top of page
research.jpg

RESEARCH WORK

RESEARCH

BANGALORE CHAPTER

TECHNOLOGY & CLOUD SECURITY MATURITY GLOBAL REPORT

Release Date: 02/03/2022

The goal of this survey is to better understand the maturity levels of organizations for the cloud and technology both currently and in the near future. 

Key areas of interest include:

  • Current cloud use and strategy

  • Top drivers for using multi-cloud environments

  • Current and future cloud security strategies and solutions 

  • Predicted changes in the use of cloud and related technologies

Technology and Cloud Maturity Service

EDITORS

SATYAVATHI DIVADARI

CSA Bangalore

HILARY BARON

Cloud Security Alliance

CAROLE MURPHY

CyberRes by OpenText

CONTRIBUTORS

Akash Gupta

Akshata Mongha

Alex Kaluza

Brent Jenkins

Carole Murphy

Harley Adams

Hillary Baron

Joe Leung

John Yeoh

Josh Buker

Krishna Pandey

Madhukeshwar Bhat

Manjesh Pai

Neil Pandya

Pooja Agrawalla

Preeti Bheesikar

Ramses Gallego

Sailaja Vadlamudi

Satyavahti Divadari

Savitha Godwa

Sean Heide

Shamun Mahmud

Shirish Verma

Spiros Liolis

Stan Wisseman

Sujatha Yakasari

Vandana Verma

GLOBAL RESEARCH KEY FINDINGS

Increased Adoption of Multi-Cloud Despite Challenges
Top Challenges are:

Availability of security skills across multiple CSP (26%)
Architechture differences (22%)
Comprehensive governance (20%)
Use of SDP, ASM and CSPM might increase in next 2 years
Grow trends observed are:

Software-Defined Perimeter (SDP) - (47%)
Attack Surface Management (ASM) - (45%)
Cloud Security Posture Management (CSPM) - (45%)
Download Research Paper
Research Article
Zero Trust, AI/ML & Serverless might increase in next 2 years
Grow trends observed are:

Zero Trust (60%)
AI or ML (43%)
Serverless Computing (42%)

CSA CCM v3.0.1 ADDENDUM TO THE RESERVE BANK OF INDIA (RBI)'S GOPALAKRISHNA COMMITTEE (GKC) REPORT

Release Date: 11/27/2019

This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report, on Information Security, Electronic Banking, Technology Risk management & Cyber Frauds.

The document aims to help organizations adhering to the aforementioned RBI's document to also meet CCM requirements. This is achieved by identifying compliance gaps in the RBI's document in relation to the CCM.

EDITORS

SATYAVATHI DIVADARI

CSA Bangalore

EKTA MISHRA

Cloud Security Alliance

CONTRIBUTORS

Ajay Rentala

Ekta Mishra

Haojie Zhuang

Krishna Kishore

Manjesh Pai

Manju Lawani

Priyanka S

Satyavathi Divadari

Sivaram I

Sohit Raina

Victor Chin

Yogesh G

CSA CCM v3.0.1 MAPPING

RBI Gopalakrishna Committee Report
The RBI constituted the Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which produced its report in January 2011.

The Working Group was headed by Mr. G. Gopala Krishna and is popularly known as the Gopalakrishna Committee Report.
The Mapping Exercise by the Chapter
CSA Bangalore Research working group has taken a Cloud Control Matrix(CCM) and Gopalakrishna Committee report, blended it together and prepared a mapping document.

This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report, on Information Security, Electronic Banking, Technology Risk management & Cyber Frauds.
Download the Research Paper
Research Article
CCM Matrix
The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing.

It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology.

The controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance.

WEBINARS BASED ON THE GLOBAL RESEARCH

Evolution of Cloud Security & Privacy Technologies - CxO Perspectives

Evolution of Technology and Cloud Security - Webinar
Panelists
JIM REAVIS
CEO, Cloud Security Alliance
BOB GUAY
Director CISO, Emerging Security Technology, Johnson & Johnson Inc.
VERONICA ROSE
Director, ISACA Board, Senior IS Auditor, KPMG
SATYAVATHI DIVADARI
Chairman, CSA Bangalore
STAN WISSEMAN
Research Collaborator, Chief Security Strategist - NA, CyberRes
FEB 25, 2022
Description

This webinar covers diverse opinions of CISOs, CPOs, Security Strategists, and Solution Integrators around the technology evolution in the areas of cloud security and privacy.

During pandemics, organizations are accelerating the transformation to cloud and how they are managing security and privacy concerns while doing hyper-scale migrations.

The cloud adoption states include completely cloud, hybrid, or multi-cloud deployments. We will discuss the status of Privacy by design strategies by a different organization and their plans.

Several concepts such as Zero Trust, Machine Intelligence, and Cloud automation such as have taken a non-linear acceleration. This webinar is a preview of the recent release of the Cloud Security Alliance (CSA) research paper, titled "Technology and Cloud Security Maturity," sponsored by Micro Focus CyberRes.

