KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
While organizations are becoming increasingly eager to embrace the cloud for multiple business benefits, for CISOs and CIOs these efforts bring new challenges to understand and evaluate security and privacy impacts by introducing cloud solutions to their enterprises. Adopting cloud services can dramatically improve flexibility and scalability of critical business applications, reduce time-to-market for new products and even unlock completely new business models. Join Dr. Barbara Mandl, Senior Vice President for Business Development at KuppingerCole, to learn about possible benefits a cloud solution may add to your existing security landscape. Hopefully this webinar and KuppingerCole’s upcoming Executive Dinner series will inspire you to novel approaches for solving your cloud challenges.
While organizations are becoming increasingly eager to embrace the cloud for multiple business benefits, for CISOs and CIOs these efforts bring new challenges to understand and evaluate security and privacy impacts by introducing cloud solutions to their enterprises. Adopting cloud services can dramatically improve flexibility and scalability of critical business applications, reduce time-to-market for new products and even unlock completely new business models. Join Dr. Barbara Mandl, Senior Vice President for Business Development at KuppingerCole, to learn about possible benefits a cloud solution may add to your existing security landscape. Hopefully this webinar and KuppingerCole’s upcoming Executive Dinner series will inspire you to novel approaches for solving your cloud challenges.
As modern businesses across all verticals continue their rapid digitalization, the need to store, process and exchange data securely is becoming an essential factor for any company. However, this is particularly challenging for high-tech companies dealing with highly-sensitive R&D data.
KuppingerCole Webinar recording
The realm of cloud security has been extensively covered in books and articles, yet a crucial aspect remains ripe for exploration. It revolves around the fundamental understanding of what your cloud service provider offers and, equally vital, where your responsibilities lie in the realm of cloud security.
When embarking on the journey of adopting a cloud service, the foremost question to answer is, "What aspects of security do I need to oversee?" In a traditional on-premises setting, roles are distinct: IT manages infrastructure, information and cybersecurity handles security, and application developers bear the responsibility for code integrity. However, the landscape is evolving, with many organizations embracing DevOps, where these responsibilities are often shared, and the lines between development and operations blur or vanish.
Regardless of organizational structure, the majority of security obligations reside within your company's domain when you use an on-prem environment. Transitioning from an on-premises environment to a cloud environment presents one of the most intricate challenges—a more intricate shared responsibility model for security.
In the context of cloud security, two paramount concerns need close attention.
The first is the risk of misconfiguration. In a cloud environment, misconfigurations can inadvertently expose sensitive data and vulnerabilities, underscoring the critical importance of ensuring that cloud services and resources are set up correctly to mitigate such risks.
The second concern is insider attacks. Cloud users often lack influence over the staff of cloud service providers, making it essential to consider the possibility of insider threats. While cloud service providers typically promise robust security measures in place, it's crucial for organizations to implement their own layers of security to safeguard against insider attacks and unauthorized access, fortifying the shared responsibility model in the cloud.
In my presentation, I will delve into these intricacies, providing valuable insights and real-world examples of what your cloud service provider can do, irrespective of your specific needs and/or preferences.
More organizations are now moving to the cloud. From a security perspective – refactoring the applications provides a major opportunity to improve security posture. This session explores how the right approach towards can save time, increase inherent security, and ensure apps are compliant.
Data is the lifeblood of business and government. Therefore, data breaches can be devastating in terms of disruption, damage to reputation, remediation costs, and data protection fines. But the ongoing high number of breaches shows that what many organizations are doing to protect their data is not working.
Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the attacker could enter.
Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the enemy could enter.
But things have changed substantially: The traditional security perimeter is proving to no longer be an effective cybersecurity control and fast-growing technologies, such as cloud, mobile and virtualization make the boundaries of an organization blurry. Protecting sensitive resources of modern organisations, which are becoming increasingly logically and geographically distributed, is becoming a challenge. Sensitive data and critical business processes need to be adequately protected, no matter where they are deployed and from where they are accessed. The perimeter has moved, and organizations need to move with it.
Welcome to our first executive dinner webinar. This series will be focusing on cloud solution and their security benefits. My name is Barbara Mandel and I joined Cooper call in 2017. Some remarks about the company co call. It was founded in 2004 and it's specialized in information security in identity and access management in identity access governance in risk management and compliance, and is also focusing on many, many areas concerning the digital transformation. The business areas are threefold research events and advisory in research.
