the changing landscape of information security
TRANSCRIPT
The Changing Landscape of Information Security
1
ApplicationsDevSecOps
Hybrid ITAutomation
Viren MantriAll views expressed here are entirely mine, do not represent those of my current and past employers.
2
Backdrop
• Criminals Profit
• Espionage Intelligence
• Warriors Disruption
• Terrorists Ideology
• The question is not whether but when?
Cyber attacks
Current era
4
Rigidity à Agility
5
DevSecOps – on a lighter note
No offence meant J
6
DevSecOps – on a serious noteo Baking security in design
o From BRD/FSD to weekly huddles and feature releases
o Externalizing authentication and authorization
o Using encryption and tokenization for data protection
o Building resilience to vulnerabilities and exploits
o Educating developers on security
7
DevOps ToolSet
• Developer scan
• Build scan
• Infrastructure
• Automation
• Vulnerability reporting
• Remediation workflow
• Risk assessment
• Security dashboard
SCM Build Deploy Cloud OS Security
Repo Package Release IaaS VM Scanning
CI Provision Test PaaS App/Web VA
Workflow Config Monitoring SaaS DB PenTest
8
Traceability is key
9
Hybrid IT • Growing acceptance
• Initial euphoria over (in)security mellowed
• Cloud providers challenging On-Prem
• Need to support legacy while striving to be agile
• Agility flexes rigidity, breaks down silos
10
Automation• The right level eliminates inefficiencies
• Delivers economies of scale
• Ensures repeatable processes
11
Matured teams• Recognize Information security is everyone’s business
• Develop a blueprint providing clarity and rationale
• Know why we are doing what we are doing