2023 Architecting a Cloud Security Guardrails Model Solutions Forum

Friday, 23 Jun 2023 10:30AM EDT (23 Jun 2023 14:30 UTC)
Speaker: Dave Shackleford

Security teams need to build consistent, reusable design patterns for cloud security controls that can be automated and maintained readily over time. Within cloud infrastructure, many controls can be provisioned and enabled ahead of time and operate autonomously in any deployment scenario. Commonly termed “guardrails,” these controls ensure that security capabilities are always enabled and operate within the context of deployments without any required interaction from security operations or cloud engineering teams.

While there are many cloud-native services and controls available from cloud service providers, the marketplace for cloud-centric security solutions has grown and matured significantly in the past several years, and both can play important roles in guardrail design.

During this forum, we’ll break down the most common guardrails to consider within a cloud security architecture design and discuss best practices to enable and automate these over time.

Register for this free virtual event to receive first access to the Architecting a Cloud Security Guardrails Model report, written by Dave Shackleford.

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!

Login to Register

Architecting_a_Cloud_Security_Guardrails_Model_-_Reg_Page.png

Thank You to Our Sponsor

Agenda | June 23, 2023 | 10:30AM - 11:45AM EDT

Timeline (EDT)	Session Details
10:30AM	Welcome & Opening Remarks
11:00AM	Balancing Speed and Security: Shift Left with Runtime Insights Cloud-native app complexity poses challenges for organizations, with security teams tasked with protecting across containerized workloads, cloud services, and identities. Cloud security programs take either a shift-left or shield-right approach. Shift-left focuses on secure design and pre-release testing, while shield-right emphasizes runtime security mechanisms to detect and respond to events. Both are essential for cybersecurity maturity. Shift-left activities serve as guardrails and can be "designed-in" through policy-as-code, balancing speed and security in DevOps. In this session, we will show you how to identify environmental drifts, prioritize weaknesses, and minimize friction for dev teams with runtime insights. Learn why preventative controls are essential, how runtime context improves vulnerability and posture management, and how to implement policy-as-code approaches for stronger security controls. Nigel Douglas, Sr. Technical Marketing Manager, Sysdig Pawan Shankar, Sr. Product Marketing Manager, Sysdig
11:30AM	Closing Remarks

Related Content

Security Awareness, Artificial Intelligence (AI), Digital Forensics, Incident Response & Threat Hunting, Cloud Security, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Industrial Control Systems Security, Open-Source Intelligence (OSINT)

December 10, 2024

Top SANS Summit Talks of 2024

This year, SANS hosted 13 Summits from OSINT, ICS, Ransomware, DFIR to HackFest. Here were the top-rated talks of the year.

Jon Zeolla: Instructor Spotlight

Get to know Jon Zeolla, instructor for SEC540: Cloud Security and DevSecOps Automation

Cyber Defense, Cybersecurity and IT Essentials, Cloud Security, Penetration Testing and Red Teaming

Month of PowerShell: Merging Two Files (Understanding ForEach)

A routine task (merging two files) leads us down the path of developing a better understanding of the ForEach command in PowerShell.