There are many topics which are available, identity, access management and security research. There is a available uncertain topics and other material, which you can find on webpages. The second are events, events, conferences, webinars, such as these special events where now the new events, the dinners, the upcoming executive dinners will be some special events. Advisory third column in our business areas, our advisory, where we are doing advisory to companies around the digital transformation around security, around the data and access management. So I want to talk about the dinners.
The new executive dinner series in 2017 will be starting in Munich in Munich. On the 4th of October, the overarching topic for these dinners is security in the cloud solutions. And I will talk about these solutions now and the rest of the talk. There will be other topics in the dinners, and we will announce them in the future. Some guidelines for this webinar, please consider that you are muted centrally. So you do not need to mute or unmute yourself. We control this. We will record this webinar and the podcast will be available from tomorrow on. And at the end, I will ask for questions.
I will, you can put them in anytime you want in our panel. And I will go into those at the end of our session. So what is this about in security and which kind of challenges do you see with cloud solutions, but especially which benefits could you get out of this? Let's say you are a CSO or a CDP data professional, or a chief security officer, and your company decides to deploy a cloud solution, but you have not been involved immediately very much now in the beginning. So now at the end, they want this quick decision from you all. What can we do? Should we do this?
Should we deploy this cloud solution, et cetera? Now you didn't have much time to look maybe at the security and the data protection questions, which are involved and you need to ask the provider now. And so sometimes it happens at companies, the security people like yourself might be thinking, oh, I can't do this. And you can become a show stopper. Now this is a big shame. It's a big shame that you would be considered as a show stopper.
This is what we want to talk about in many dinners to come, because maybe the cloud solution may solve some of your long, existing security issues who knows it might help you and cloud might in total even improve the security situation. The company I'll give you some ideas in these slides and the rest should be talked about in one of the dinners.
So what I'm trying to say for you all, why don't you try this strategy to be the promoter of cloud solutions and very many companies that's very unexpected by that security people would be the promoter of cloud solutions, surprise your business, help your business to move forward as quickly and as agile as possible. What could you do?
Well, you might want to think about a possible strategy, create a very simple cloud assessment program in your company that would help to assess it much quicker. If there is a cloud provider to be talked about, to be accepted, to be implemented. The other thing you should be thinking about, and I'm sure you all are, is how to integrate cloud and on premise, because probably you will still have on premise solutions. And how are you gonna do this in a secure way, but also know your own security issues.
You might have some security issues and see whether cloud proposal could help you to clean some of your security issues. Just a couple of ideas, which you could maybe put into your strategy, how to deal with cloud solutions. When I talk about cloud solutions, I'm on site nine. Now I look at maybe different ways than officially people would look at cloud solutions.
You have those dedicated services and applications like services you would use for your HR, for your sales, like Salesforce for your email system, just for collaboration, your Microsoft 365 service now for your service levels, etcetera, you might use these, but you need to know how the security works, how that works together with your own on machines, infrastructure. I see a lot of those like Azure, you do testing your testing there.
IBM, Google your Rackspace digital ocean. There are many of those who offer, which offer you infrastructure.
Again, the infrastructure security should somehow be interconnected with your infrastructure security in the future. Then those, I find very interesting as well are the cloud solutions, which offer security services like I welcome. And the management realm Proofpoint in the realm, especially in male security, Okta S in measuring and white hat security and so on. These are services which can or are offered within a cloud solution. But you know, the first question you need to ask, and then I'm sure you ask yourself and larger the company or the corporation.
The more difficult this question becomes is what kind of data types do I have? Is this really a simple question? Some people think it's easy.
No, I think it's a very difficult question because do you really know the data which belong or yeah. Belong in your company? Do you know who the data owner is? Do you know someone in the business who knows them? Do you know the legal requirements and the privacy requirements you have to follow up? Do you know the data protection requirements? Do you know the business threat analysis? Do you really know what your business is? What's your main threat against your business and what are your security requirements and policies.
