Enterprise DevOps is not an oxymoron
•Download as PPTX, PDF•
0 likes•149 views
Lee Eason shares how DevOps can enable Enterprise software companies to achieve their full potential. You can view the talk on Youtube here: https://www.youtube.com/watch?v=hfY2jo_Q7wY
Report
Share
Report
Share
Recommended
The 7 Rules of IT Disaster Recovery by Acronis
http://bit.ly/1PhdEau
The ability of an organization to continue operations in the event of a natural or human-induced disaster is a critical concern for organizations of all shapes and sizes. Implementing IT Disaster Recovery may look simple, but without proper planning, it can quickly become expensive, complicated and unreliable. Experts from Acronis and Disaster Recovery Journal will share 7 best practices that IT organizations should consider when architecting and implementing Disaster Recovery Solutions. It includes
1) How to survive unplanned events
2) How to assure IT continuity through normal planned events
3) How to establish on-site and off-site protection
4) How to automate recovery procedures
5) How to proactively test your disaster recovery solution
6) How to ensure security and meet compliance requirements
7) How to select disaster recovery vendors partners
The Windows Desktop Experience in the Cloud
The Windows Desktop Experience: Windows in the Cloud by DataCenterDirect Cloud Desktop. The Windows Cloud Desktop gives users fast, secure and reliable anywhere anytime access from any device with any OS including Microsoft, Mac, Linux, iOS, Android and Chrome.
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 2017 provides several new features that set it apart from other backup software. An independent lab tested its performance, usability, ransomware protection, and features. The lab found that only Acronis True Image 2017 was able to protect backups from every ransomware family tested. It also won the majority of performance tests and provided the fastest cloud backup speeds. Additionally, Acronis True Image 2017 includes Active Protection technology that shields backup files from ransomware infections to prevent data loss.
Office 365 smb guidelines for pure bookkeeping (slideshare)
This document discusses securing systems and data as a bookkeeper. It recommends choosing secure devices like Windows 10 PCs and encrypting data. It emphasizes the importance of patching devices and backups. It also recommends using a password manager and two-factor authentication. The document discusses Office 365 security features like Data Loss Prevention, Cloud App Security, and Advanced Threat Protection that can help bookkeepers protect sensitive client data. It stresses the importance of proper use and training for productivity suites like Office 365.
Security From The Ground Up
The document discusses security challenges companies face and how Google secures user data. It notes that companies have different operating systems and applications making security patching difficult. Google hires security experts, trains employees, and builds security into products from the start. Google stores data across multiple datacenters, shards data across servers, and tightly controls network access to securely store user data.
introduction to Azure Sentinel
Azure Sentinel is Microsoft's cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution. It provides intelligent security analytics and threat detection across on-premises, cloud, and hybrid environments. Azure Sentinel collects data from various sources using connectors and agents, then analyzes the data using machine learning to detect threats and automate responses. It integrates with other Microsoft security solutions and allows threat hunting and visualization of security incidents.
Are You Protected From Downtime and Data Loss?
In this session, i have presented a solution on how HPE and Veeam are better together. Do share on how to tier backup data to public cloud such as Azure
ISV -Microsoft and Veeam Better Together
Veeam is a leading Microsoft partner focused on data protection and availability solutions. As the #1 ISV Co-Sell partner of Microsoft, Veeam offers solutions that integrate with Microsoft Azure to provide backup and recovery capabilities. These include extending on-premises backups to Azure storage, backing up and restoring VMs and physical servers in Azure, and protecting Office 365 data by backing it up to Azure. Veeam offers free trials of these Azure-based solutions and promotions to help customers address challenges around data growth, compliance needs, and disaster recovery.
Recommended
The 7 Rules of IT Disaster Recovery by Acronis
http://bit.ly/1PhdEau
The ability of an organization to continue operations in the event of a natural or human-induced disaster is a critical concern for organizations of all shapes and sizes. Implementing IT Disaster Recovery may look simple, but without proper planning, it can quickly become expensive, complicated and unreliable. Experts from Acronis and Disaster Recovery Journal will share 7 best practices that IT organizations should consider when architecting and implementing Disaster Recovery Solutions. It includes
1) How to survive unplanned events
2) How to assure IT continuity through normal planned events
3) How to establish on-site and off-site protection
4) How to automate recovery procedures
5) How to proactively test your disaster recovery solution
6) How to ensure security and meet compliance requirements
7) How to select disaster recovery vendors partners
The Windows Desktop Experience in the Cloud
The Windows Desktop Experience: Windows in the Cloud by DataCenterDirect Cloud Desktop. The Windows Cloud Desktop gives users fast, secure and reliable anywhere anytime access from any device with any OS including Microsoft, Mac, Linux, iOS, Android and Chrome.
