- This event has passed so registration is closed.
Overview
Shadow IT”, which refers to technology projects or data stores that operate outside the governance and oversight of your corporate IT, has now evolved into a more menacing threat known as “shadow data” in the era of multi-cloud architectures. This “shadow data” refers to company data that is copied, backed up, or stored in data stores that lack proper governance and security oversight, making it a significant vulnerability for organizations. As a result, well-known companies like Twitter and SEGA Europe have fallen victim to shadow data breaches, highlighting the critical need for understanding and mitigating this threat.
In this briefing, we will delve into the inadvertent creation of shadow data in various examples, including S3 buckets, RDS Postgres instances, and EBS volumes. We’ll explain how these issues can occur in any cloud environment, provide insights on how to avoid them, and offer strategies for remediating them if they have already occurred. Real-world statistics on the prevalence of shadow data issues will be presented, along with a risk analysis based on their prevalence and the ease of avoidance or remediation.
The briefing will conclude with general tips for discovering shadow data in your cloud environment and best practices for keeping shadow data in check. Additionally, we’ll provide insights into the current state of shadow data and predictions regarding its future impact, raising awareness of the importance of addressing this menacing threat.
Key learnings:
- Understanding the concept of shadow data and its implications in multi-cloud environments
- Real-world examples of inadvertent creation of shadow data in various cloud resources
- Risk analysis of shadow data issues based on prevalence and ease of avoidance or remediation
- Strategies for avoiding and remediating shadow data issues in cloud environments
- Best practices for discovering and mitigating shadow data in your organization
- Insights into the current state of shadow data and predictions for its future impact on cybersecurity
Moderator
Dr. Curtis Campbell – Vice President and Manager of IT Governance
Dr. Curtis Campbell serves as Director on the International Board of Information Systems Security Association (ISSA). She holds Bachelor and Master of Science degrees from the University of TN and a PhD in Organizational Leadership/ Information Systems.
Dr. Campbell, a 25-year cybersecurity professional, holds the designations of Chief Information Security Officer (C|CISO) and Certified Information Privacy Manager (CIPM). Her experience includes cybersecurity leadership, governance, risk, and compliance, third party risk and IT audits in regulatory environments.
Dr. Campbell works with executive leadership to mitigate risk and develop strategic improvements related to cybersecurity.
As ISSA Fellow, she is recognized for significant contributions to the cyber community, cyber profession, ISSA leadership and sustained ISSA membership. The elite status of ISSA Fellow designation belongs to only 2% of ISSA membership. As an ISSA Fellow, Curtis has 11+ years of association membership with over 20+ years of relevant professional experience speaking at local and national conferences and participating on cybersecurity panels.
As a current Director on the Board, she consistently moderates industry webinars, contributes to Board strategies for growth and continuous programs to benefit ISSA, and is a regular columnist for the ISSA Journal, with Women in Cybersecurity, championing women of all stages in their career.
Dr. Campbell is a thought leader and author on cybersecurity topics and the human connection between trust and unintentional insider threats in an ever-changing cybersecurity footprint. She has published over 30 research and peer-reviewed journal articles on cybersecurity including: “Solutions for Counteracting Human Deception in Social Engineering Attacks”; “Securing the Remote Employee: Protecting the Human Endpoint in the Cybersecurity Environment”; and “Securing the Vendor: Changing the Dynamic of the Infosec Relationship”, “Understanding and Incorporating Cybersecurity Ethics”, Existential Risk: Women Fighting for the Future”, and Inspiring and Preparing the Next Generation of Cybersecurity Professionals”.
Speaker/s
Dan Eldad – VP of Data and head of the data research department, Laminar
Dan Eldad, is the VP of Data and head of the data research department at Laminar. He’s the mastermind behind helping customers classify and discover their data in the most accurate way possible, all while keeping an eagle eye out for any potential data security issues or leaks.
Dan’s impressive credentials include over a decade of experience in the Elite Israeli Military Unit 8200, where he tackled data security research and cybersecurity operations with ease. Recently, he joined the Laminar team to launch the data research department and play a leading role in Laminar’s cutting-edge research team designed to help organizations protect their most sensitive data called Laminar Labs, working alongside founder and CTO Oran Avraham.
If that’s not enough to impress you, Dan also holds a B.Sc. in computer science and physics and has even published a paper in the NLP domain while studying for his degree. When he’s not busy ruling the data realm, Dan can be found hiking the scenic trails around Tel Aviv or strumming his guitar like a true rockstar
Recent On-Demand Web Conferences
ISSA Webinars and Conference series cover all the continuing education credits to maintain your cyber security certifications. (CPEs, CEUs, ECE, etc). Each hour is equal to one continuing education credit. Certificates of completion are available upon request after completion. For instructions, click here.