Three Worlds of Application / Cloud Security

Presented at RVAsec 2021, Nov. 5, 2021, 3 p.m. (50 minutes).

Application / Cloud security goes hand in hand in our ever-changing IT environments.  With the cloud actually “being” an application, we need to look at three areas of Application Security that encompass what goes into the cloud, the cloud itself, and how to secure its communications and workloads. This discussion will start to the extreme “far left” in the security lifecycle, all the way to the developer’s keyboards. Then we will explore the DevSecOps security process, based on the “Defense in Depth” theory of security. Then finally we will address the workloads in the cloud, with some of the public cloud’s native functionality to protect itself, and how we can use additional toolsets to enhance them. Companies need to identify not only the tools, but when to use them, and how to automate them.

Presenters:

  • Richard Thayer - ePlus Technologies, Inc.
    Richard Thayer has been in IT for over 35 years. From his early beginnings of working on IBM's 8086XT system(s), to designing robust security architectures for Fortune 50 companies; Mr. Thayer has consulted for vertical markets within Finance, Energy, Manufacturing, Retail, Insurance, and DoD & Civilian Government. Mr. Thayer has garnered a wealth of knowledge over his career, and multiple years of experience with the following: 25 years of experience with Identity and Access Management 25 years of experience with Server Operating Systems (Windows/Linux/Unix) 22 years of experience with IT / IS Security 22 years of experience with Technical Requirements, Design, Testing & Implementation of Technologies & Infrastructure 18 years of experience with Server Virtualization technologies such as VMware / Citrix / KMS / On-Prem / Hybrid / Public Cloud(s) 15 years of experience with Creating / Customizing Information Security Policy (ISO, NIST, CIS) 12 years of experience with Governance, Risk, Compliance (GRC) Management

Links:

Similar Presentations: