November 6-8, 2017

Event Details

Please note: All times listed below are in Central Time Zone

OpenStack Compliance Speed and Agility: Yes, It's Possible.

OpenStack is now serious platform for business with huge momentum in government and telco industries the world over.  In these verticals regulatory and security requirements are difficult to manage and OpenStack must rise to meet compliance frameworks such as FedRAMP, ANSSI and ETSI.

In this session, we will discuss OpenStack concerns and explore the latest in compliance tooling. In the spirit of "Compliance as Code" we've completed a proof of concept integration of OpenControl and OpenStack. With this work we'll show how security control remediation can be layered to create meaningful security documentation, gap analysis and reporting.  

In this session we explore:

- OpenControl (and compliance masonry) with OpenStack

- Compliance Masonry for Security Documentation

- An OpenStack FedRAMP HIGH public sector profile


What can I expect to learn?


Attendees can expect to learn:

What tooling exists to help manage compliance

How we can treat "compliance as code"

Which technical control groups matter in OpenStack

How a public sector organization achieved FedRAMP High in 3 months.

Tuesday, November 7, 9:50am-10:30am (10:50pm - 11:30pm UTC)
Difficulty Level: Beginner
Tags: Security
Sr. Principal Product Manager, OpenStack Platform
Basil is focused on leading the product management, positioning, and business strategy for security within the Red Hat OpenStack Platform product. Working cross-functionally, he's introduced and structured an effective, compliance-driven approach to cloud infrastructure security. Compliance frameworks of interest include: FedRAMP, ANSSI, ETSI and the work being done by the Cloud Security... FULL PROFILE
Chief Security Strategist, North America Public Sector
Shawn works as the Chief Security Technologist for Red Hat's Public Sector organization, focused on scoping, founding, and management of open source security technologies relevant to military computing initiatives. Wider known projects include co-authoring the first edition OpenStack Security Guide with the OpenStack Foundation, co-founding the OpenSCAP and SCAP Security Guide project, and... FULL PROFILE