Cloud & Dev Ops Summit, Lunch Keynote
Security Cloud != A Secure Cloud
The cloud was not built for security. As security technologist, historically chasing developers or IT teams around, we may view an upcoming cloud transition or adoption with fear, misunderstanding, or hardship. Perhaps our organization purchased some security product that will make our lives better, but we learn that it doesn't contextualize the mountain of findings in that single pane of glass after all, in fact it gives us more work with less understanding. Now we have a list of things we may not understand and certainly cannot just hand it to a team and say "fix this".
It does not need to be this way, and it shouldn't be this way. Security has been around a long time, and while its implementation may change, the core principles never do. When I look to the cloud, I see transparent security enforcement, better visibility, increased risk reduction, and a new culture. As security technologists you should feel empowered to support your teams in delivering a better, more secure product, efficiently and at increased velocity. We should be astounded with the speed that a fully patched, hardened workload replaced the vulnerable production instance and how very little human involvement was needed to make it happen.
