Hva gjør vi når vi har sikkerhetshendelser i skyen? Hvordan tar man et RAM image utav en SaaS (Software as a service) tjeneste? Man gjør det ikke! Håndtering av sikkerhetshendelser i skyen er en ny problemstilling som mange av oss blir tvunget til å ta stilling til når flere og flere tjenester blir provisjonert i skyen.
I foredraget vil jeg ta opp tema som:
- Hvilke utfordringer ser man i med å håndtere hendelser i skyen
- Hvordan kan noen av disse utfordringene løses
- Hva bør man tenke på før man velger en sky-leverandør.
- Hvordan håndtere utfordringene.
A lot of the time we security types - yes, you and me - don’t actually know what the rest of the departments within the business actually do on a day-to-day basis. We know they exist and what their purpose is but we don’t appreciate their pain points. We’ve all heard, way too many times, the quotation from Sun Tzu’s “The Art of War”: “If you know the enemy and know yourself you need not fear the results of a hundred battles.”
I would argue that a lot of us don’t know our own organisation as well as we should, let alone the enemy.
In this talk I’ll look at how you can step out of your bubble and help build more effective and positive relationships within your organisation.
This talk will be divided into two sections that are not particularly related to one another.
In the first part, we’ll share some statistics on software security trends as observed through our cloud-based application scanning service. By aggregating and anonymizing vulnerability results from tens of thousands of applications submitted by companies of all shapes and sizes, we have a unique view into the state of software security at a scale that is unmatched.
In the second part, we’ll talk about cloud-deployed apps themselves. Specifically, we’ll discuss some coding vulnerabilities that are historically not a big deal in normal apps but can be devastating when those apps are deployed in a cloud environment.
Cloud Computing Security Knowledge - Foundation
The CCSK - Foundation course is based on V3.0 of the CCSK exam and the CSA Security Guidance for Critical Areas of Cloud Computing V3.0.
The Cloud Computing Security Knowledge- Foundation class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK v3.0 certificate exam. Starting with a detailed description of cloud computing, the course covers all major domains in the Guidance v3.0 document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA).
This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).