SK
Sathvik Kallepalli
@sathvik542
From Zero to Hero: Building Cloud Security Maturity in Fast-Growing Startups
Submitted Oct 15, 2024
Submission type:
40 min talk
Track in which your submission fits:
Security
From Zero to Hero: Building Cloud Security Maturity in Fast-Growing Startups ππ
Talk Description:
As a cloud security professional with 2+ years of experience at Groww and soon Razorpay, Iβve navigated the challenges of scaling security in dynamic environments, especially within fast-growing startups securing infra and handling sensitive PII data. In this session, Iβll share insights on how to elevate cloud security maturity, moving from zero to a fully established, security model. This talk will focus on practical strategies (both tech and process) that startups, especially in the fintech space, can adopt to secure their infrastructure while maintaining business agility. By embedding security processes early on, organizations can avoid pitfalls that often emerge as they scale. β‘
My framework, SCRL (Secure Cloud Resource Lifecycle), is a universal approach that provides clear steps to secure cloud infrastructure. It includes processes like:
- Visibility - Asset inventory π
- Researching misconfigurations π
- Enforcing access control and organization policies π‘οΈ
- Maintaining Least Privilige Access πΉ
- Utilizing IaC (Infrastructure as Code) to automate and review resources π€
- Reactive checks - Eagle Eye for anomalies π¦
- Regular Reviews for Misconfigs and SOP finetuning.
The goal is to establish a secure cloud environment that evolves with business needs, balancing security and operational efficiency. By the end of this talk, attendees will gain a clear understanding of how to structure their cloud security approach, ensuring long-term sustainability and compliance. π
Key Takeaways:
π οΈ A structured process for securing cloud infrastructure, moving from zero security to a fully mature.
π§ Practical insights on automating cloud security processes using open-source tools to ensure fast, secure, and frictionless product delivery.
Audience:
This session is perfect for:
- Cloud Security engineers π¨ π»π© π»
- DevSecOps/SRE professionals π
- Startup founders π© πΌπ¨ πΌ
- Anyone who wants to secure their infra
It will particularly benefit those working in high-growth environments where handling PII data requires stringent security measures without compromising on business agility.
Comments
Hosted by
We care about site reliability, cloud costs, security and data privacy
Supported by
Platinum Sponsor
Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.
Platinum Sponsor
PhonePe was founded in December 2015 and has emerged as Indiaβs largest payments app, enabling digital inclusion for consumers and merchants alike.
Community sponsor
Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.
Venue host - Rootconf workshops
Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.
Community Partner
FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India.
more
Community Partner
A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin
more
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a commentβ¦') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}