Cloud 101CircleEventsBlog
CAIQ Lite is now accepted into the STAR Registry! Showcase your cloud security readiness with a simplified assessment. Learn more today!

News of Note: Promoting Independent Guidance, Expert Advice, and Frameworks for Cloud Security and Assurance

Published 05/25/2023

News of Note: Promoting Independent Guidance, Expert Advice, and Frameworks for Cloud Security and Assurance
Written by Illena Armstrong, President, CSA.

It seems ages ago, but this year’s RSA Conference proved robust and fruitful for many of us. On top of that, it gave us a chance to catch up with longtime industry friends we hadn’t seen in person for quite some time and furnished us with that treasured custom of sizing up trends as we walked the show’s various expo halls.

Of course, for CSA, we embraced our time-honored tradition of kicking off RSAC with our now 14-year-old CSA Summit on the Monday of the event. This year, with the pandemic now being officially touted as over, we saw in-person attendance creeping back to more normal numbers at close to 1,000. Historically, we hit about that, but have seen upwards of 1,200 to 1,500.

What a day it was: Our knowledgeable speakers covered a sweeping range of critical topics. We took a hard look at how to maintain a resilience posture when managing operational clouds in the face of the unknown; how to meet compliance demands while delivering trust and assurance that also meets customer, partner, and internal expectations; how to leverage the benefits of state-of-the-art technologies and strategies (Zero Trust, Confidential Computing, AI, and more); and how to build resilient and agile cybersecurity teams that form the backbone of these efforts.

Industry leaders such as New York State’s Chief Cyber Officer Colin Ahern, Graham Holdings’ VP of Information Security and Privacy Stacey Halota, Dow Chemical’s CISO Fareed Mohammed, UNICC’s Chief of Cyber Security Tima Soni, New American Funding’s SVP of Technology and CISO Jeff Farinich were on hand to discuss some of the challenges and solutions working for them. From the service provider realm, just some of the experts on tap sharing their knowledge and advice included the likes of ZScaler’s CEO Jay Chaudhry, Microsoft’s Director of Messaging and Web Security Research Holly Stewart, Qualys’ Senior Director of Solution Architecture and Global Center of Excellence Corey Smith, AT&T Cybersecurity’s Chief Experience Officer Scott Scheppers, and a host of others.

Some of the key highlights from the CSA Summit include:

  • The need for deftness, knowledge, independent policy guidance, and security knowhow regarding the use (or, for some, no use at all, according to recent news stories hitting after RSAC) of generative AI. To help here, CSA released Security Implications of ChatGPT to provide organizations assistance in managing risks while also, maybe surprisingly for some pros, furnishing them with use cases for improving cybersecurity in their organizations.
  • The need for more enterprise and cloud service provider coordination. The areas where this requirement is especially felt run the gamut, but one discussed more specifically during our event focused on the cloud change management gap. As a result, we announced with Oliver Newbury, Global CISO, and Ronald Ritchey, Execution Services and Distinguished Engineer for Security, of Barclays – a CSA Corporate member – a new research project within our CxO Trust initiative to gather other like-minded security leaders to forge guidance and insights to address this pain point. To help kick the Cloud Change Management project off, CSA’s very own Senior Research Analyst, Sean Heide, has been experimenting with ChatGPT to create a methodology using JSON to automate this effort. I encourage anyone interested in joining this project to reach out.
  • Zero Trust for resiliency, prepping cloud security for Y2Q (the Quantum Era), and more were challenges noted in building resiliency, security, trust, assurance, and compliance in ever-expanding cloud environments.

Looking now to the future and preparing for our upcoming annual SECtember Conference and Expo, we have confirmed some amazingly talented and seasoned leaders from large enterprises, learning institutions, federal agencies, top service providers, and more that we’ll be announcing in early June. Already discussions are underway to suss out the most critical topics for which conference sessions will provide guidance, frameworks, and advice.

We’ve already launched regular members-only Town Halls led by CEO/Founder Jim Reavis, others on our executive team, and me, and will soon be announcing as part of our CxO Trust Initiative a CxO Trust series of these for our members, as well as regular CxO Trust webcasts for the wider community. During these discussions, we’ll touch on issues that continue to arise which require clear perspectives from CxOs and other business leaders. Many of these likely will act as preambles to more robust explorations we’ll have face-to-face at SECtember.

As well, our already well-established lineup of virtual and in-person events – including our upcoming Trust Summit (for which you should sign up now), our CloudBytes webcasts, and SECtember – will help us continue to make some progress in building resiliency, trust, assurance, and security in the cloud.

Share this content on your favorite social network today!