RESEARCH WORK
RESEARCH
BANGALORE CHAPTER
TECHNOLOGY & CLOUD SECURITY MATURITY GLOBAL REPORT
Release Date: 02/03/2022
The goal of this survey is to better understand the maturity levels of organizations for the cloud and technology both currently and in the near future.
​
Key areas of interest include:
-
Current cloud use and strategy
-
Top drivers for using multi-cloud environments
-
Current and future cloud security strategies and solutions
-
Predicted changes in the use of cloud and related technologies
EDITORS
SATYAVATHI DIVADARI
CSA Bangalore
HILARY BARON
Cloud Security Alliance
CAROLE MURPHY
CyberRes by OpenText
CONTRIBUTORS
Akash Gupta
Akshata Mongha
Alex Kaluza
Brent Jenkins
Carole Murphy
Harley Adams
Hillary Baron
Joe Leung
John Yeoh
Josh Buker
Krishna Pandey
Madhukeshwar Bhat
Manjesh Pai
Neil Pandya
Pooja Agrawalla
Preeti Bheesikar
Ramses Gallego
Sailaja Vadlamudi
Satyavahti Divadari
Savitha Godwa
Sean Heide
Shamun Mahmud
Shirish Verma
Spiros Liolis
Stan Wisseman
Sujatha Yakasari
Vandana Verma
GLOBAL RESEARCH KEY FINDINGS
Increased Adoption of Multi-Cloud Despite Challenges
Top Challenges are:
Availability of security skills across multiple CSP (26%)
Architechture differences (22%)
Comprehensive governance (20%)
Use of SDP, ASM and CSPM might increase in next 2 years
Grow trends observed are:
Software-Defined Perimeter (SDP) - (47%)
Attack Surface Management (ASM) - (45%)
Cloud Security Posture Management (CSPM) - (45%)
Download Research Paper
Zero Trust, AI/ML & Serverless might increase in next 2 years
Grow trends observed are:
Zero Trust (60%)
AI or ML (43%)
Serverless Computing (42%)
CSA CCM v3.0.1 ADDENDUM TO THE RESERVE BANK OF INDIA (RBI)'S GOPALAKRISHNA COMMITTEE (GKC) REPORT
Release Date: 11/27/2019
This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report, on Information Security, Electronic Banking, Technology Risk management & Cyber Frauds.
The document aims to help organizations adhering to the aforementioned RBI's document to also meet CCM requirements. This is achieved by identifying compliance gaps in the RBI's document in relation to the CCM.
EDITORS
SATYAVATHI DIVADARI
CSA Bangalore
EKTA MISHRA
Cloud Security Alliance
CONTRIBUTORS
Ajay Rentala
Ekta Mishra
Haojie Zhuang
Krishna Kishore
Manjesh Pai
Manju Lawani
Priyanka S
Satyavathi Divadari
Sivaram I
Sohit Raina
Victor Chin
Yogesh G
CSA CCM v3.0.1 MAPPING
RBI Gopalakrishna Committee Report
The RBI constituted the Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which produced its report in January 2011.
The Working Group was headed by Mr. G. Gopala Krishna and is popularly known as the Gopalakrishna Committee Report.
The Mapping Exercise by the Chapter
CSA Bangalore Research working group has taken a Cloud Control Matrix(CCM) and Gopalakrishna Committee report, blended it together and prepared a mapping document.
This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report, on Information Security, Electronic Banking, Technology Risk management & Cyber Frauds.
Download the Research Paper
CCM Matrix
The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing.
It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology.
The controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance.
WEBINARS BASED ON THE GLOBAL RESEARCH
Evolution of Cloud Security & Privacy Technologies - CxO Perspectives
Panelists
JIM REAVIS
CEO, Cloud Security Alliance
BOB GUAY
Director CISO, Emerging Security Technology, Johnson & Johnson Inc.
VERONICA ROSE
Director, ISACA Board, Senior IS Auditor, KPMG
SATYAVATHI DIVADARI
Chairman, CSA Bangalore
STAN WISSEMAN
Research Collaborator, Chief Security Strategist - NA, CyberRes
FEB 25, 2022
Description
This webinar covers diverse opinions of CISOs, CPOs, Security Strategists, and Solution Integrators around the technology evolution in the areas of cloud security and privacy.
​
During pandemics, organizations are accelerating the transformation to cloud and how they are managing security and privacy concerns while doing hyper-scale migrations.
​
The cloud adoption states include completely cloud, hybrid, or multi-cloud deployments. We will discuss the status of Privacy by design strategies by a different organization and their plans.
​
Several concepts such as Zero Trust, Machine Intelligence, and Cloud automation such as have taken a non-linear acceleration. This webinar is a preview of the recent release of the Cloud Security Alliance (CSA) research paper, titled "Technology and Cloud Security Maturity," sponsored by Micro Focus CyberRes.
