S-a-a-a-S – Security as an actual service presented at BSidesManchester 2019

by Samantha Humphries,

Summary : Security teams are regularly branded with the unfortunate moniker of ‘the department of no’; seen as the place where innovation went to curl up and die. Individuals or teams with meticulously cultivated plans feel halted in their tracks because “ugh…security policy”, so either stop innovating, or, more often than not, just merrily bypass the security team altogether and find another way to do what they wanted in the first place. Shadow IT is no-one’s friend in the end, and there are no prizes for guessing who gets the blame when something goes wrong? Blame is of little use after the event, and likely the real culprit is inadequate inter-departmental partnerships. When it comes to developing ideas and proposals a lack of collaboration means the security aspect of planning is missed or at best delayed. No-one enjoys being brought in at the last minute, and then having to brandish the ‘no’ stick. Partnering properly means bringing the right teams in from the start ensuring that the security needs of the organisation are built into the very core of an idea, not as an afterthought. It’s the very premise of DevSecOps/SecDevOps/DevOpsSec - whatever the kids are calling it these days - but one that can go further. It’s not just applications that require this type of collaboration - it is just as central to all types of innovation - essentially the DevSecOps of ideas. What you’ll learn from this session:- How SaaaS will benefit you, your team, and your organisation- Ideas for promoting SaaaS within your organisation- Carrot vs the “No” stick – proactive tips to get ahead of requests- How to measure SaaaS success