Cloud Shared Responsibility: Who’s accountable for cloud security?

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual conference. 

In a cloud environment, you can’t simply hand the keys to a cloud service provider and walk away. Companies like Amazon Web Services (AWS) and Microsoft Azure operate in a shared responsibility model, which means your cyber team still has cloud security responsibilities. However, it’s not always clear what they are, as responsibilities can vary among service providers (e.g., AWS doesn’t claim the same exact security responsibilities as Azure). Plus, depending on the type of deployment (IaaS, PaaS, or SaaS), these responsibilities can change.

To minimize vulnerabilities across your stack and from there to connected systems, it’s essential to understand where the CSP’s responsibilities start and end.

SC Media’s hosted the Cloud Shared Responsibility eSummit on November 30-December 1 for a two-day virtual event where leading industry experts addressed:

  • What security measures to expect from your cloud service provider 
  • What cloud security responsibilities are required of your cyber team 
  • Strategies to keep your integrated cloud security efforts on track 

Learn how to best protect your cloud investment. Register now to access this content on-demand.



DAY 1 – NOVEMBER 30, 2021

11:00 AM ET 
KEYNOTE | Going native: How and when to do DevSecOps in cloud 
Aradhna Chetal, Senior Director Executive – Cloud Security, TIAA 

Cloud computing opened massive doors for software development, offering huge opportunities to build, scale and integrate at a rapid pace, while also migrating apps to what can often be a more flexible environment. But cloud also opens doors to potential security risks, often tied to issues of configuration and API integration.  

So how do enterprises get it right? And when is cloud native not the best option? Aradhna Chetal, senior director executive of cybersecurity for TIAA and expert in cloud security strategies, will share her perspective on the potential and pitfalls of development and migration to a cloud environment and how to take advantage of the opportunity without introducing security risks along the way. 

11:40 AM ET
PAM Checklist: The steps to gaining privileged access security  
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic 

With 80% of breaches involving the compromise of IT and business user credentials (IDs and passwords), it’s up to organizations to create a plan to reduce the risks posed by “overprivileged access” from users, applications and services. It’s vital that you have a solid strategy for privileged access security.  

Are you considering solving the challenge of password rotation, or simplifying your authentication process with single sign-on? Are you facing complex compliance requirements?   

Join Joseph Carson, Thycotic’s Chief Security Scientist and Advisory CISO, as he guides you through the steps of an easy-to-understand Privileged Access Management (PAM) Checklist. Whether you’re starting a new PAM project or strengthening an existing privileged access solution, you’ll benefit from what you learn in this session. You can download a copy of the PAM checklist in the ThycoticCentrify booth. 

12:20 PM ET 
An untapped path to cloud security  
Yaniv Bar-Dayan, CEO and Co-founder, Vulcan Cyber 

It’s no news that security is a top barrier when migrating to the cloud. Therefore, all major cloud providers now offer native vulnerability scanning and security services for free or for lower costs to help their customers identify potential cloud security issues. Attend this session to learn the changing ecosystem of cloud environments, and how this embedded security trend can impact your cloud security program decisions. 

1:00 PM ET 
Lookout + Google Cloud: Achieve zero trust for mobile users 
Sneha Sachidananda, Principal Product Manager, Lookout 

To fully protect your organization, you have to assume that no device is trustworthy until its risk level is verified. Lookout and Google Cloud help your organization extend zero trust to mobile devices. Learn more about this example of shared cloud responsibility and security by understanding how you can continuously evaluate your employees’ smartphones and tablets’ risk levels regardless of the network they’re on, ensuring that your corporate data is not compromised. 

