Compliance Does Not Equal Security (Except When It Might Be) - Rob Clark - USENIX Enigma Conference - 2018

Explore a thought-provoking conference talk from USENIX Enigma 2018 that challenges the notion of compliance equating to security in cloud environments. Delve into IBM's innovative approach to restructuring their security strategy, aligning with NIST guidance to support DevSecOps and enhance cloud deployment security. Learn how IBM built a security team responsible for understanding and measuring controls across their vast cloud infrastructure, comprising over 200 services and 53 data centers. Discover the lessons learned, results achieved, and future steps in this 21-minute presentation by Rob Clark, Cloud Security Leader at IBM, as he shares insights on decreasing complexity, driving security feature functionality, and making compliance more accessible and effective in cloud security management.

Intro
Compliance is not equal to Security
IBMs Agile Model
Compliance vs Security
Will Compliance Save Us
How Do We Make Compliance Accessible
How Do We Build Security
Lessons Learned
Results
Next Steps