Overview
Explore the challenges and responsibilities of cloud security in this 31-minute APPSEC Cali 2018 conference talk. Delve into the misconceptions surrounding the shared responsibility model between cloud providers and enterprises. Understand why many organizations rush to adopt cloud technologies without fully considering security implications. Learn about the risks associated with increased data availability in the cloud and the importance of proper access control, configuration management, and auditing. Discover steps security professionals can take to ensure cloud security for their organizations during migration. Gain insights from Ben Johnson, a cybersecurity expert with experience at Obsidian Security, Carbon Black, and the NSA, as he discusses how to navigate the complex security landscape of a cloud-first world.
Syllabus
Intro
Reflection Time
Digital Transformation
What is the Cloud
IT vs Security
Race to the Cloud
Data Breach Bubbles
S3 Buckets
Deloitte
Breach Fatigue
Desensitization
Causation
Who Owns Security
Provider vs Enterprise
Lack of Understanding
Operator Responsibility
Skills Gap
Whos Responsible
Security in the Cloud
SAS
Cloud Security
Get Better
Triple A
Technical Challenges
Keynote
Big Ending
Wrap Up
Business Unit Leaders
Taught by
OWASP Foundation