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 2017 provides several new features that set it apart from other backup software. An independent lab tested its performance, usability, ransomware protection, and features. The lab found that only Acronis True Image 2017 was able to protect backups from every ransomware family tested. It also won the majority of performance tests and provided the fastest cloud backup speeds. Additionally, Acronis True Image 2017 includes Active Protection technology that shields backup files from ransomware infections to prevent data loss.
Office 365 smb guidelines for pure bookkeeping (slideshare)
This document discusses securing systems and data as a bookkeeper. It recommends choosing secure devices like Windows 10 PCs and encrypting data. It emphasizes the importance of patching devices and backups. It also recommends using a password manager and two-factor authentication. The document discusses Office 365 security features like Data Loss Prevention, Cloud App Security, and Advanced Threat Protection that can help bookkeepers protect sensitive client data. It stresses the importance of proper use and training for productivity suites like Office 365.
Security From The Ground Up
The document discusses security challenges companies face and how Google secures user data. It notes that companies have different operating systems and applications making security patching difficult. Google hires security experts, trains employees, and builds security into products from the start. Google stores data across multiple datacenters, shards data across servers, and tightly controls network access to securely store user data.
introduction to Azure Sentinel
Azure Sentinel is Microsoft's cloud-native security information and event management (SIEM) and security orchestration, automation and response (SOAR) solution. It provides intelligent security analytics and threat detection across on-premises, cloud, and hybrid environments. Azure Sentinel collects data from various sources using connectors and agents, then analyzes the data using machine learning to detect threats and automate responses. It integrates with other Microsoft security solutions and allows threat hunting and visualization of security incidents.
Are You Protected From Downtime and Data Loss?
In this session, i have presented a solution on how HPE and Veeam are better together. Do share on how to tier backup data to public cloud such as Azure
ISV -Microsoft and Veeam Better Together
Veeam is a leading Microsoft partner focused on data protection and availability solutions. As the #1 ISV Co-Sell partner of Microsoft, Veeam offers solutions that integrate with Microsoft Azure to provide backup and recovery capabilities. These include extending on-premises backups to Azure storage, backing up and restoring VMs and physical servers in Azure, and protecting Office 365 data by backing it up to Azure. Veeam offers free trials of these Azure-based solutions and promotions to help customers address challenges around data growth, compliance needs, and disaster recovery.
Securitate In Google Apps
The document discusses cloud computing security and Google's approach to securing user data. It notes that user data is often unprotected when stored on individual computers and removable devices. It then outlines some of the challenges to security from multiple operating systems, applications with different patches, and the time it takes companies to deploy updates. The document details how Google secures data by hiring security experts, baking security into products from the start, using custom hardware, replicating and sharding data across datacenters, and tightly controlling network access. It states that only key Google admins can access data and all operations are logged for security and to earn user trust, which is important for Google's business.
Guide to Sharpening Security in the Public Cloud
Businesses are increasingly moving workloads and services to public clouds like Microsoft Azure to gain scalability, flexibility and cost savings. However, cloud environments also present new security challenges as organizations take on more responsibility. McAfee offers a range of security solutions for Azure designed to provide database protection, intrusion prevention for virtual environments, and advanced threat detection. As a Microsoft Gold Partner, Insight can help customers build comprehensive network security on Azure using McAfee technologies.
Cloud security: Accelerating cloud adoption
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Securing Governing and Protecting Your Office 365 Investments
Microsoft continues to invest in services and capabilities to help you protect, detect, and respond to a variety of emerging security and compliance needs for Office 365. Come to this session for an interactive scenario based whiteboard and demonstration of how you can implement comprehensive controls based on a variety of dimensions across the identity of the user; their location and device; and the application, service, and content they are accessing.
Stay Ahead of Risk
This document discusses the importance of quality control programs for construction projects. It states that quality control can prevent costly defects and disasters by identifying issues early through rigorous inspections and record keeping. The document advocates using cloud-based software for quality control tasks to improve accuracy, accessibility, and accountability of inspection records by allowing all team members to access up-to-date project data from any location. Mobile apps can streamline inspection documentation to ensure consistent processes are followed at all times. Overall, an effective quality control program through technology can help construction projects be completed safely, on time and on budget.
