Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Contact Us
Terms and Conditions
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Connect
The Inner Circle
Communities
Directory
Learn
Certificates & Trainings
Cloudbytes Webinars
Blog
Videos
Cloud Security
Zero Trust
Technology Maps
Cloud Security Map
Zero Trust Map
Engage
Volunteer
Opportunities
Events
Financial Services Industry
Research Working Groups
Private Community
View Only
Community Home
Discussion
100
Library
71
Events
0
Members
197
Back to discussions
Expand all
|
Collapse all
Financial Services Meeting - 6/22/22
1.
Financial Services Meeting - 6/22/22
1
Like
Alex Kaluza
Posted Jun 27, 2022 12:14:00 PM
|
view attached
Reply
Reply Privately
Options Dropdown
Financial Services Meeting - 6/22/22
CSA Events and Updates
Infosecurity Europe
-
June 21
st
- 23
rd
CSA CxO Trust Summit at Barcelona
- June 29
th
- July 1
st
CloudCon 2022
- July 25
th
- 26
th
SECtember 2022
- September 26
th
- 30
th
Zero Trust Advancement Center Events
A Guided Approach to Support Your Zero Trust Strategy
- June 29th
The Journey to Zero Trust starts with Secure Identity
- July 20th
Top 5 Zero Trust Practices to Stop Modern Attacks
- August 24th
Financial Services Research in Development
Cloud Usage in the Financial Services Sector v2
Execution Stage
- Continue to review draft, finalize by
July 30th
, Peer Review throughout July, potential release in August/September 2022
Add applicable categories/domains which would provide useful information for modern Financial Institutions in the cloud.
Develop questions/answers of different styles and varieties to get a well-rounded perspective of the current state of the industry.
Add informative graphics, tables, and charts to provide context.
Domains for the next survey in progress:
Data privacy/sharing:
GDPR / Schrems 2
Vendor risk assessments:
SaaS provider -> subcontractor to CSP
Zero Trust / Multi-cloud:
Encryption/key:
Secrets (short lived etc) lifecycle management:
Compliance infra for SaaS/PaaS decentralized/centralized environments
Application / Ops:
end-to-end understanding/visibility, maturity, documentation (DevOps as a forcing function highlighting gaps in Application teams understanding and appreciation for Ops) / Incident Preparedness within Ops
Agile maturity: how are orgs benchmarking their maturity within agile adoption
BCP:
region migration (e.g. in response to geo-political events): tension between availability zones vs region (particularly in context of SaaS providers)
SOC:
logging/visibility/response, level of integration with internal/3rd party SOCs
SaaS integration with SOC - is it happening?
Lift and Shift:
nuances within risk assessment process (example of using cloud keystore vs. "secretless" service where secrets are managed through an intermediary CSP service.
Incident response:
(New Questions Added) Cloud Service Provider change notification and management:
Do your key cloud service providers provide timely and comprehensive notifications for upcoming changes to their services?
What form do those notifications take?
Email notification
Webpage
Service API
Integration with change management software
Podcast
Social Media/LinkedIn
____________
Is the pace of CSP initiated changes mananagable or problematic?
Manageable
Problematic
Has a CSP change ever resulted in an operational or security incident for your organization?
Yes, Operational
Yes, Security
No
Optional Comment: ________________
As the customer, do you feel like you have sufficient input to CSP prioritization of enhancements and changes, whether functional, SLA, or security-related?
Unhappy
Moderately happy
Very happy
CSA Peer Reviews and Surveys
None currently available
Recent Research Releases
Measuring Risk and Risk Governance
-
June 21
st
SaaS Governance Best Practices for Cloud Customers
- June 8
th
The Continuous Audit Metrics Catalog: Towards a Machine-Readable Representation
- June 7
th
Top Threats to Cloud Computing Pandemic Eleven
- June 6
th
CISO Perspectives and Progress in Deploying Zero Trust
- June 3
rd
Next Zoom Meeting:
July 27
th
8:00 AM PT
https://cloudsecurityalliance.zoom.us/j/94151107820
Agenda, guest speaker TBA
Cloud Usage in the Financial Services Sector v2 development
------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------
Attachment(s)
Financial Services 6_22_22.pptx
1.23 MB
1 version
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Privacy Notice
|
Terms & Conditions
Copyright 2022. All rights reserved.
Powered by Higher Logic