Cloud & Data Security Summit

According to recent statistics, 81% of organizations experienced a cloud-related security incident over the last 12 months, with almost half (45%) suffering at least four incidents during the same period. These incidents often culminate in data leakage, privacy violations, and unintentional exposure, posing a serious threat to businesses. There’s no shortage of cloud security testing options designed to mitigate these risks; however, many only scratch the surface without accurately assessing how controls stand up against real-world cyber-attacks. Adversaries are experts at finding and exploiting cloud defense blind spots. Beating them to their targets requires preparing against the same sophisticated and precise methods that they use. Join Jessica Stinson, Security Consultant III at Bishop Fox, as she provides a glimpse into your cloud environment through a hacker’s eyes – depicting how they can access restricted portions of your environment, locate sensitive data, and compromise your trophy targets. Importantly, she will also discuss offensive security strategies that go beyond misconfiguration reviews with realistic and targeted cloud attack simulations to identify likely attack pathways and help you prioritize remediation where it matters most.

One of the most important keys to security is having an effective disaster recovery (DR) plan. Preventive risk controls are incredibly important, but there is absolutely no world where you can keep catastrophes from ever happening to your organization. Which is why you absolutely, positively must have a DR plan. But if you’ve never created one, where do you start? During our presentation, we’ll walk you through the steps you and your team need to formulate an effective DR plan. Whether you’re a seasoned IT pro or a novice, we’ll share best practices that you can tailor to your needs. We’ll discuss:

• A step-by-step approach to building your plan
• The technology available and whether or not it addresses your unique business needs
• Things you can do to get buy-in from key stakeholders
• The best ways to build, implement, and test your disaster recovery plan

This session dives into the fundamental link between quality and security, and challenges the perception that security is an addition rather than a key building block. Galen will also explore the impact of migrating to the cloud, how to align security to larger business goals, and how to select the right tools and processes.

With business needs outpacing security, and an ever-changing macroeconomic environment driving the need to do more with less, it's never been more challenging to keep your organization moving in the right direction - efficient and secure. While there is no one clear path to success, one thing is clear - Identity is the control plane of the modern organization and is a central component to driving valuable business outcomes. Join this session to learn how Identity can support your organizations’ cybersecurity goals, improve operations, and drive topline impact; and leave with a clear structured framework to help you along your Identity maturity journey.

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

As cloud infrastructure grows, so do vulnerabilities and misconfigurations. While many organizations spend a lot of time fixing issues they can easily identify with tools, those tools have limitations and don't operate the way a real-world attacker does. Luckily, an offensive security approach can help surface high-value attack paths so you can proactively identify, understand, and mitigate the most impactful vulnerabilities lurking in your cloud environment. Join offensive security experts Seth Art and Nate Robb as they explore:

• How hackers gain access to cloud environments (even when they aren’t targeting them)
• Methodologies for exploiting vulnerabilities through cloud penetration testing with an assumed breach mindset
• Actual Bishop Fox findings and real-world examples that will help you sharpen your cloud security strategy
• Recommendations for reducing risk in your cloud environment

In June 2023, a U.S. government agency noticed suspicious activity in their Microsoft 365 (M365) cloud environment and reported the activity to Microsoft and the CISA. After an investigation, Microsoft determined that an APT group with roots in China had forged authentication tokens to steal Exchange Online Outlook data from government agencies. In this fireside chat with SecurityWeek editor-at-large Ryan Naraine, Volexity president Steven Adair discusses the intricacies of the M365 zero-day attack, the "head-scratching" dead-end when investigating a confirmed hack against an organization, the controversy over Microsoft licensing and the cost of logs, and the many blind spots that make it difficult to mitigation cloud attacks.

In this editorial fireside chat, SecurityWeek editor-at-large Ryan Naraine is joined by veteran cybersecurity leader Mick Baccio for an honest conversation about why security problems seem to be escalating with each passing day. Baccio is expected to discuss his time as the first ever CISO for a political campaign, his time as a threat intelligence practitioner in the White House, ongoing zero-day attacks in the cloud and why it's becoming near impossible to do reliable forensics after cloud data breaches.

Fortify your cloud defenses with a complete testing methodology that extends beyond configuration reviews to illuminate high-risk entry points, overprivileged access, and susceptible internal pathways that are commonly targeted by attackers.

See Lacework in action. Discover how you can automate security and compliance across AWS, Azure, Google Cloud, and private clouds with Lacework.

Large organizations continue to fall for credential-based phishing attacks, which often lead to costly breaches. Traditional multi-factor authentication (MFA) methods are increasingly under attack and are especially prone to phishing. Join us to learn about the journey Okta and its customers are taking to phishing resistant authentication.

Go beyond protecting your business. Make it resilient. 11:11 Disaster Recovery for Zerto offers customized runbook functionality, optimized RTOs, near-zero RPOs, and automated recovery. Built on 11:11’s award-winning cloud platform with direct integration into Zerto’s industry-leading replication software, our solution gives you complete control of your disaster recovery plan. So when you need it most, it’ll be ready.

See Lacework in action. Discover how you can automate security and compliance across AWS, Azure, Google Cloud, and private clouds with Lacework.

Fortify your cloud defenses with a complete testing methodology that extends beyond configuration reviews to illuminate high-risk entry points, overprivileged access, and susceptible internal pathways that are commonly targeted by attackers.

Large organizations continue to fall for credential-based phishing attacks, which often lead to costly breaches. Traditional multi-factor authentication (MFA) methods are increasingly under attack and are especially prone to phishing. Join us to learn about the journey Okta and its customers are taking to phishing resistant authentication.

Go beyond protecting your business. Make it resilient. 11:11 Disaster Recovery for Zerto offers customized runbook functionality, optimized RTOs, near-zero RPOs, and automated recovery. Built on 11:11’s award-winning cloud platform with direct integration into Zerto’s industry-leading replication software, our solution gives you complete control of your disaster recovery plan. So when you need it most, it’ll be ready.