Improving Application Security With Azure
Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications.
With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size.
This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.
How to plan your Modern Workplace Project - SPS Denver October 2018
Join Ammar Hasayen as he speaks at the SharePoint Saturday Denver, Colorado - October 2018 about how big organizations should plan their modern workplace project. Learn how to get executive sponsorship, create clear vision, drive adoption, and adopt a success plan to maximize the impact of the modern workplace.
More at my blog post https://blog.ahasayen.com/speaking-at-sharepoint-saturday-denver-colorado
UAE Microsoft MVPs - How To become Microsoft MVP
Learn from UAE Microsoft MVPs tips on how to become a Microsoft Most Valuable Professional MVP as they share their personal MVP journeys and diversity of contributions.
How To Become Microsoft MVP in Arabic
https://youtu.be/pxhNIkBMWKU
How To Become Microsoft MVP Blog Post
https://blog.ahasayen.com/you-can-als...
A Typcal Microsoft MVP Journey
https://blog.ahasayen.com/how-to-beco...
How To Start Your Blog - Microsoft MVP Stories
https://blog.ahasayen.com/start-your-...
--------------------------------
Microsoft MVPs in this video:
--------------------------------
Ammar Hasayen @ammarhasayen
MVP Category: Microsoft Cloud and Data center
CISSP | CISM - Microsoft MVP | MCT
Public Speaker
Blogger https://blog.ahasayen.com
Pluralsight Author https://pluralsight.com/authors/ammar...
Book Author https://me.ahasayen.com/m365security
Youtuber http://YoutTube.com/AmmarHasayen
Ahmad Nabil
Website: https://itcalls.net/
From: Egypt
MVP Category: Microsoft Cloud and Data Center
James Toulman
From: United kingdom
MVP Category: Microsoft Azure
Igor Shastitko @iwalker2000
From: Slovakia
MVP Category: Microsoft Azure
Azure Infra Deployment, Management, Security and Automation. Worked at Microsoft for 10 years.
Usama Wahab
From: Pakistan
MVP Category: Microsoft Azure (Since 2011)
CTO @ Evolution | AI, ML, BI, Cloud Practitioner | Speaker | Blogger | Author | Trainer #FinTech
Website: https://Usmanwahabkhan.blogspot.com
Hatim Nagarwala @hatimnagarwala
From: India
MVP Category: Microsoft AI
Technology Lead @appsWave
Microsoft MVP in AI, Speaker, Mentor, Adventurer, Microsoft by beathing heart
Website: http://Hatim.im
Hasan Dimdik @HasanDimdik
From: Turkey
MVP Category: Microsoft Cloud and Data center
Senior Technology Engineer at Emirates NBD | CEH | MCT | MCSE | Speaker and Author
Satheshwaran Manoharan @sattzzz
From: India
MVP Category: Office Apps & Services
Microsoft MVP | Messaging and Virtualization Expert | Publisher of Azure365Pro.com
Website:http://Azure365pro.com
Making Cloud Security Part of Your DNA Webinar Slides
To watch the full Making Cloud Security Part of Your DNA webinar video, please go to: https://resources.netskope.com/h/i/65967799-making-cloud-security-part-of-your-dna
Summary:
As Chief Security Officer for leading cancer diagnostic company Genomic Health, Craig Guinasso makes cloud a strategic advantage while solving some of today’s most complex security challenges.
Join Craig, along with Sanjay Beri, CEO of Netskope, Missy Krasner, Managing Director of Healthcare at Box, and David Baker, CSO of Okta, for a webinar on the top five strategies that healthcare technology leaders should adopt to get the most out of the cloud while also protecting patient health data and keeping their organizations compliant.
In this powerpoint, you will get a glimpse into the webinar where we discussed how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
CD and the curse of legacy
Large legacy financial institutions face challenges to achieving continuous delivery (CD) due to legacy systems, mindsets, and contracts that resist change. Underfunding of change initiatives and prioritizing new features over testing causes "continuous" to fail. Teams work in silos with long lead times and no accountability for missed deadlines. Security processes are burdensome. However, slow, incremental change is occurring through evolutionary adoption of DevOps practices, new platforms, and funding of digital transformation efforts, creating pockets of success.
