Wednesday, June 05, 2024 17:30—18:30
Wednesday, June 05, 2024 17:30—18:30
With the European Union's Network and Information Security (NIS2) directive being in effect in October 2024, it is estimated that 40000 German companies do not realize they must comply with the directive. One of the big questions is how companies could prepare for the NIS2 Directive, especially if they are using cloud-native infrastructures. The talk will discuss on what are the steps needed to make the clouds to be ready for NIS2.
Is securing your cloud security different from securing other forms of IT? You would think so from the alphabet soup of acronyms around the subject.
Organizations are exploiting cloud because they help to accelerate business changes without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, the dynamic nature of cloud services creates new security challenges that need a dynamic approach to governance and security controls.
In addition, the responsibilities for security and compliance are shared between the CSP (Cloud Service Providers) and the cloud customer and it is up to the customer to ensure that they use the cloud in a secure and compliant manner. On top of that each cloud service provides its own proprietary tools for security. KuppingerCole Leadership Compass on CNAPP will help you to make sense of this.
How can an organization be sure that it is using cloud services securely and in a way that meet its compliance obligations and its appetite for risk? This presentation will provide an overview of the risks and how these tools can help.
After attending this presentation, you will be able to:
- Describe the major risks related to the way organizations use cloud services.
- Explain why cloud services need dynamic rather than static controls.
- List the different kinds of tools (and their acronyms) that claim to manage these risks.
- Describe the main functionality that a CNAPP solution should provide.
From what used to be a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. APIs are now powering the logistics of delivering digital products to partners and customers. Almost every software product or cloud service now comes with a set of APIs for management, integration, monitoring, or a multitude of other purposes.
This evolution only continues to accelerate. As new digital transformation initiatives across various industries emerge, diverse business models are reshaping the technical requirements for API development and operations dramatically. New standards, technologies, and development methodologies introduced by the need to support numerous use cases have also introduced additional complexity to existing API management platforms.
REST APIs are still commonly used today, but they are increasingly augmented or displaced with a variety of alternative protocols and standards, such as GraphQL or gRPC. In fact, the industry is evolving so fast that API management solutions in their traditional sense, like API gateways, can already be considered IT legacy products.
In a sense, API security has long become an industry of its own; with the scope of risks and challenges the industry confronts growing exponentially, API security solutions have to expand their coverage and grow in complexity themselves. Providing comprehensive protection against the broad range of API-specific threats and doing it consistently throughout the whole lifecycle of an API is complex. In this session, the results of our latest market research will be presented, helping you to understand the critical capabilities and to select the right solution for your specific problems and requirements.