2024-12-07 –, Track 1
To secure cloud environments effectively, a modern operating model needs to be created to solve the real security challenges faced during cloud adoption. However, are security teams focusing on the right problems when it comes to cloud security or we are just doing Cloud Security Theater?
Cloud adoption is booming, with many organizations migrating to the cloud for cost efficiency, scalability and agility. This shift requires a critical review of traditional IT operating models and the cybersecurity controls that go along with it. However, many organizations are struggling to operationalize cloud effectively which often leads to unmitigated risks and an over reliance on technology when it comes to securing their cloud environments.
In this talk, I will share my learnings around the common missteps and pitfalls that organizations make securing their cloud environment. The first part of my talk will focus on background including:
* A high level overview of why people adopt cloud
* The mind set change that needs to occur when using cloud
* The change of ownership and responsibility in cloud environments
The second part of my talk will focus on highlighting the problems and missteps that we see organizations make. This includes:
* The problems with relying on compliance frameworks
* Tackling the nuances in multi-account environments
* Understanding attack vectors and paths
* Baseline controls including Guard Rails, Network Security & IAM
* Regulatory Compliance Gaps
* Automation Fallacies
* Products and services not fit for cloud
The third and final part of my talk will focus on sharing ideas for strategies and approaches that organizations should consider.
Jared is the Head of Security at Synthesis, where he specializes in enterprise cloud architecture. Jared is passionate and deeply committed to guiding large organizations through the complexities of architecting, securing and operationalizing enterprise cloud environments. Beyond Jared’s professional responsibilities, Jared is an enthusiastic advocate for community building, serving as the organizer of several local security events, including 0xcon, BSides Cape Town, and BSides Joburg. Jared’s research focuses on cybersecurity topics that intersect with national security and foreign policy issues such as encryption, privacy, surveillance, disinformation, and nation-state activity.