1:40 PM ET 
Maintaining a consistent security posture in a multi cloud world 
Brian Schwarz, Director of Product Marketing for Application Security, Fortinet 

Multi-cloud environments can create security challenges as you try to maintain a consistent security posture across your entire attack surface and pull together a cohesive view of your security. While you want to take full advantage of the security capabilities each cloud provider brings to the table, you do have options at the border between your responsibilities and that of the cloud provider’s. And for some use cases, there are good reasons to bring-your-own-tools – even if the cloud provider provides some basic capabilities. You may need more robust security controls and the ability to leverage the same solution across all your heterogeneous cloud deployments. Don’t allow differences between cloud provider tools to increase the complexity of your security environment as your security team works to support and defend your business initiatives in the cloud. Learn how Fortinet Adaptive Cloud Security solutions can help your security team deploy consistent security policies across your full cloud attack surface while giving you the tools you need to address your security responsibilities in a multi-cloud, shared responsibility security world. 

2:20 PM ET 
Cloud Workload Protection Service 
Eyal Arazi, Product Marketing Manager, Radware 

When you migrate workloads to the public cloud, you effectively become an outsider to your own network and lose control over many aspects of security. And when your inside is out, the whole world becomes your insider threat. In this environment, security of your cloud environment is defined by the people who can access your workloads, and the permissions they have. 

However, the cloud environment makes it very easy to grant excessive permissions, and very difficult to keep track of them. As a result, excessive permissions become the #1 threat to workloads hosted on the public cloud. 

Radware’s Cloud Workload Protection Service provides centralized visibility and control over large numbers of cloud-hosted workloads and helps security administrators quickly understand where the attack is taking place and what assets are under threat.

DAY 2 – DECEMBER 1, 2021

10:15 AM ET  
KEYNOTE | How to build a cloud security program 
Selim Aissi, CISO in Residence and Board Member 

With the rapid transition to the cloud, security considerations tied to configuration and access often fall short. The fact is a cloud environment requires its own security program that may differ from what organizations have in place for on-prem systems. Veteran CISO Selim Aissi will detail what makes cloud security different, key challenges associated with security in cloud environments, and the steps involved with building a cloud security program to protect assets. 

11:00 AM ET  
Meeting the challenges of a multicloud world: Secure, manage & audit all privileged access 
Christopher Hills, Chief Security Strategist, BeyondTrust 

Today, most organizations aren’t merely in the cloud—they’re in many clouds (PaaS, IaaS), and their end users regularly consume dozens, or even hundreds, of different SaaS applications. The great cloud migration is enabling the successes of increased remote working and is propelling a renewed embrace of digital transformation initiatives.  

Yet, more clouds can also mean more challenges. In addition to the fundamental cloud security issues, there’s the additional complexity and interoperability issues arising from siloed identity stores, native toolsets, and conflicting shared responsibility models between cloud providers. This creates an expanded attack surface that is attractive to threat actors seeking ways into your environment.  

The identity challenge is the most important security problem for organizations to solve across cloud and on-premises environments. This is best accomplished by standardizing the management and security controls across the entire IT ecosystem.  

 Join this session to learn: 

  • The most pressing cloud security risks 
  • Where native toolsets leave gaps in security that you must address 
  • How to implement 7 cloud security best practices with privileged access management (PAM) and vastly decrease your likelihood and scope of a cloud-related breach 

11:40 AM ET 
Oracle + Cybereason automate cloud-based threat remediation 
Josh Hammer, Field CISO – Oracle, Cybereason 

Find out how Oracle and Cybereason can help accelerate remediation of threats in the cloud. In this session, you will learn about Cybereason’s endpoint protection solution and its integration with Oracle’s cloud security posture solution which provides automated remediation of threats. 

12:20 PM ET 
Cloud Shared Responsibility: Who’s accountable for cloud security? 
Richard Beckett, Senior Product Manager – Public Cloud Security Team, Sophos 

Cyber threats are moving to the cloud more and more, taking advantage of gaps in protection, team responsibilities, and cloud security knowledge. 

Join Sophos as we discuss the shared responsibility model for security in the cloud and who’s accountable for what aspects. You’ll leave with a clear picture of how to operationalize security in the cloud, with the right security tools and expertise to reduce security risk, increase cloud security posture, and improve the efficiency of your security program and internal teams.