Rootconf Mini 2024 (on 22nd & 23rd Nov)

Geeking out on systems and security since 2012

Sathvik Kallepalli

@sathvik542

From Zero to Hero: Building Cloud Security Maturity in Fast-Growing Startups

Submitted Oct 15, 2024

From Zero to Hero: Building Cloud Security Maturity in Fast-Growing Startups πŸš€πŸ”’

Talk Description:
As a cloud security professional with 2+ years of experience at Groww and soon Razorpay, I’ve navigated the challenges of scaling security in dynamic environments, especially within fast-growing startups securing infra and handling sensitive PII data. In this session, I’ll share insights on how to elevate cloud security maturity, moving from zero to a fully established, security model. This talk will focus on practical strategies (both tech and process) that startups, especially in the fintech space, can adopt to secure their infrastructure while maintaining business agility. By embedding security processes early on, organizations can avoid pitfalls that often emerge as they scale. ⚑

My framework, SCRL (Secure Cloud Resource Lifecycle), is a universal approach that provides clear steps to secure cloud infrastructure. It includes processes like:

  • Visibility - Asset inventory πŸ‘€
  • Researching misconfigurations πŸ”
  • Enforcing access control and organization policies πŸ›‘οΈ
  • Maintaining Least Privilige Access 𓁹
  • Utilizing IaC (Infrastructure as Code) to automate and review resources πŸ€–
  • Reactive checks - Eagle Eye for anomalies πŸ¦…
  • Regular Reviews for Misconfigs and SOP finetuning.

The goal is to establish a secure cloud environment that evolves with business needs, balancing security and operational efficiency. By the end of this talk, attendees will gain a clear understanding of how to structure their cloud security approach, ensuring long-term sustainability and compliance. 🌐


Key Takeaways:
πŸ› οΈ A structured process for securing cloud infrastructure, moving from zero security to a fully mature.
πŸ”§ Practical insights on automating cloud security processes using open-source tools to ensure fast, secure, and frictionless product delivery.


Audience:
This session is perfect for:

  • Cloud Security engineers πŸ‘¨ πŸ’»πŸ‘© πŸ’»
  • DevSecOps/SRE professionals πŸš€
  • Startup founders πŸ‘© πŸ’ΌπŸ‘¨ πŸ’Ό
  • Anyone who wants to secure their infra

It will particularly benefit those working in high-growth environments where handling PII data requires stringent security measures without compromising on business agility.

Comments

Hosted by

We care about site reliability, cloud costs, security and data privacy

Supported by

Platinum Sponsor

Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.

Platinum Sponsor

PhonePe was founded in December 2015 and has emerged as India’s largest payments app, enabling digital inclusion for consumers and merchants alike.

Silver Sponsor

The next-gen analytics engine for heavy workloads.

Sponsor

Community sponsor

Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.

Venue host - Rootconf workshops

Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.

Community Partner

FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India. more

Community Partner

A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin more