Tech Show - Paris - 2022 Nov.

Adopt the DevOps culture to accelerate digital transformation
- Fluidify
- Connecting technology with Business
- 1 Ops in each team
- Cultural difference between the devs and the infrastructure: brings antagonism
- Everyone sees everything: decompartmentalize
- Rethink processes -> have new flows
- Prototype, test, etc: iterative way
- The most important thing is the people and the culture
- End-to-end team responsibility
- Small increments

What cybersecurity strategy in the cloud era?
- Human risks
- Cyber risks
- Little or no training in new technologies: lack of knowledge
- Configure well, don't believe too much that everything is well done and is perfect
- Lack of compartmentalization between customers
- State of the art (Up to date)
- Controls (regular, independent, reactive)
- Trained staff: all staff, people
- Transparency of insurance contracts

How to accelerate the adoption of Devops practices in a heterogeneous international ecosystem?

Same tools for everyone
- Common practices
- Measure and monitored the progress
- Set goals

DevSecOps: Inventory, review of solutions and best practices
DevSecOps:
- Addition of the security part; shared responsibilities
- Automation of security scans
- Don't focus on just one type of defect. Nature of the risk
- Have the greatest coverage -> Goal: 0 manual steps
- CI: Continuous Integration
- Scanners offered by Gitlab
- Detect, plan, integrate security
Sequential DevOps: The security part comes at the end and acts as the police. The dev will try to circumvent the police: non-virtuous circle.
- Ideal pattern: The first vulnerability report comes right after the first commit and before to deploy in the next env.
- Responsibilities are shared
- Approbation rules to deploy in Prod

Deploy Devops on a large scale
Pros and Cons of deploying on a large scale:
+ Reduce time to Market.
- Impact on IT strategy and people during the first implementation -> culture changes
+ Innovate faster
+ Fail faster
What is done in one team will be permeable and will spread to the other teams.
Include those who resist change from the start.
Small increments.
DevSecOps: Security cannot end
Need experts, guru
Trainings
The right to error
Evangelize internally
The 1st step is the hardest


2022 cybercrime trend. How can your business stay safe?
The human is in the foreground
Building a safety/security culture.
Trends:
- Home office
- Ransomware
- Use the supply chain
- AI, Deep fake, synthesized voice
- Event-related phishing
- Increasingly complex attacks
The best phishing attacks use:
- Power of authority
- Social recognition
- COVID updates
Culture of safety. Change behaviors by encouraging people's awareness.
Learn / Train / Act.

Human factors in cybersecurity
- 94% of malware arrives through emails
- 80% by phishing
- We used to say that the guilty person is the one who clicked but everyone has a responsibility
- Need for redundancy
- Overconfidence
- Open discussion without jargon
- 50% of attacks are reported by humans, not by software
- Avoid denial: it's not my job
- Feedback to users
- Security is not the icing on the cake
- Special attention to laziness, copy/paste, simple/short passwords
- Amplifying factors: stress, laziness
- Humans, Trainings, Anticipation, Team effort

How to defend against ransoms and infections?
- Convincing: compliance with rules, laws, etc.
- Permanent strategy regarding the security

Structural process:
- Human processes
- Technical processes

More threats with working from home
A kind of cyber passport to raise awareness from the arrival of an employee and throughout their carrier.

Ease the digital journey through cloud adoption
- Why moving to the cloud: 49% of the application workload is already in the cloud
- End of data center contracts
- Business continuity
- Smooth cash flow
- Cyber threats
- Rapid evolution
- Resource and budget constraints
- Reduce the ownership cost of IT services
- Focus on business needs
- Big data + AI: analysis and decision-making
- Experiment with innovative solutions
- Highly available environments
- Energy cost
- Global shortage
- Step-by-step approach

Debunking common myths about cloud Security
- Rush on the cloud: no security? Lack of user training?
- Misconfiguration: configuration can be done by a developer? Who is the owner of the configuration?
- Abuse of insecure cloud credentials and access rights: Privileges abuse
- Lack of security/safety culture
- CNAPP Cloud Native App Protection Platform: cloud native platform that unifies security
- Responsibility of configuration problems: for the customer or for the provider?
- Automated responses mean loss of control
- Answers versus recommendations
- Some tasks can be safely automated
- One-click action