Privacy Enablement & Artificial Intelligence in the Multi-Cloud Era

Privacy Enablement and AI in the Multi-cloud - Webianr
Panelists
MADHU BAHT
Director of Chapter Development, CSA Bangalore
ALLAM VINODH KUMAR
Practice Partner, WIPRO
RAMSES GALLEGO
International Chief Technology Officer, CyberRes
MAY 10, 2022
Description

Do you want to know how to take competitive advantage of multi-cloud while managing privacy and security effectively and efficiently? Find out from our panel of experts as they discuss the challenges of multi-cloud adoption, deliberate on solutions that enable privacy and empower zero trust, and describe how to reduce risk exposure with threat intelligence and automation. 

With their experience and expertise, they will discuss the best strategies to enable the acceleration of multi-cloud with security solutions:   

  • How privacy enablement increases cost efficiencies and reduces risk with data minimization, monetization, and protection. How zero trust enablement helps in securing access to data and assets across multi-cloud. 

  • How threat intelligence helps in staying abreast of the latest and greatest threat actors attacking assets on hybrid-cloud. 

  • How Artificial Intelligence aids in reducing risk exposure, specifically on cloud. • How to automate security and privacy-enabling technologies and reduce risk.

Critical AppSec Capabilities that Accelerate Cloud Transformation

Application Security for Cloud - Webinar
Panelists
SUVABRATA SINHA
NXP Technologies
MARTIN KNOBLOCH
CyberRes Board of Dir, OWASP
SUJATHA YAKASIRI
CSA BLR
JUNE 9, 2022
Description

Application security continues to evolve from shifting left to shifting everywhere as we move further into a cloud-driven era. Learn from our panel of experts as they discuss the challenges of cloud-driven application security in 2022 and the critical capabilities to address them. With their experience and expertise, they will discuss the best strategies to allow software security risks to balance with business imperatives that accelerate the speed of digital innovation covering various topics such as: 

DevSecOps

Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality.

Cloud Native AppSec

The adoption of containers, microservices, APIs, serverless, infrastructure-as-code and other cloud-first technologies introduces new risks that must be addressed in the SDLC.

Software Supply Chain

Increasingly a target for threat actors, it’s critical to ensure the software your organization delivers  comprised of open source, commercial and custom code  is properly secured during development.

Multi-Layer Intelligence for Cyber Resilience

Multi-layer Intelligence for Cyber resilience - Webinare
Panelists
UMANG HANDA
Partner, PWC
EMRA ALPA, Sr.
Product Manager, CyberRes
SATYAVATHI DIVADARI
President, CSA Bangalore
SEPT 28, 2022
Description

Explosive growth of digitization and cloud adoption increased the threat landscape across different sources that include cloud, IoT, edge computing and many more.

Advanced threats evolved overtime that includes ransomware, attacks on cloud platforms, and IoT/ OT devices.

Extended threat landscape requires capabilities that includes centralized threat insights, early detection, proactive threat hunting, layered analytics, and automated response to address the concerns of internal threats and external threats such as local, regional, industry and global across sector 
 

Enabling Zero Trust for Cloud

Zero Trust for Hybrid Cloud - Webinar
Panelists
FERNANDO MITRE CAETANO MOISÉS
Cybersecurity & Privacy Partner, PwC Brazil
KEVIN HANSEN
Chief Technology Officer,  Public Sector at Micro Focus Government Solutions
SATYAVATHI DIVADARI
President, CSA Bangalore
OCT 15, 2022
Description

Organizations are discarding the model of “Trust but Verify” and moving toward a zero trust model. That is, “Never Trust, Always Verify, Enforce Least Privileges.” 

Effective implementation of zero trust requires a risk assessment of the access to data or the environment. And then, based on the risk level, facilitating authentication, authorization, privilege, and lifecycle management to meet compliance standards across modern, hybrid enterprises. 

Zero trust also requires protection of data in use, in transit, and at rest while enabling adaptive access to trusted entities.
 

Foundations of Cloud Computing - Summer Work Shop

Foundations of Cloud Computing - Webinar
Panelists
SUJATHA YAKASIRI
Director, Chapter Development, CSA Bangalore
AKASH GUPTA
Director, Academia, CSA Bangalore
MAY, 2021
Description

Learn about why Cloud Computing is essential in today’s world

  • Traditional mode of computing

  • Evolution of Cloud and rapid growth adoption

  • Industry examples and case studies (ex: Swiggy, Paytm, Amazon)

  • Definition of Cloud Computing and Essential characteristics

  • Cloud service models and their features ( Pizza as a service)

  • Deployment models (Private, Hybrid and Community) with industry examples

Practical exercises of identity and Access Management and Examples in the enterprises
Career Planning workshop
 

Foundations of Cloud Computing - New Year Work Shop

Foundations of Cloud Computing - Webinar
Panelists
VANDANA VERMA
Board of Director, OWASP Global
AKASH GUPTA
Director, Academia, CSA Bangalore
MAY, 2021
Description

Learn about why Cloud Computing is essential in today’s world

  • Traditional mode of computing

  • Evolution of Cloud and rapid growth adoption

  • Industry examples and case studies (ex: Swiggy, Paytm, Amazon)

  • Definition of Cloud Computing and Essential characteristics

  • Cloud service models and their features ( Pizza as a service)

  • Deployment models (Private, Hybrid and Community) with industry examples

Practical exercises of identity and Access Management and Examples in the enterprises
Career Planning workshop
 

bottom of page