Lightning talk at The DEVOPS Conference - Stockholm on October 2023: Navigating Shift Left: Insights from our IaC Security Expedition
As organizations increasingly host their services in the cloud, Infrastructure as Code tools(IaC) are highly used in automating the provisioning of cloud services. Those tools can introduce security weaknesses and risky changes to the cloud platforms, which become a highly attractive attack surface for hackers. At The DEVOPS Conference, Romina Druta (Senior Cloud Infrastructure Engineer & Security Researcher at Visma) revealed the results from a study on IAC security of 22 Visma projects hosting their cloud infrastructure in GCP, AWS, and Azure.
The aim of this presentation is to make practitioners aware of vulnerabilities that can appear in their infrastructure when using IaC, but it also shows what we have learned in our journey to Shift-Left security for the cloud. #DevOps #TheDevOpsConference
---
Speaker: Romina Druta is a Senior Infrastructure Engineer and Security Researcher in VISMA, where she is focusing on security for cloud platforms. She has acquired a broad range of technical knowledge in systems administration and operations during her different working experiences as a system engineer. Her research interests include cloud computing, design and architecture of secure and reliable systems, DevOps practices and processes but also research methods and procedures.
---
👇 Learn more:
[ Ссылка ]
If you'd like to learn more about us, click here:
[ Ссылка ]
---
Timestamps:
00:00 Intro
00:25 What is Shift-left Security?
01:21 How all started?
02:35 Discoveries
03:56 What is next?
04:19 Lessons
