Global Research Key Findings

Increased adoption of multi-cloud despite challenges

The top challenges are

Availability of security skills across multiple CSP (26%)
Architectural differences (22%)
Comprehensive governance (20%)

Use of SDP, ASM, and CSPM might increase in next 2 years

Grow Trends Observed are

Software-Defined Perimeter (SDP) - (47%)
Attack Surface Management (ASM) - (45%)
Cloud Security Posture Management (CSPM) - (45%)

Zero Trust, AI/ML & Serverless might increase in next 2 years

Growth Trends observed

Zero Trust (60%)
AI or ML (43%)
Serverless Computing (42%)

Download Research Paper

CSA CCM v3.0.1 Addendum to the

Reserve Bank of India (RBI)’s

Gopala Krishna Committee (GKC) report

Release Date: 11/27/2019

This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report, on Information Security, Electronic Banking, Technology Risk management & Cyber Frauds.

The document aims to help organizations adhering to the aforementioned RBI's document to also meet CCM requirements. This is achieved by identifying compliance gaps in the RBI's document in relation to the CCM.

Editors

Contributors

(Alphabetic order )

Satyavathi Divadari

CSA Bangalore

Ekta Mishra

Cloud Security Alliance

Ajay Rentala

Ekta Mishra

Haojie Zhuang

Krishna Kishore

Manjesh Pai

Manju Lalwani

Priyanka S

Satyavathi Divadari

Sivaram I

Sohit Raina

Victor Chin

Yogesh G

CSA CCM v3.0.1 Mapping

RBI Gopalakrishna Committee Report

The RBI constituted the Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which produced its report in January 2011.

The Working Group was headed by Mr. G. Gopala Krishna and is popularly known as the Gopalakrishna Committee Report.

CCM Matrix

The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing.

It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology.

The controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance.

The Mapping Exercise by the Chapter

CSA Bangalore Research working group has taken a Cloud Control Matrix(CCM) and Gopalakrishna Committee report, blended it together and prepared a mapping document.

Download Research Paper

Webinars based on the Global Research

Evolution of Cloud Security & Privacy Technologies - CxO Perspectives

Panelists :

Jim Reavis, CEO, Cloud Security Alliance

Bob Guay, Director, CISO, Emerging Security Technology, Johnson & Johnson Inc.

Veronica Rose, Director, ISACA Board, Senior IS Auditor, KPMG

Satyavathi Divadari - Chairman, CSA Bangalore

Stan Wisseman - Research Collaborator, Chief Security Strategist-NA, CyberRes

Feb 25 2022

Description:

This webinar covers diverse opinions of CISOs, CPOs, Security Strategists, and Solution Integrators around the technology evolution in the areas of cloud security and privacy.

During pandemics, organizations are accelerating the transformation to cloud and how they are managing security and privacy concerns while doing hyper-scale migrations.

The cloud adoption states include completely cloud, hybrid, or multi-cloud deployments. We will discuss the status of Privacy by design strategies by a different organization and their plans.

Several concepts such as Zero Trust, Machine Intelligence, and Cloud automation such as have taken a non-linear acceleration. This webinar is a preview of the recent release of the Cloud Security Alliance (CSA) research paper, titled "Technology and Cloud Security Maturity," sponsored by Micro Focus CyberRes.

Privacy Enablement and

Artificial Intelligence in the Multi-Cloud Era

Panelists :

Madhu Bhat, Director of Chapter Development, CSA Bangalore

Allam Vinodh Kumar, Practice Partner, WIPRO

Ramses Gallego, International Chief Technology Officer, CyberRes

May 10th 2022

Description:

Do you want to know how to take competitive advantage of multi-cloud while managing privacy and security effectively and efficiently? Find out from our panel of experts as they discuss the challenges of multi-cloud adoption, deliberate on solutions that enable privacy and empower zero trust, and describe how to reduce risk exposure with threat intelligence and automation.

With their experience and expertise, they will discuss the best strategies to enable the acceleration of multi-cloud with security solutions: • How privacy enablement increases cost efficiencies and reduces risk with data minimization, monetization, and protection. • How zero trust enablement helps in securing access to data and assets across multi-cloud.

• How threat intelligence helps in staying abreast of the latest and greatest threat actors attacking assets on hybrid-cloud. • How Artificial Intelligence aids in reducing risk exposure, specifically on cloud. • How to automate security and privacy-enabling technologies and reduce risk.

Critical AppSec Capabilities that accelerate Cloud Transformation

Panelists :

Suvabrata Sinha, NXP Technologies, ; Martin Knobloch, CyberRes Board of Dir, OWASP ; Sujatha Yakasiri, CSA BLR

Jun 9th 2022

Description:

Application security continues to evolve from shifting left to shifting everywhere as we move further into a cloud-driven era. Learn from our panel of experts as they discuss the challenges of cloud-driven application security in 2022 and the critical capabilities to address them. With their experience and expertise, they will discuss the best strategies to allow software security risks to balance with business imperatives that accelerate the speed of digital innovation covering various topics such as:

• DevSecOps

- Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality.

• Cloud Native AppSec

- The adoption of containers, microservices, APIs, serverless, infrastructure-as-code and other cloud-first technologies introduces new risks that must be addressed in the SDLC.

• Software Supply Chain

- Increasingly a target for threat actors, it’s critical to ensure the software your organization delivers comprised of open source, commercial and custom code is properly secured during development.

Multi-layer Intelligence for Cyber Resilience

Panelists :

Umang Handa, Partner, PWC;

Emra Alpa, Sr. Product Manager, CyberRes;

Satyavathi Divadari, President, CSA Bangalore

Sep 28th 2022

Description:

Explosive growth of digitization and cloud adoption increased the threat landscape across different sources that include cloud, IoT, edge computing and many more.

Advanced threats evolved overtime that includes ransomware, attacks on cloud platforms, and IoT/ OT devices.

Extended threat landscape requires capabilities that includes centralized threat insights, early detection, proactive threat hunting, layered analytics, and automated response to address the concerns of internal threats and external threats such as local, regional, industry and global across sector

Enabling Zero Trust for the Cloud

Panelists :

Fernando Mitre Caetano Moisés Cybersecurity & Privacy Partner, PwC Brazil

Kevin Hansen Chief Technology Officer, Public Sector at Micro Focus Government Solutions

Satyavathi Divadari Chairman, CSA Bangalore

Oct 15th 2022

Description:

Organizations are discarding the model of “Trust but Verify” and moving toward a zero trust model. That is, “Never Trust, Always Verify, Enforce Least Privileges.”

Effective implementation of zero trust requires a risk assessment of the access to data or the environment. And then, based on the risk level, facilitating authentication, authorization, privilege, and lifecycle management to meet compliance standards across modern, hybrid enterprises.

Zero trust also requires protection of data in use, in transit, and at rest while enabling adaptive access to trusted entities.