Case Study

DevSecOps Responsibilities: Automating Cloud Security and Incident Response at Comcast

Comcast's Jearvon Dharrie says, "Automation is a requirement, not a feature." This talk describes his team's journey into public cloud, and how they took control of their infrastructure.

A common solution to cloud security is the gatekeeper model. Old-school security teams think they can prevent breaches by locking down the network and having all requests funnel through a ticket system.

But this model often makes your cloud less secure: Solutions need to be implemented for each service and there is a lack of consistency. It also adds friction, so teams tend to skip it.

In this talk, Dharrie discusses creating a security framework for your enterprise. It takes principles of automation from DevOps and applies it to security. For example:

  1. Creating cloud users through code so they all have the same password policy and access rules
  2. Using serverless to monitor for misbehaving VMs

More resources like this one

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 1/5/2023
  • Case Study

How Discover Manages 2000+ Terraform Enterprise Workspaces

  • 12/22/2022
  • Case Study

Architecting Geo-Distributed Mobile Edge Applications with Consul

  • 12/13/2022
  • White Paper

A Field Guide to Zero Trust Security in the Public Sector