Privacy Enablement & Artificial Intelligence in the Multi-Cloud Era
Panelists
MADHU BAHT
Director of Chapter Development, CSA Bangalore
ALLAM VINODH KUMAR
Practice Partner, WIPRO
RAMSES GALLEGO
International Chief Technology Officer, CyberRes
MAY 10, 2022
Description
Do you want to know how to take competitive advantage of multi-cloud while managing privacy and security effectively and efficiently? Find out from our panel of experts as they discuss the challenges of multi-cloud adoption, deliberate on solutions that enable privacy and empower zero trust, and describe how to reduce risk exposure with threat intelligence and automation.
With their experience and expertise, they will discuss the best strategies to enable the acceleration of multi-cloud with security solutions:
-
How privacy enablement increases cost efficiencies and reduces risk with data minimization, monetization, and protection. How zero trust enablement helps in securing access to data and assets across multi-cloud.
-
How threat intelligence helps in staying abreast of the latest and greatest threat actors attacking assets on hybrid-cloud.
-
How Artificial Intelligence aids in reducing risk exposure, specifically on cloud. • How to automate security and privacy-enabling technologies and reduce risk.
Critical AppSec Capabilities that Accelerate Cloud Transformation
Panelists
SUVABRATA SINHA
NXP Technologies
MARTIN KNOBLOCH
CyberRes Board of Dir, OWASP
SUJATHA YAKASIRI
CSA BLR
JUNE 9, 2022
Description
Application security continues to evolve from shifting left to shifting everywhere as we move further into a cloud-driven era. Learn from our panel of experts as they discuss the challenges of cloud-driven application security in 2022 and the critical capabilities to address them. With their experience and expertise, they will discuss the best strategies to allow software security risks to balance with business imperatives that accelerate the speed of digital innovation covering various topics such as:
​
DevSecOps
Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality.
​
Cloud Native AppSec
The adoption of containers, microservices, APIs, serverless, infrastructure-as-code and other cloud-first technologies introduces new risks that must be addressed in the SDLC.
​
Software Supply Chain
Increasingly a target for threat actors, it’s critical to ensure the software your organization delivers comprised of open source, commercial and custom code is properly secured during development.
Multi-Layer Intelligence for Cyber Resilience
Panelists
UMANG HANDA
Partner, PWC
EMRA ALPA, Sr.
Product Manager, CyberRes
SATYAVATHI DIVADARI
President, CSA Bangalore
SEPT 28, 2022
Description
Explosive growth of digitization and cloud adoption increased the threat landscape across different sources that include cloud, IoT, edge computing and many more.
​
Advanced threats evolved overtime that includes ransomware, attacks on cloud platforms, and IoT/ OT devices.
​
Extended threat landscape requires capabilities that includes centralized threat insights, early detection, proactive threat hunting, layered analytics, and automated response to address the concerns of internal threats and external threats such as local, regional, industry and global across sector
Enabling Zero Trust for Cloud
Panelists
FERNANDO MITRE CAETANO MOISÉS
Cybersecurity & Privacy Partner, PwC Brazil
KEVIN HANSEN
Chief Technology Officer, Public Sector at Micro Focus Government Solutions
SATYAVATHI DIVADARI
President, CSA Bangalore
OCT 15, 2022
Description
Organizations are discarding the model of “Trust but Verify” and moving toward a zero trust model. That is, “Never Trust, Always Verify, Enforce Least Privileges.”
​
Effective implementation of zero trust requires a risk assessment of the access to data or the environment. And then, based on the risk level, facilitating authentication, authorization, privilege, and lifecycle management to meet compliance standards across modern, hybrid enterprises.
​
Zero trust also requires protection of data in use, in transit, and at rest while enabling adaptive access to trusted entities.
Foundations of Cloud Computing - Summer Work Shop
Panelists
SUJATHA YAKASIRI
Director, Chapter Development, CSA Bangalore
AKASH GUPTA
Director, Academia, CSA Bangalore
MAY, 2021
Description
Learn about why Cloud Computing is essential in today’s world
​
-
Traditional mode of computing
-
Evolution of Cloud and rapid growth adoption
-
Industry examples and case studies (ex: Swiggy, Paytm, Amazon)
-
Definition of Cloud Computing and Essential characteristics
-
Cloud service models and their features ( Pizza as a service)
-
Deployment models (Private, Hybrid and Community) with industry examples
​
Practical exercises of identity and Access Management and Examples in the enterprises
Career Planning workshop
Foundations of Cloud Computing - New Year Work Shop
Panelists
VANDANA VERMA
Board of Director, OWASP Global
AKASH GUPTA
Director, Academia, CSA Bangalore
MAY, 2021
Description
Learn about why Cloud Computing is essential in today’s world
​
-
Traditional mode of computing
-
Evolution of Cloud and rapid growth adoption
-
Industry examples and case studies (ex: Swiggy, Paytm, Amazon)
-
Definition of Cloud Computing and Essential characteristics
-
Cloud service models and their features ( Pizza as a service)
-
Deployment models (Private, Hybrid and Community) with industry examples
​
Practical exercises of identity and Access Management and Examples in the enterprises
Career Planning workshop