Navigating the Path to Cloud Security Maturity
Wednesday, January 16, 2019 – 10:00am to 3:00pm at Hilton Portland Downtown
Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.
The urgency is clear. Cloud is happening in your organization, whether you know it or not. Given the intractable skills gap and the move towards business-driven technology innovation (implemented by Shadow IT), the future is now. And you can either get on the cloud security bus or find yourself under it.
In this fun and enlightening 5-hour symposium, you will learn to build secure and resilient cloud-based applications and infrastructure that blow away what you can do in traditional environments. We will map out a three phased approach for maturing your cloud security operations and leave with very clear objectives and milestones to implement in your cloud. We also will discuss cutting-edge secure cloud design patterns, and understand how to leverage native cloud features, from networking and identity management through application security and serverless architectures.
Points for discussion include:
- The Securosis/IANS Cloud Security Maturity Model
- Being cloud native versus a cloud tourist
- Best practices to set up a secure cloud environment
- How serverless functions enable continuous cloud security
- Implementing Guardrails around your Cloud
- Securing the Continuous Deployment Pipeline
- Practical Automation (DevSecOps)
- Market tested design patterns for logging/monitoring
- Consistent multi-cloud visibility and control
Participants will leave with a clear understanding of how to mature their cloud security capabilities, implementing best practices and equipped with tactics and patterns to their secure cloud environments. They will also leave with new and renewed peer connections. Our hope is that this symposium’s value brings IANS to mind when participants face infosec opportunities and challenges in the future.
This symposium is designed with CISOs, security architects and SecOps leaders in mind, but security practitioners and risk managers of all types are welcome.
This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.