Loading…
Looking for a specific timezone? We have it covered...
View analytic
Tuesday, October 24 • 22:30 - 23:15
Secure DevOps for Enterprise Cloud Apps: Insights and Lessons Learned

Sign up or log in to save this to your schedule and see who's attending!

As businesses switch to modern engineering approaches of agile, dev ops and adopt the cloud, long-established security practices are liable to become hindrances rather than enablers. Traditional security teams face the possibility of (a) either being bypassed altogether or (b) bear the blame for stifling the agility of dev ops teams and slowing down innovation (in a bid to make them conform with outdated security practices).

At Microsoft IT, we have been through an adventurous journey in migrating enterprise line of business applications to the cloud. In the process, we ‘left-shifted’ security and empowered teams to become self-sufficient.

We focused on automating and integrating security into dev ops with emphasis on 6 areas: (a) security of the cloud subscription, (b) secure application development, (c) security integrated into CICD, (d) operational security through continuous assurance, (e) ‘cloud + dev ops’ ready alerting and monitoring and (f) leveraging telemetry towards security risk governance

In the session, we will share our experiences implementing the above framework in the context of real line of business application scenarios. We will also demonstrate the cumulative risk reduction that was achieved coupled with improvements in efficiency. We will end with key insights and lessons learned from the experience.

Takeaways: To successfully embrace secure dev ops in the cloud you should: a) Identify inhibitors: Carefully examine end-to-end workflows that engineering teams currently follow to identify security-related roadblocks b) Simplify and automate: Make security simple and seamlessly integrate into dev ops workflows c) Make monitoring and response ‘dev ops and cloud’ ready: Develop capabilities to regularly monitor security state of cloud workloads d) Be data-driven: Leverage ‘security telemetry’ to make measured improvements to risk posture.

Speakers
avatar for Sudhindranath Byna

Sudhindranath Byna

Microsoft
Sudhindranath Byna has 10 years of experience at Microsoft. He is responsible for creating accelerators for enabling agile methodologies and empowering engineering teams in migrating business-critical apps to the cloud securely. His recent work has been around creating a Secure D... Read More →
avatar for Manish Prabhu

Manish Prabhu

Microsoft
Manish owns defining and delivering secure devops for the cloud transformation for Microsoft IT. Manish has been driving the effort to create engineering tools, automation and guidance that can enable secure dev ops in Azure and accelerate cloud transformation for an enterprise... Read More →


Tuesday October 24, 2017 22:30 - 23:15
Automated Security: India

Attendees (401)