Day 2 - 29 November 2018
Developing cloud security solutions: Chair’s welcome and opening comments
Fireside Chat: National Cybersecurity Strategy at the DHS
A one on one discussion with Director for Cybersecurity & Innovation covering:
- The recently released National Cybersecurity Strategy and DHS Cybersecurity Strategy, and what implementation means for industry.
- The Department’s risk-based posture towards cybersecurity threats
- Best practices and resources for businesses of any size
Plus an opportunity to ask your questions.
Global Director, Security Architecture
10:20AM - Day 2
Keynote: Developing an effective cloud cyber security solution
Panel: Am I using the cloud securely?
- Examining the current state of cloud security vs traditional IT systems
- How do organisation develop cloud strategies that are secure, and account for data storage?
- What innovations are there, and what more do we need to see to counter emerging threats in the next five years?
It’s not you, it’s me: How the shared responsibility model for cloud security still slips through
Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
This talk will address:
- Examples of where shares responsibility model has been effective, and examples where it has failed.
- Where does the vendors responsibility end and the customers start?
- The role of standards and compliance to aiding share responsibility models.
Case Study: How machine learning is improving cloud security
- Detecting threats before they happen
- Securing organisations’ entire portfolio of cloud apps
- How cloud providers, third-party vendors and users can all work together
- The impact of machine learning on compliance
Bill Yue Chen
Chief Security Architect
Multinational Financial Services Company
01:00PM - Day 2
How to build enterprise worthy cloud services
Keynote: Domino’s Delivery of a Faster Response was no Standard Order
This talk presents Domino’s cutting-edge Automated Application Security Risk Engagement process leveraging integration between Atlassian Confluence and JIRA as well as highlights our custom Risk Form Handler which automatically creates and assigns Security Requirements Tickets in JIRA. Lastly, we will present our Splunk ITSI Application Security KPI Dashboard illustrating our Domino’s E-Comm, Pulse and NGP Development Security Posture and related KPIs.
Panel: How artificial intelligence and blockchain are the battlegrounds for the next security wars
- Artificial intelligence, machine learning, and blockchain, are emerging tech cited as key in an increasingly complex security environment, but what challenges do these technologies pose?
- Many key players are using security awareness and infrastructure is a key feature to differentiate themselves within the cloud wars, so how will this dictate how the market evolves?
- As the hyperscalers are moving further up the stack to find the latest battleground – so who is going to come out on top?
- Real life examples of where AI, ML and Blockchain are being utilised for security
Case Study: Serverless apps – vulnerabilities and security best practices
- Serverless architectures will certainly impact the future of computing through its scalability and compatibility – but can it also impact traditional security methods?
- The rise of serverless architectures and applications and its relationship with cloud
- Exploring responsibility – the data centre and network vs. the application layer
- Looking at common faults – injection flaws, authentication, insecure configuration and more
- Key steps that can be taken to secure serverless apps
Best practices for Security Developers
- How and when to integrate Identity Access Management (IAM) systems throughout development
- Considering architectures and tools
- What other aspects do you need to consider best practices for? Performance? Compliance? Testing?