ISSA-LA Security Summit XII

Have you found yourself lost in the cloud and terrified by the fact that you don’t have controls of the infrastructure? Has your cloud journey being of fear and driven by business?
Fear not, NSC42 and Cloud Security Alliance are here to come at aid. The talk distills the knowledge of several cloud transformation and the collective minds of many CSA contributors.
We will explore the success stories and pitfalls during cloud transformations and quick tips on how to move happily and safely into the cloud.

Synopsis:
The talk will take the the audience on a journey on the cloud evolution, the recent compromisation and the need to make security everyone's responsibility.
The talk will explore major challenges in cloud transformation from an organization and security perspective with the top 8 solutions to address them.
The solution will explore:
- the shared responsibility models
- Foundation architecture
- Cloud pattern available
- Design security and security by design
- Gamification and the use of EoP in everything security
- Shift left and bringing security at the beginning of the development
- Security testing and automation
- Continuous monitoring with example in various cloud providers (GCP forsetti, Azure Security Center….)
- DEV-SEC ops and the integration of Security and Business/Architecture

The talk will also explore how the governance model for cloud transformation works and the success stories.
We will also explore the top 5 key cloud patterns (Account isolation, Firewall and access control, Logging and cascade pattern, Identity and access management, Key/secret management)

Audience Take Away:
● When starting a cloud security journey or by being already into one what shall you do and consider.
● Key security element to consider from day 1 to delivery
● automation and why is so vital to automate security vulnerability
● Cloud patterns and terraformation
● CI-CD for deployment and cloud patterns