Acronis Active Protection: A Way To Combat Ransomware Attack
In the wake of the massive "WannaCry" ransomware attack that took the world by storm on Friday, May 12, businesses are scrambling to improve their IT security. Learn how Acronis Active Protection can help prevent another attack like this one from knocking your business offline.
CIO Cloud Security Checklist
What are some items every CIO should review when making the decision on whether or not to cloud? This infographic covers the most important aspects. More here: http://bit.ly/1vpGeKL
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...Softchoice Corporation
While security and legal fears have gone down, they still account for 5% of enterprises not planning a migration to Office 365, according to Gartner.
This is a real shame, because as you know, O365 can drive considerable business productivity, employee engagement and can enable digital workforce greatness.
Moreover, O365 has 70 million commercial active users per month and according to Gartner, controls over 80% of the email share.
Well, have no fear (literally). Our experts have put together an insightful hour to explore, discuss and appease any fears you may have around compliance, security and data control in the Microsoft cloud.
Hosted jointly by Microsoft and Softchoice Office 365 pros, you will learn about:
- Keeping privacy and control of your data on Office 365
- Overcoming legal and compliance concerns
- The advantages of cloud security versus on-premise, and much moreThe connection forweb p12
The Connection - Enable Productivity and Security In Your NonStop Environment - Bloombase StoreSafe Intelligent Storage Firewall with HPE ESKM
Midmarket CIO Forum 2013 Presentation
The document discusses a security layer for cloud data that provides automated and secure backups of cloud data. It notes that one out of three companies using SaaS applications lose data, with 60% of businesses that lose data shutting down within 6 months. The security layer aims to backup all cloud data in one place and decrease backup time from days to hours through integration with cloud applications via an API. The vision is for the solution to become a broader data management layer providing backup, archiving, e-discovery, and migration capabilities across cloud storage providers.
Secure Your WordPress Site - And Your Business
You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right? Think again! Security incidents are on the rise, and small businesses are easy targets. You may not have a lot of money to invest, but you can learn a framework to help you get a better grasp on security for your website and your business.
Security Loves DevOps: DevOpsDays Austin 2012
Discusses the intersection between security and DevOps and how Security people can leverage DevOps and vice versa.
ePlus Managed Security Services
IT challenges are growing on a daily basis. Optimize your security program with ePlus Managed Security Services.
Azure Information Protection at the Cybercrime and Security Forum 2018
This session is all about Azure Information Protection, including the new Office 365 sensitivity labels.
ISACA Ireland Keynote 2015
Going first is always difficult... there is so much you want to say. This is a keynote on DevSecOps delivered to a fantastic ISACA Chapter in Ireland
DevSecCon Keynote
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
DevSecCon KeyNote London 2015
This document discusses the evolution of security practices to enable secure innovation at speed and scale through a DevSecOps approach. It outlines how traditional security controls can be transformed into self-aware, self-reporting components that integrate seamlessly into the DevOps pipeline. Specific examples are provided for how perimeter testing, configuration management, encrypting sensitive data, access management, and multi-factor authentication can move from annual certifications to continuous monitoring and enforcement. The document advocates for collaboration, experimentation, and a focus on simplicity and automation to evolve security practices for DevOps.
More Related Content
What's hot
Securitate In Google Apps
The document discusses cloud computing security and Google's approach to securing user data. It notes that user data is often unprotected when stored on individual computers and removable devices. It then outlines some of the challenges to security from multiple operating systems, applications with different patches, and the time it takes companies to deploy updates. The document details how Google secures data by hiring security experts, baking security into products from the start, using custom hardware, replicating and sharding data across datacenters, and tightly controlling network access. It states that only key Google admins can access data and all operations are logged for security and to earn user trust, which is important for Google's business.
Guide to Sharpening Security in the Public Cloud
Businesses are increasingly moving workloads and services to public clouds like Microsoft Azure to gain scalability, flexibility and cost savings. However, cloud environments also present new security challenges as organizations take on more responsibility. McAfee offers a range of security solutions for Azure designed to provide database protection, intrusion prevention for virtual environments, and advanced threat detection. As a Microsoft Gold Partner, Insight can help customers build comprehensive network security on Azure using McAfee technologies.
