Review: Building Secure Workloads in Azure, 9th October 2018

Well that was an amazing day...

Since I started running these conferences the interest has been growing and growing. I had a full house yesterday in Microsoft HQ with 100 delegates in attendance and we were massively over subscribed.

It must be an indication of how important security in the public cloud is becoming to organisations. I am a great believer in #Azure and the ability to build solutions in a secure way to protect data and services. What I hope to achieve with my conferences is to address a gap in knowledge and the need to have an open mind to a different ways of doing things in Public Cloud.

At the conference we had outstanding talks from Microsoft experts Jamie Bryant, Ben Houghton and Adrian Lavery on the investment in physical security and the incredible work done by the UK CSA team (led by Ben Houghton) in developing fast start blueprint templates to achieve regulatory compliance.

There was a fascinating talk from one of Microsoft leading AI experts Alessandro Recino and Ben once again on Hyperscale AI, considering the ethics and how is can be used in cyber attack and defence. Are we one step closer to Skynet and the Terminator?

I was fortunate, once again to present with Gianluca Ciocci on the work that we did building the first UK Official-Sensitive PaaS solution for a major government department. Gianluca's passion shone through as he described the importance of taking a DevOps approach to the project and the incredible savings the customer has achieved with this approach.

Richard Erwin then took us on a deep dive into DevSecOps, why it is important, the benefits it brings and how to go about it. Having worked with a number of different customer organisations and experiencing their very different interpretations (most not good) it was good to see what good looks like.

Simon Keates with support from Julian Anderson opened my eyes on the crucial work that Thales does in the world of Cyber Security with their security products. Their products underpin the Azure KeyVault service and is fully integrated in the Azure platform. I was interested to learn how 80% of all point of sale transactions are protected by Thales solutions. Simon also talked about how the services support multi-cloud landscapes that a number of large enterprises are working with.

Gavin Kemp started his talk on management and monitoring in Azure with real life security breach that occurred at his home involving a Chinese IP camera. Much laughter followed especially when Gavin tried to pass on the camera to the audience. Gavin highlighted the importance of monitoring in the Public Cloud and updated us on the latest capabilities in Azure.

The customer story from Rob Baskerville of the journey that MOJ undertook to come to trust Azure resonated with the audience on many levels and provoked a lot of discussion in the breaks. I am sure that Rob's candid nature has helped a number of the attendees on their journey to trusting Azure.

We were able to make use of the technology to bring Glenn Pittaway in to the conference all the way from Seattle, to tell us about the work that he has been doing building a Cloud Assurance Framework to help customers define the threats, risks and the controls that mitigate them. There was a lot of interest in the framework and I will write more about this on a later date.

Finally we had our regular Panel Q&A with lots of discussion and questions, including whether the impact of GDPR, and the right to erasure, has killed off the use of blockchain where PII is part of the transaction. It was a long day with a big audience and I could not have done it without Holly Manley who has been fantastic.

I have published the material on my PointDrive and I am very interested to get your feedback on the conference so that I can incorporate it in the next one.