Organizations are in need for a standard, sane way to perform an assessment of their cloud native environments. This talk provides insight on how security professionals as well as auditors can identify whether they are following the controls and practices suggested in CNCF published white papers and thereby adhering to NIST 800-53v5 controls.. We will also provide examples on how we plan to develop open source automation (such as OSCAL) to reduce the toil of audits; and cross mapping to various frameworks and standards to enable builders focus on making their environments safer.

CloudNativeSecurityCon is a two-day event designed to foster collaboration, discussion and knowledge sharing of cloud native security projects and how to best use these to address security challenges and opportunities. The goal is not just to propose solutions that incrementally improve what has come before, but to give room to breakthrough technology and advances in modern security approaches. Topics of sessions and lightning talks presented by expert practitioners include architecture and policy, secure software development, supply chain security, identity and access, forensics, and more.

⚡ Lightning Talk: Assessing Environments Against Cloud Native Security Best Practices

Conference: Cloud Native SecurityCon North America 2022

Authors: Pratik Lotia, Jon Zeolla

Abstract

Post a comment

Related work