Cloud security: Accelerating cloud adoption
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Securing Governing and Protecting Your Office 365 Investments
Microsoft continues to invest in services and capabilities to help you protect, detect, and respond to a variety of emerging security and compliance needs for Office 365. Come to this session for an interactive scenario based whiteboard and demonstration of how you can implement comprehensive controls based on a variety of dimensions across the identity of the user; their location and device; and the application, service, and content they are accessing.
Stay Ahead of Risk
This document discusses the importance of quality control programs for construction projects. It states that quality control can prevent costly defects and disasters by identifying issues early through rigorous inspections and record keeping. The document advocates using cloud-based software for quality control tasks to improve accuracy, accessibility, and accountability of inspection records by allowing all team members to access up-to-date project data from any location. Mobile apps can streamline inspection documentation to ensure consistent processes are followed at all times. Overall, an effective quality control program through technology can help construction projects be completed safely, on time and on budget.
Improving Application Security With Azure
Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications.
With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size.
This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.
How to plan your Modern Workplace Project - SPS Denver October 2018
Join Ammar Hasayen as he speaks at the SharePoint Saturday Denver, Colorado - October 2018 about how big organizations should plan their modern workplace project. Learn how to get executive sponsorship, create clear vision, drive adoption, and adopt a success plan to maximize the impact of the modern workplace.
More at my blog post https://blog.ahasayen.com/speaking-at-sharepoint-saturday-denver-colorado
UAE Microsoft MVPs - How To become Microsoft MVP
Learn from UAE Microsoft MVPs tips on how to become a Microsoft Most Valuable Professional MVP as they share their personal MVP journeys and diversity of contributions.
How To Become Microsoft MVP in Arabic
https://youtu.be/pxhNIkBMWKU
How To Become Microsoft MVP Blog Post
https://blog.ahasayen.com/you-can-als...
A Typcal Microsoft MVP Journey
https://blog.ahasayen.com/how-to-beco...
How To Start Your Blog - Microsoft MVP Stories
https://blog.ahasayen.com/start-your-...
--------------------------------
Microsoft MVPs in this video:
--------------------------------
Ammar Hasayen @ammarhasayen
MVP Category: Microsoft Cloud and Data center
CISSP | CISM - Microsoft MVP | MCT
Public Speaker
Blogger https://blog.ahasayen.com
Pluralsight Author https://pluralsight.com/authors/ammar...
Book Author https://me.ahasayen.com/m365security
Youtuber http://YoutTube.com/AmmarHasayen
Ahmad Nabil
Website: https://itcalls.net/
From: Egypt
MVP Category: Microsoft Cloud and Data Center
James Toulman
From: United kingdom
MVP Category: Microsoft Azure
Igor Shastitko @iwalker2000
From: Slovakia
MVP Category: Microsoft Azure
Azure Infra Deployment, Management, Security and Automation. Worked at Microsoft for 10 years.
Usama Wahab
From: Pakistan
MVP Category: Microsoft Azure (Since 2011)
CTO @ Evolution | AI, ML, BI, Cloud Practitioner | Speaker | Blogger | Author | Trainer #FinTech
Website: https://Usmanwahabkhan.blogspot.com
Hatim Nagarwala @hatimnagarwala
From: India
MVP Category: Microsoft AI
Technology Lead @appsWave
Microsoft MVP in AI, Speaker, Mentor, Adventurer, Microsoft by beathing heart
Website: http://Hatim.im
Hasan Dimdik @HasanDimdik
From: Turkey
MVP Category: Microsoft Cloud and Data center
Senior Technology Engineer at Emirates NBD | CEH | MCT | MCSE | Speaker and Author
Satheshwaran Manoharan @sattzzz
From: India
MVP Category: Office Apps & Services
Microsoft MVP | Messaging and Virtualization Expert | Publisher of Azure365Pro.com
Website:http://Azure365pro.com
Making Cloud Security Part of Your DNA Webinar Slides
To watch the full Making Cloud Security Part of Your DNA webinar video, please go to: https://resources.netskope.com/h/i/65967799-making-cloud-security-part-of-your-dna
Summary:
As Chief Security Officer for leading cancer diagnostic company Genomic Health, Craig Guinasso makes cloud a strategic advantage while solving some of today’s most complex security challenges.
Join Craig, along with Sanjay Beri, CEO of Netskope, Missy Krasner, Managing Director of Healthcare at Box, and David Baker, CSO of Okta, for a webinar on the top five strategies that healthcare technology leaders should adopt to get the most out of the cloud while also protecting patient health data and keeping their organizations compliant.
In this powerpoint, you will get a glimpse into the webinar where we discussed how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
CD and the curse of legacy
Large legacy financial institutions face challenges to achieving continuous delivery (CD) due to legacy systems, mindsets, and contracts that resist change. Underfunding of change initiatives and prioritizing new features over testing causes "continuous" to fail. Teams work in silos with long lead times and no accountability for missed deadlines. Security processes are burdensome. However, slow, incremental change is occurring through evolutionary adoption of DevOps practices, new platforms, and funding of digital transformation efforts, creating pockets of success.
Acronis Active Protection: A Way To Combat Ransomware Attack
In the wake of the massive "WannaCry" ransomware attack that took the world by storm on Friday, May 12, businesses are scrambling to improve their IT security. Learn how Acronis Active Protection can help prevent another attack like this one from knocking your business offline.
CIO Cloud Security Checklist
What are some items every CIO should review when making the decision on whether or not to cloud? This infographic covers the most important aspects. More here: http://bit.ly/1vpGeKL
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...Softchoice Corporation
While security and legal fears have gone down, they still account for 5% of enterprises not planning a migration to Office 365, according to Gartner.
This is a real shame, because as you know, O365 can drive considerable business productivity, employee engagement and can enable digital workforce greatness.
Moreover, O365 has 70 million commercial active users per month and according to Gartner, controls over 80% of the email share.
Well, have no fear (literally). Our experts have put together an insightful hour to explore, discuss and appease any fears you may have around compliance, security and data control in the Microsoft cloud.
Hosted jointly by Microsoft and Softchoice Office 365 pros, you will learn about:
- Keeping privacy and control of your data on Office 365
- Overcoming legal and compliance concerns
- The advantages of cloud security versus on-premise, and much moreThe connection forweb p12
The Connection - Enable Productivity and Security In Your NonStop Environment - Bloombase StoreSafe Intelligent Storage Firewall with HPE ESKM
Midmarket CIO Forum 2013 Presentation
The document discusses a security layer for cloud data that provides automated and secure backups of cloud data. It notes that one out of three companies using SaaS applications lose data, with 60% of businesses that lose data shutting down within 6 months. The security layer aims to backup all cloud data in one place and decrease backup time from days to hours through integration with cloud applications via an API. The vision is for the solution to become a broader data management layer providing backup, archiving, e-discovery, and migration capabilities across cloud storage providers.
Secure Your WordPress Site - And Your Business
You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right? Think again! Security incidents are on the rise, and small businesses are easy targets. You may not have a lot of money to invest, but you can learn a framework to help you get a better grasp on security for your website and your business.
Security Loves DevOps: DevOpsDays Austin 2012
Discusses the intersection between security and DevOps and how Security people can leverage DevOps and vice versa.
ePlus Managed Security Services
IT challenges are growing on a daily basis. Optimize your security program with ePlus Managed Security Services.
Azure Information Protection at the Cybercrime and Security Forum 2018
This session is all about Azure Information Protection, including the new Office 365 sensitivity labels.
What's hot (19)
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 Investments
How to plan your Modern Workplace Project - SPS Denver October 2018
How to plan your Modern Workplace Project - SPS Denver October 2018
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware Attack
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...
Azure Information Protection at the Cybercrime and Security Forum 2018
Azure Information Protection at the Cybercrime and Security Forum 2018
Similar to Enterprise DevOps is not an oxymoron
ISACA Ireland Keynote 2015
Going first is always difficult... there is so much you want to say. This is a keynote on DevSecOps delivered to a fantastic ISACA Chapter in Ireland
DevSecCon Keynote
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
DevSecCon KeyNote London 2015
This document discusses the evolution of security practices to enable secure innovation at speed and scale through a DevSecOps approach. It outlines how traditional security controls can be transformed into self-aware, self-reporting components that integrate seamlessly into the DevOps pipeline. Specific examples are provided for how perimeter testing, configuration management, encrypting sensitive data, access management, and multi-factor authentication can move from annual certifications to continuous monitoring and enforcement. The document advocates for collaboration, experimentation, and a focus on simplicity and automation to evolve security practices for DevOps.
