Conference Description
Key Takeaways
- Virtual summit addressing cloud infrastructure security, identity-based threats, and data protection strategies for enterprise environments
- Focus on emerging risks from AI and large language model integration within cloud architectures
- Technical sessions covering Data Security Posture Management, DevSecOps practices, and least privilege policy implementation
- Designed for CISOs, cloud architects, DevSecOps teams, and security managers responsible for multi-cloud and SaaS environments
- Participation from major cloud security vendors including Wiz, Fortinet, Palo Alto Networks, Okta, and Microsoft
Introduction
The Cloud Security Summit 2026, organised by SecurityWeek, brings together cybersecurity practitioners and cloud specialists to examine the security challenges facing organisations operating in public cloud, hybrid, and multi-cloud environments. As enterprises continue migrating workloads to cloud platforms while simultaneously adopting AI-powered tools and expanding their SaaS portfolios, the attack surface available to threat actors has grown considerably. This virtual event addresses these developments through technical presentations, case studies, and expert-led discussions aimed at providing actionable guidance for security teams.
The timing reflects broader industry concerns. Identity-based attacks have become the dominant initial access vector for cloud breaches, while the rapid integration of large language models into enterprise applications has introduced novel security considerations that many organisations are still learning to address. The summit positions itself as a practical resource for teams navigating these interconnected challenges.
About This Event
The Cloud Security Summit 2026 operates as a fully virtual conference, combining webinar-style presentations with fireside chats, technical demonstrations, and networking sessions. The format accommodates both technical practitioners seeking implementation guidance and executive-level attendees focused on strategic security decisions. Sessions draw on real-world attack analyses and case studies rather than purely theoretical frameworks, with content curated to address current operational realities.
The event features participation from established cloud security vendors and platform providers. Sponsors include Wiz, Fortinet, Ping Identity, Rubrik, HPE Zerto Software, Okta, Microsoft Azure Security, SentinelOne, NetWitness, Sonrai Security, Palo Alto Networks through its Prisma Cloud platform, and Google Cloud. This vendor representation spans identity management, cloud-native application protection, data backup and recovery, and security operations—reflecting the breadth of tooling required to secure modern cloud deployments.
Identity as the Primary Attack Vector
A central theme throughout the summit is the elevation of identity and access management from a supporting security function to the primary defensive perimeter in cloud environments. Traditional network-based security models lose much of their relevance when workloads run across multiple cloud providers and users access resources from anywhere. In this context, compromised credentials, misconfigured service accounts, and excessive permissions become the most reliable paths for attackers to gain initial access and move laterally.
Sessions examine practical approaches to implementing least privilege policies at scale, including the use of AWS Service Control Policies and equivalent mechanisms on other platforms. The challenge for many organisations lies not in understanding the principle of least privilege but in operationalising it across thousands of identities, roles, and permissions without disrupting legitimate business processes. The summit addresses this gap between security theory and operational implementation.
Data Security Posture Management and Cloud Data Protection
Data Security Posture Management has emerged as a distinct discipline within cloud security, driven by the difficulty of maintaining visibility into where sensitive data resides across distributed cloud environments. As organisations adopt multiple SaaS applications and cloud storage services, data proliferates in ways that traditional data loss prevention tools struggle to track. DSPM platforms address this by continuously discovering, classifying, and monitoring data across cloud infrastructure.
The summit explores how DSPM capabilities integrate with broader cloud security programmes, including their relationship to Cloud-Native Application Protection Platforms. Rather than treating data security as a separate concern, effective approaches embed data visibility into the same workflows used for infrastructure security and compliance monitoring. Sessions also cover backup and disaster recovery strategies for hybrid and multi-cloud deployments, recognising that data protection encompasses both security controls and resilience planning.
AI and Large Language Model Security Considerations
The integration of AI and large language models into enterprise applications has introduced security considerations that extend beyond traditional application security frameworks. Organisations deploying LLM-powered features must contend with prompt injection attacks, training data poisoning, model theft, and the potential for AI systems to inadvertently expose sensitive information. Simultaneously, threat actors are leveraging AI capabilities to enhance their own operations, from generating more convincing phishing content to automating vulnerability discovery.
The summit examines both defensive applications of AI in security operations—such as AI-driven threat hunting and anomaly detection—and the risks that AI adoption introduces. This dual perspective acknowledges that AI represents both an opportunity to improve security outcomes and a new category of assets requiring protection. For security teams, understanding how to evaluate AI-related risks has become as important as traditional application security assessments.
SaaS Security and Vendor Risk Management
The average enterprise now relies on hundreds of SaaS applications, each representing a potential entry point for attackers and a repository of sensitive data outside direct organisational control. SaaS security presents distinct challenges compared to infrastructure-as-a-service environments, as organisations have limited visibility into the underlying platform security and must rely heavily on vendor security practices.
Summit sessions address SaaS security from multiple angles, including vendor patch management, configuration monitoring, and the integration of SaaS security posture management into broader security operations. The discussion extends to practical questions about how security teams can maintain oversight of rapidly expanding SaaS portfolios without creating bottlenecks that slow business adoption of useful tools.
DevSecOps and Security Integration in Software Delivery
Embedding security into the software delivery pipeline remains a persistent challenge for organisations balancing development velocity with security requirements. DevSecOps practices aim to shift security activities earlier in the development lifecycle, but implementation often encounters friction between security teams and development organisations with different priorities and tooling preferences.
The summit provides guidance on practical DevSecOps implementation, including approaches to integrating security scanning into CI/CD pipelines, managing infrastructure-as-code security, and establishing security guardrails that prevent misconfigurations before deployment. These sessions recognise that effective DevSecOps requires cultural and organisational changes alongside technical tooling.
Threat Landscape: Ransomware and Advanced Persistent Threats
Cloud environments are not immune to the ransomware and advanced persistent threat campaigns that have affected organisations across sectors. Attackers have adapted their techniques to target cloud infrastructure, exploiting misconfigurations, compromised credentials, and gaps in monitoring to establish persistence and exfiltrate data before deploying ransomware. The summit includes analysis of real-world cloud-focused attacks, examining the techniques used and the defensive measures that could have prevented or detected them earlier.
Threat detection in cloud environments requires different approaches than traditional on-premises monitoring. The volume and variety of cloud telemetry, combined with the dynamic nature of cloud workloads, demands security operations capabilities designed specifically for cloud contexts. Sessions explore how organisations are consolidating security operations and reducing data silos to improve detection and response times.
Who Should Attend
The Cloud Security Summit 2026 is designed for professionals with direct responsibility for securing cloud environments and the data they contain. This includes CISOs and security directors setting cloud security strategy, cloud architects designing secure infrastructure, DevSecOps engineers implementing security controls in deployment pipelines, and IT security managers overseeing day-to-day security operations. Product managers and technical leads at SaaS providers will find relevant content on securing their own platforms and meeting customer security expectations.
The event is particularly relevant for organisations in the midst of cloud transformation initiatives, those expanding their use of AI and LLM technologies, and teams working to consolidate security tooling across multi-cloud environments. Attendees should expect content that balances strategic perspective with technical depth, suitable for both those making architectural decisions and those implementing specific controls.

