Day 2 - 26 April 2019
Developing cloud security solutions: Chair’s welcome and opening comments
Cyber security Posture – how good is your overall cyber security strength ?
- Benefits of taking a holistic approach to cyber security, and how it improves the strength of your organisations cyber security
- Examining policies, procedures and control mechanisms of different hardware, software, & cloud solutions – what else needs considering?
- How to measure the other aspects of your overall security offering – including practices, processes, and the human behaviour.
Keynote: Developing an effective cloud cyber security solution
Panel: Am I using the cloud securely?
- Examining the current state of cloud security vs traditional IT systems
- How do organisation develop cloud strategies that are secure, and account for data storage?
- What innovations are there, and what more do we need to see to counter emerging threats in the next five years?
Panel: It’s not you, it’s me: How the shared responsibility model for cloud security still slips through
Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
This panel will address:
- Examples of where shares responsibility model has been effective, and examples where it has failed.
- Where does the vendors responsibility end and the customers start?
- The role of standards and compliance to aiding share responsibility models.
Case Study: Cloud access security brokers (CASBs) – the gatekeeper between on-prem and cloud infrastructure
- What CASBs do and how they differ from more traditional cloud security solutions
- How CASBs help with shadow IT policies and rising employee use of cloud apps
- Combining visibility, compliance, data security and threat protection
Zero Trust Security – the next phase of cloud identity
The next wave of cloud identity is through Zero Trust Security (ZTS). With more apps being used ‘as a service’ in the cloud, and more employees working remotely, traditional identity and access management (IAM) doesn’t cut it today. What’s more, ZTS assumes there will be bad actors both inside and outside your company’s network.
This session will explore what Zero Trust Security is, how it relates to organisations today in an IoT-heavy landscape, and how technologies such as machine learning can make an even greater impact.
How machine learning is improving cloud security
- Detecting threats before they happen
- Securing organisations’ entire portfolio of cloud apps
- How cloud providers, third-party vendors and users can all work together
- The impact of machine learning on compliance
Panel: How artificial intelligence and blockchain are the battlegrounds for the next cloud wars
Artificial intelligence, machine learning, and blockchain, are emerging tech cited as key in an increasingly cloud-complex environment, but what challenges do these technologies pose for cloud security? Many key players are using security awareness and infrastructure is a key feature to differentiate themselves, so how will this dictate how the market evolves?
So as the hyperscalers are moving further up the stack to find the latest battleground – so who is going to come out on top?
Case Study: Serverless apps – vulnerabilities and security best practices
- Serverless architectures will certainly impact the future of computing through its scalability and compatibility – but can it also impact traditional security methods?
- The rise of serverless architectures and applications and its relationship with cloud
- Exploring responsibility – the data centre and network vs. the application layer
- Looking at common faults – injection flaws, authentication, insecure configuration and more
- Key steps that can be taken to secure serverless apps
Best practices for Cloud Security Developers
- How and when to integrate Identity Access Management (IAM) systems throughout development
- Considering architectures and tools
- What other aspects do you need to consider best practices for? Performance? Compliance? Testing?