Open Source Defense for Edge 2017
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
State of DevSecOps - DevOpsDays Jakarta 2019
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
The State of DevSecOps
The document discusses the rise of DevSecOps and its importance for software development. It notes that existing security solutions are no longer adequate due to the speed of modern development, and that security has become a bottleneck. DevSecOps aims to integrate security practices into development workflows to enable continuous and real-time security. It outlines how security responsibilities have evolved from separate teams to being shared among developers, and how tools have progressed from periodic testing to continuous monitoring and automation. The document argues that DevSecOps is necessary now given the costs of data breaches and risks of vulnerabilities in open source components.
Microsoft Teams in the Modern Workplace
Joanne Klein delves into Microsoft Teams to give a glimpse of its features, its underlying architecture, and what’s in it for the modern worker and the data protection, data retention, and legal/compliance teams across your organization.
State of DevSecOps - DevSecOpsDays 2019
This talk provides a brief history of how DevOps has enabled tech companies to become unicorns. Furthermore, is Security in DevOps important, who is responsible and what can teams do make security a competitive advantage.
SCS DevSecOps Seminar - State of DevSecOps
- Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Respresenting Cyber Defense Community (cdef.id) to present and share my view on Secure DevOps / DevSecOps. Through this presentation, I shared several insights about:
1. How to balance the risk and controls in the "great shift left" paradigm (agile)
2. DevOps activities
3. How to seamlessly integrate security into DevOps
4. How to "shift left" the security"
5. Get started with Secure DevOps / DevSecOps
6. Case Study about DevSecOps implementation
For further discussion, especially how to secure digital and agile transformation in your organization, don't hesitate to contact me :)
Outpost24 webinar: Turning DevOps and security into DevSecOps
DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges.
It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.
State of DevSecOps - GTACS 2019
The document discusses the importance of DevSecOps. It notes that existing security solutions are no longer adequate as software can now be distributed globally and created more cheaply in the cloud. DevSecOps aims to integrate security into development and operations by making security teams empower developers and help them succeed. It outlines how security tools and responsibilities have evolved from separate security testing to being integrated into product teams. The document argues DevSecOps is important because fixing defects early is cheaper than during production, and most modern applications use open source components which could contain vulnerabilities. It concludes security teams should empower product teams and help solve technology problems while product teams should be mindful of security.
Owasp Summit - Wednesday evening briefing master
The document discusses several security-related topics including promoting the OWASP Orange Saft tool, outcomes from a security guidance stakeholder meeting, feedback for improving security guidance in IDEs, topics to cover in a new CISO guide, questions to include in the guide, securing GitHub integration, an incident response playbook, and a CISO round table discussion. It also summarizes outcomes from several breakout groups at an OWASP event on threat modeling, application security curriculum design, and infosec warranties and guarantees.
Working on DevSecOps culture - a team centric view
A presentation to help you better understand the context in which devsecops transformation happen. With a focus on how the teams are empowered to really care about security.
Presented at The Devops Conference - organized by Eficode
The End of Security as We Know It - Shannon Lietz
1. The document discusses how security is changing with new technologies like cloud computing, DevOps, and agile development. Traditional security practices are no longer effective.
2. It advocates migrating security left in the development process so it is designed into applications from the beginning. This allows for a faster security feedback loop.
3. Security needs to be automated and tested using tools and data platforms. Monitoring and inspecting everything is important for the new dynamic environments. Security decisions and controls are also changing to adapt to these new realities.
2016 - Safely Removing the Last Roadblock to Continuous Delivery
Presentation by Shannon Lietz
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t?
Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.
Reinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with IdeolveMithi Software Technologies Pvt Ltd
This time is one of significant disruption and unprecedented challenges, and we are happy to note that many of our esteemed customers have been doing a tremendous job in this time of crisis.
Our customers, such as EMRI, M&M, DRDO, IPCA, Alembic, and more, have been working relentlessly at their tasks and duties.
Their work includes the supply of essential commodities like milk, 24×7 emergency service, managing big cities like Mumbai, keeping up the supply and production of essential medicines, creating affordable ventilators, and more.
Our customers are increasingly relying on email, phones, web meetings, and even social networking apps to bridge communication gaps during these trying times. However, to coordinate the flow of work, much effort is expended, and time lost.
Is there a better way?
Increasingly we have been relying on Ideolve, for the last three years, to overcome limitations of existing tools with team collaboration.
Hence we share one facet of collaboration – How to share files online securely with Ideolve and make work from home and team collaboration more effective.
