Best Practices in Implementing Secure Microservices Architecture

Panel Discussion

Given that many countries have been suffering from a dire shortage of IT professionals for many years and the demand for IT professionals has continued unabated. The panel hopes to address the challenge of having enough cybersecurity professionals and discuss what employers can do to build necessary working experience for the individuals.

As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The Certificate of Cloud Security Knowledge (CCSK) is widely recognized as the standard of expertise and provides an individual with the foundation they need to secure data in the cloud. Learn how CCSK can bridge the gap and provide an important first step in establishing baseline knowledge for individuals in cloud security.

​"A Call to Action with CSA Vietnam Chapter” [in Vietnamese language]
Philip Cao HUNG (Advisor, CSA Vietnam Chapter)

Application containers and a microservices architecture are being used to design, develop, and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This presentation based on CSA research artifact 'Best Practices in Implementing Secure Microservices Architecture' will help to identify best practices in securing microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator, and Architect.

A new Guidance for Cloud Native Security was approved by the Singapore Information Technology Standards Committee in 2020. This speaker will provide an analysis on the strengths and weaknesses of the said technical reference. He will make a comparison with NIST and other papers on the same topic.

The CSA DevSecOps working group has published a number of papers including Reflexive Security, DevSecOps, and associated best practices. This talk briefly describes these topics, with an explanation of the principles and benefits of the novel management framework around DevSecOps, presented with examples of best practices that fit into this framework. We also provide a roadmap of current research of the working group.

-

Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.

Introduction
​Dr. Hing-Yan LEE (EVP APAC, CSA)

Welcome Remarks (in English & Vietnamese)
​Son HO (Chairman, CSA Vietnam Chapter) ​
​​
Opening Address
Jim REAVIS (CEO & Co-Founder, CSA)

OSAS is a recently released open-source security intelligence toolset that leverages machine learning and other innovative technologies aimed at discovering anomalies in a given dataset. The tool implements and combines several of the Adobe Security Intelligence Team’s previous research, white papers, and other open-source projects. OSAS is able to run “out-of-the-box” and enables researchers to: (a) experiment with data sets; (b) control how the data set is processed and how the features are combined; and (c) can help shorten the path to finding a balanced solution for detecting security threats.



This webcast will introduce folks to OSAS, its potential benefits and uses in their own threat intelligence efforts, and how they can obtain the latest builds of the project and contribute to it if they choose.

Amidst the growing buzz for shift-left developer centric security methods, this session will highlight the need for a common ground between security and DevOps and offer guidance and best practices on how to build in security without impeding agility.

Seeking flexibility, scalability, and cost-savings, an increasing number of healthcare organizations are
moving systems and data to the Cloud. Fueled by increased adoption of telemedicine and wearable
medical devices sparked by the pandemic and continuing investment and growth in Cloud-native health IT startups, the market for healthcare cloud computing is expected to grow from $28 billion in 2020 to nearly $65 billion over the next six years, according to a recent study by MarketDigits.

While there are numerous benefits for healthcare organizations that adopt cloud models, introducing
sensitive and protected data into the Cloud creates various new risks. As we’ve seen in some surveys, organizations are conflicted on whether cloud security makes it easier or more challenging to manage these risks. A recent Netwrix survey indicated that nearly 40% of respondents have had a cloud security incident in the past year, and nearly half of them could not diagnose the issue.

During this webinar, Clearwater Chief Risk Officer and Head of Consulting Services Jon Moore will review recent examples of healthcare cloud security failures and discuss critical takeaways that organizations should note to avoid similar missteps.

Attendees will learn:
· Seven ways cloud security can go sideways resulting in a breach and HIPAA violation
· Best practices to help your organization reduce risk and avoid a HIPAA violation in the Cloud

If you are part of a security organization and noticing the constant resource competing with product feature development, you may have wondered how to further accelerate security work assigned to product teams. How can security best integrate with feature development to reserve engineering resources for security projects? Our team has developed an approach to provide clearer visibility into the security work that needs to be done. It also enabled us to be better aligned with the existing product development process.

In this webcast we Ningjing Gao, Principal Technical Program Manager for Security at Adobe, will talk about what we did to improve our processes and shared additional best practices that can help you make it more efficient and effective for product teams to build security into everything they do at your organization.

As attacks on software supply chains and critical applications not only continue but accelerate, we need to extend a next-generation zero-trust model into cloud workloads during runtime. To understand why runtime remains a choice target for threat actors, look no further than the recent SolarWinds and Microsoft Exchange server attacks. Both exploits executed undetected and undeterred in runtime, easily evading existing security measures such as threat hunting and EDR/EPP tools.

Zero trust is a powerful concept, but many think it only applies to users, devices, and networks. Implementing a next-generation Zero-Trust model, one that incorporates application-aware workload protection, can ensure that only the right code and processes can execute, regardless of the threat environment.

In their Market Guide for Cloud Workload Protection Platforms, Gartner specifically recommends extending zero trust security, stating: “At runtime, replace antivirus-centric strategies with “zero-trust execution.”
Join security experts from Virsec as they discuss the challenges of protecting an expanding attack surface area with cloud, hybrid, and container environments and detail the need for application-awareness and effective runtime protection. Get best practices for security implementations for workloads that ensure vulnerability protection with granular application control, system integrity assurance, and advanced memory protection at runtime.