The Changing Landscape of Information Security
-
Upload
devsecopssg -
Category
Technology
-
view
57 -
download
0
Transcript of The Changing Landscape of Information Security
![Page 1: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/1.jpg)
The Changing Landscape of Information Security
1
ApplicationsDevSecOps
Hybrid ITAutomation
Viren MantriAll views expressed here are entirely mine, do not represent those of my current and past employers.
![Page 2: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/2.jpg)
2
Backdrop
• Criminals Profit
• Espionage Intelligence
• Warriors Disruption
• Terrorists Ideology
• The question is not whether but when?
Cyber attacks
![Page 3: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/3.jpg)
Current era
![Page 4: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/4.jpg)
4
Rigidity à Agility
![Page 5: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/5.jpg)
5
DevSecOps – on a lighter note
No offence meant J
![Page 6: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/6.jpg)
6
DevSecOps – on a serious noteo Baking security in design
o From BRD/FSD to weekly huddles and feature releases
o Externalizing authentication and authorization
o Using encryption and tokenization for data protection
o Building resilience to vulnerabilities and exploits
o Educating developers on security
![Page 7: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/7.jpg)
7
DevOps ToolSet
• Developer scan
• Build scan
• Infrastructure
• Automation
• Vulnerability reporting
• Remediation workflow
• Risk assessment
• Security dashboard
SCM Build Deploy Cloud OS Security
Repo Package Release IaaS VM Scanning
CI Provision Test PaaS App/Web VA
Workflow Config Monitoring SaaS DB PenTest
![Page 8: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/8.jpg)
8
Traceability is key
![Page 9: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/9.jpg)
9
Hybrid IT • Growing acceptance
• Initial euphoria over (in)security mellowed
• Cloud providers challenging On-Prem
• Need to support legacy while striving to be agile
• Agility flexes rigidity, breaks down silos
![Page 10: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/10.jpg)
10
Automation• The right level eliminates inefficiencies
• Delivers economies of scale
• Ensures repeatable processes
![Page 11: The Changing Landscape of Information Security](https://reader035.fdocuments.in/reader035/viewer/2022081521/58859a361a28abd2498b5665/html5/thumbnails/11.jpg)
11
Matured teams• Recognize Information security is everyone’s business
• Develop a blueprint providing clarity and rationale
• Know why we are doing what we are doing