Comcast's Jearvon Dharrie says, "Automation is a requirement, not a feature." This talk describes his team's journey into public cloud, and how they took control of their infrastructure.
A common solution to cloud security is the gatekeeper model. Old-school security teams think they can prevent breaches by locking down the network and having all requests funnel through a ticket system.
But this model often makes your cloud less secure: Solutions need to be implemented for each service and there is a lack of consistency. It also adds friction, so teams tend to skip it.
In this talk, Dharrie discusses creating a security framework for your enterprise. It takes principles of automation from DevOps and applies it to security. For example:
A Leadership Guide to Multi-Cloud Success for the Department of Defense
A Leadership Guide to Multi-Cloud Success for Federal Agencies
Database Provisioning Evolution at GoPay with Terraform and Ansible
Secrets Management at Swiss Federal Railways (SBB) with HashiCorp Vault