Cloud estates can vary vastly in size, from small single accounts, to large estates spanning multiple cloud providers. Assessing and assuring these larger environments is often a very complex undertaking, with large numbers of resources to review and secure. CSPM and CWPP solutions can cover a lot, but there's still a fair amount that requires a human-led assessment to properly assure. While it's common to see organisations performing small-scale penetration testing of individual workloads, these are time-consuming and scale poorly for larger environments.

This talk presents the methodologies and approaches developed by the speakers for effectively and efficiently performing large-scale cloud assessments covering an organisation's entire estate. It'll compare and contrast these against common existing approaches and outline why new approaches were required. It'll also cover common areas to prioritise for human assessment, how best to leverage existing tooling to support large-scale human assessments, and how to optimise the time and effort spent to provide the best levels of assurance.

Attendees can expect to gain insight into how to approach human-led assessments of large scale cloud environments, either as the assessor or as an organisation procuring such services. This includes the benefits of such approaches, key focus areas within environments that could affect swathes of the estate and how to use knowledge and information from internal tooling and subject matter experts to better inform assessments.