If you know all that, then you need to ensure that the cloud, if you give that certain types of data, that they can also take care of your data the way they should. Now, on the other hand, if you, so what do you need is the next question now, suppose you are. And many companies like that, that you do not really know your threats, maybe a cloud provider knows more about your threats. Maybe he can see more attacks. Maybe he can help you to figure out more about your attacks, maybe in certain realms, especially if you do services, your patch management is not the way it should be.
Well, let's assume that the solution providers for cloud services, HR service, or what have you, not that they have their catchment order. Wouldn't that be nice that you have one problem less? How good is your knowledge on vulnerability management throughout all your systems? Do you really know that? So maybe again, a cloud solution may help you to make it more, some parts of your business, more transparent, what the vulnerability management looks like. So try to make of your top priorities, where you're worrying at night, that you can't fix it within the companies as quickly.
And some of these clouds could offer you solution, which helps you to one of yours. So what I want to say is this, this is a very general topic. And so there will be many dinners around the topic cloud and learning more from all angles about cloud. What can help you, what can, how you can interact with the cloud? Is there a cloud provider, which could be interesting? What kind of tools could you be using? What kind of strategy? These are all questions we want to do in these dinners.
So these dinners will be in such a way that there's certain questions to be discussed round table questions and where you can discuss with precise other professionals with maybe your colleagues or other companies and analysts from coping or cope about certain questions, which you need to know on certain topics. One of the questions could be, and is very important. As you know, at the moment, the regulations and the certifications for the cloud solution.
Now, obviously you need to know exactly which regulations do you need to follow as a business and others that you need to know that your cloud solution, which regulations and certifications are granted and how do you know which certifications they follow. That could be what, so obviously the new data protection rules are a topic which are very important in Europe. The second one, I find very reassuring with cloud. You need to know how can I can trans can I get transparency on my security information?
So how does the cloud provider, Google or Amazon, or whatever, provide you with a required, especially with the new laws, with the required information on your, on your systems, on your data, on security and in time, how do you receive that? That might be, is one of the most important questions at the moment. The third one is obviously, what is the impact of this cloud security on your business?
Could this even help to improve more security and improve your data protection compliancy, maybe that could maybe to improve some of your product liability problems you're having, as if you think of IOT, it will get more and more prominent to get product liability in place. And the last questions, which is a difficult question you should have always prepare for is what does the cloud provider expect from you? How does we connect or the cloud provider, can they connect to your company? So you would need to know how does this work?
One of the things cloud providers like to do is upgrade very quickly. They need to upgrade. They need to put new patches in, which is obviously very good for you, but if you cannot follow those upgrades, if they go too fast for you, what are you gonna do? These are the expectations the cloud provider has from you that you will follow them and not the other way around. So these could be questions in different detail from dinner to dinner, but basically this is the overall thought behind it and to, sorry. Okay.
So coming back, the first dinner in this series of cloud security will be in Munich and I am ready for questions. If there are any questions, I would be happy to answer them. So I see one question and one question is, is it then for all the dinners in the future, will it be cloud only? Or what is the setup?
Well, thank you for the question. The answer to that question is there will be several themes. And the first theme we're going to handle LP cybersecurity is the security for the cloud. Others will follow and there, we will go into detail. I will also give the webinar again. Then we go in detail into the dinners. So it's always one overarching theme, but there will be various themes like that.
Okay, then there's the question on slide eight. I'll go back for a second. What is meant by strategy here on slide eight? Thank you. What I meant with this question is it's as a chief information security officer, chief data protection officer, it's good. If you would have, I'm sure most of them, you have that a strategy in place for your company.
How, from a security perspective, you are going to face the enormous amount of cloud solutions. And I give three examples here, three examples I've seen in the past, which did not work in a bad way. And maybe these dinners, I hope these dinners will help you to think about a strategy you could implement and you could develop in your company so that you would always be ready for the latest things happening cloud. And that you do not, that you can work with the business and not be later than the business in deciding about a cloud solution. There's a question on the dinners themselves.
How often will they be set up and where will they be set up? Well, they'll be in a couple places in Germany and we will keep you informed when the next dinners will be available with which topics in detail. Okay. So I don't see any more questions. And with that, I go back to the last slide. So we would love to see you and hope to welcome you at one of our dinners in the future. And this will also be available on, on the co or cold website. So you can read a look at it and tell other people to look at it.
So I end our first webinar thank and hope to see you soon at one of our events it's conferences.
