Dev week cloud world conf2021
0 likes83 views
The presentation emphasizes the importance of proactive cybersecurity measures within organizations, highlighting the roles of various executives in addressing security breaches and ensuring culture around security. It discusses the implementation of a security committee, awareness campaigns, and the need to collaborate with external partners to prevent future incidents. Ongoing evaluation and metrics for cybersecurity effectiveness, including adopting DevSecOps practices and integrating security into development processes, are also key points mentioned.
Dev week cloud world conf2021
- 1. As DevExec AreYou Doing Enough For Security? Archana Joshi Head –Transformation, LTI Note:The views expressed in the presentation are solely of the presenter and do not represent those of the company /clients she is associated with
- 2. 2 Let’s us meet the characters in our story CEO CIO Legal Director InfoSec Director Dev Director
- 3. 3 …. And ask them the same question What are you doing about cyber security? CEO CIO Legal Director InfoSec Director Dev Director One of the top agenda Proactive investments Being secure is our culture Strengthening Cloud Security & Application Security Compliance checks Investing in Digital Forensics Security lapse liability 3rd party coverage DevSecOps Risk based DAST, SAST
- 4. 4 Alert !!!! Security Breach !!!! Root Cause: Application using an open source utility was hacked
- 5. 5 Now ask them the same question How can we prevent such breach in future? CEO CIO Legal Director InfoSec Director Dev Director I am setting up a committee with external experts to help us with next steps My team needs to come together It’s not just us – we have partners too We need to work together I should provide stringent security norms We need to work together I don’t understand this focus for opensource We need to work together My app team faces the brunt.There are networks too We need to work together
- 6. 6 2 months after the incident…. ask them the same question How are you measuring effectiveness of cyber security CEO CIO Legal Director InfoSec Director Dev Director I get weekly report on any breaches We are also running an awareness campaign Mean time to receover from security Kubernetes cluster monitoring % Adoption of DevSecOps No. of builds to production with security clearances Risk assessment profile No. of third party assessments meeting the legal guidelines No. of security compliances defects No. of developers undergone secure coding practices session
- 7. 7 Is there a better way to handle this? Can we truly achieve “continuous security”
- 8. 8 Infrastructure Applications Data Compliance StaticTesting DynamicTesting Network Security Endpoint Security Cloud Security Data Encryption Access Credentials Loss Prevention Cloud Data Regula -tions Open Source / 3rd Party
- 9. 9 Security Pod & Roles CISO – CIO pair Extreme Automation Inbuilt Dev Practices Integrated OKR and metrics Follow the motto of Centralize – But Decentralize
- 10. 10 Security Pod & Roles Security Architect Security Ambassador / Product Mgr SRE with security focus CISO – CIO pair Common security governance Active Legal involvement Extreme Automation Open source tagging via pipeline Operations monitoring includes security parameters Inbuilt Dev Practices Security as a code Secure coding insights via AI interventions Integrated OKR and metrics Threshold setting for central involvement Security Debt as part of sprint goals Follow the motto of Centralize – But Decentralize
- 11. 11 Security is at the heart of success of development
- 12. THANK YOU https://www.linkedin.com/in/arcjoshi Note:The views expressed in the presentation are solely of the presenter and do not represent those of the company /clients she is associated with