Join us in this live webinar where we cover:
A big round of applause for your COVID-19 contribution
How Mithi shares files with Internal/external teams
Live case study of Ideolve in a customer support environment
How secure is Ideolve
Other use cases
Our free offer exclusively for our clients.Safely Removing the Last Roadblock to Continuous Delivery
This document discusses how to implement DevSecOps practices to safely enable continuous delivery. It advocates shifting security left by integrating security practices into development workflows from design through deployment. This allows security issues to be identified and addressed early before they become costly problems. The document outlines DevSecOps staffing models and provides examples of how practices like automated security testing, secure baselines and templates, and monitoring can help operationalize security and reduce mean time to remediate issues from months to hours.
10 Essentials for Effective Teams Governance
The document discusses 10 essentials for effective governance of Microsoft Teams. It recommends: 1) Creating a formal governance board to provide oversight and define roles. 2) Promoting a center of excellence to drive innovation, share best practices, and provide information. 3) Consolidating data to reduce costs, risks, and maintenance issues. It also recommends managing the content lifecycle, establishing provisioning processes, securing external collaboration, automating processes, focusing on adoption and engagement, and having a communication plan for change management.
Similar to Enterprise DevOps is not an oxymoron (20)
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOps
Working on DevSecOps culture - a team centric view
Working on DevSecOps culture - a team centric view
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
Reinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with Ideolve
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
Recently uploaded
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
GridMate - End to end testing is a critical piece to ensure quality and avoid...
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
DevOps and Testing slides at DASA Connect
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Recently uploaded (20)
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Enterprise DevOps is not an oxymoron
- 1. Enterprise DevOps Speaker: Lee Eason Bridging the InfoSec Divide
- 2. page 02 The unique challenge of Enterprise DevOps is bringing the security needs of the Enterprise into the fast, lean world of the teams we strive to enable. The goal:
- 3. page 03 • Large in customer count/size • Multiple products or lines of business • Provides critical services • Complex technology landscape • Multi-national • Security is top of mind and seen as a blocker to innovation: start with everything closed and only open what you justifiably need enterprise • Articles tend to focus on single stack • Small, lean teams • Focus is on making development easy • Security is important, but can seem secondary to the workflow: start with defaults and close what needs to be closed devops Let’s set the stage
- 4. page 04 Risk mitigation 2 Classify your data 1 Build a tools team 3 Four keys to Enterprise DevOps Success Embrace SRE 4
- 5. page 05 1. Classify your data in three dimensions 01Confidentiality level Class 1: Public Class 2: Company confidential Class 3: Customer confidential PII, MNPI…etc 02Environment types Co-located datacenter Public cloud Private cloud Off-site backup location 03Interaction method In use In transit At rest
- 6. page 06 General Example Data Classification Environment Method Controls Class 1 Public Cloud In Use - Encryption required - KMAAS provider (not IAAS/PAAS) - Key size: 128 bit - Minimum Algorithm: AES - Yearly key rotation Class 1 Public Cloud At Rest - Encryption required - Company controlled KMS; HSM or equivalent - Key size: 256 bit - Minimum Algorithm; AES Class 2 Public Cloud At Rest - Encryption required - IAAS/PAAS provided is acceptable - Minimum Algorithm: AES-128 Class 1 Colo At Rest - Hashed to avoid alteration
- 7. page 07 Data Classification Identify internal and external threats, and inherent risk Mitigate with Controls Don’t try to eliminate all risk. Target is to get to “residual risk” Accept Risk Make sure the right person is accepting risk! Have a “risk informed conversation” about those residual risks. 2. Get good at risk mitigation
- 8. page 08 Avoid having a central “DevOps” team Grow DevOps at the team level Guilds, lunch and learns, book clubs, training days Measure progress with KPI’s Reward accomplishments Utilize a Service Desk for tools support 3. Build an Internal Tools Team
- 10. page 010 4. Embrace Site Reliability Engineering • Enable teams to hit reliability goal • Create consistency across products Traditional Goals • Compliance monitoring tools • Control Objective Owner Regulatory Additions
- 12. page 012 • Create development playbook • Allow deviation • Incorporate innovation back into the playbook • Engineer solutions to common problems • Provide compliance as a product to your team Good things • Make SRE opaque • Make internal certification a form to be filled out • Staff only with compliance experts – SRE must be execution focused Anti-patterns 4. Embrace Site Reliability Engineering
- 13. page 013 Going to market with SRE Development against the Playbook Operational Assurance Security Framework Certification Ready for production!
- 15. thank you.