During 2022, more than $1.3 Trillion in enterprise IT spending will shift to the cloud, and yet cloud spend will not outpace legacy services spend until 2025. Most companies will continue to run both traditional Data Center infrastructure as well as cloud-based services for many years, and yet no one can afford to double their operating budget in support of this transformation. As a result, many companies are now launching FinOps programs to help manage and govern fast growing cloud expenses, including the tremendous ‘bubble…
Over the past decade, “Zero Trust” has become the dominant conceptual framework guiding enterprise cybersecurity thought leaders and practitioners. In this session, members of the Cloud Native Security Working Group explore the essential principles of the Zero Trust mindset and discuss practical approaches for achieving success on the cyber defense barricades.
The Network Cloud Working Group will present various use cases that demonstrate the business value of Elastic Network functionality. Learn how to optimize your Cloud Ecosystem, improve your time to market for network deployments, reduce OPEX by adopting cloud-like consumption based network models and apply zero trust principles to your network architectures and strategies. Ultimately you will learn the importance and relevance of effective Cloud Network Edge architectures so your business can adapt to the rapidly changing landscape of service offerings.
“Shift Left” and automation have turned from ideals to meaningless buzzwords. Instead of riding the hype train, let’s get real and cover practical and real-world examples taken from actual product security successes. Not every business is the same, neither will their DevSecOps program. In this talk, I’ll cover the fundamentals of common to successful DevSecOps programs as well as a grab bag of useful techniques to consider. These are lessons learned doing AppSec at a wide variety of companies including Rackspace, Pearson, a fortune 500…
The challenge of software security in a DevOps-driven world is enormous. The most effective place to give developer feedback and why it’s manyfolds effective than where most people are giving it today. As per one of the research 96.8% code on the internet is OpenSource. When Open Source is a major part of the code and whole DevSecOps. It becomes imperative to know the aspects of the open source’s usage, if the open source libraries are not used properly or updated on time, open source…
Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top Ten for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/). This OSS project is a community-curated list of the most common Kubernetes risks backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get…
As the number of networked sensors soar, so too does the requirement for edge computing and network edge breakout to solve the latency and direct access for sensor response. This is the first infrastructure built for non-humans as Robots as a Service (RaaS) becomes a reality. Many infrastructure teams are reviewing build vs buy decision. The edge is a combination of 5G, data, sensors, cloud service providers, OT/IT security convergence, etc. In this session, we sort out the edge computing and network breakout stack so…
Multi-cloud is hard. Most corporations focused their application development efforts on the tools offered by a single cloud provider to start their enterprise cloud journey. As such their business operations become entwined with that cloud provider. Can a high level of intertwinement be replicated across multi cloud providers when each cloud provider offers different tools and constructs? In this session, we explore the reality of a multi-cloud strategy from those who are living with one.
Today, applications and data are everywhere, and the concept of work has been transformed from a place we go to something we do, anywhere at any time. Point products, VPN, and trusted network zones no longer provide adequate protection but instead introduce risk. The industry tried to fix secure access with Zero Trust Network Access (ZTNA), but first-generation solutions were disjointed and incomplete. Securing our new reality of hybrid work requires a fresh approach to ZTNA that doesn’t repeat the mistakes of the past
Every day enterprises move apps to the cloud for reasons including the ability to innovate more quickly, addressing urgent capacity needs, and overhauling infrastructure. Still, legacy network designs are holding them back. Learn how integrating zero trust principles into enterprise cloud architecture design can help reduce complexity and accelerate cloud adoption, particularly as enterprises grapple with multi-cloud environments.
