How to Successfully Implement a Cloud Security Platform

Over the last 3 years I've led the implementation of multi-cloud security platforms at 3 different UK organisations: OVO Energy, Q-Solution, and The National Archives.

You'll hear how native cloud security tooling is unfit for purpose, how one multi-cloud security system was even worse, and how to make a success of implementing a leading cloud security vendor's solution: the awareness of context resulted in a drop from many thousand critical vulnerabilities to a handful of prioritised critical security issues, representing genuine risks to the business.

Technical implementation plays a part in ensuring success: coding the platform configuration using Terraform, setting up SSO from the very start, and ensuring coverage of all clouds, cloud events, Kubernetes clusters and code repositories. Even more important is the cultural change to move cloud security from the specialist endeavour of an overworked central team, to democratisation where each developer team feels a sense of ownership of the security of their application or system.

To ensure ongoing security improvements, the use of simple metrics, dashboards and reporting by senior managers to the executive team helps immensely to cement long-term ownership and prioritisation.

You'll come away with an appreciation of why specialist cloud security platforms are no longer an option, the mistakes to avoid, and practical steps to ensure their implementation is a success.