Loading…
This event has ended. Create your own event on Sched.
View analytic
Thursday, June 15 • 4:10pm - 4:40pm
Building Security Frameworks Into Your CI/CD Pipelines [I] - Nathan Gibson & David Brock, Allstate Insurance

Sign up or log in to save this to your schedule and see who's attending!

Allstate is a company that puts extreme value in the trust that is given by their customers. This means taking all measures available to ensure that all customer information is protected. In addition, being in the insurance industry puts them under a significant amount of regulatory compliance requirements. Safeguarding this trust continues to become challenging in the world today where traditional security controls are no longer effective against the advanced persistent threats that organizations face.

In this session, Allstate will discuss the approach that we have taken to bring security to the right levels to ensure we protect our customer’s assets. It starts with a “secure by design” approach that is integrated into our extreme agile practices across the multiple layers of our technology stack.

We leverage a natively securely architecture for our platform infrastructure. Cloud Foundry provides us with unprecedented capabilities in providing some native security attributes and secure operational practices for all applications hosted. We leverage tools to continuously audit the infrastructure, supplementing the practices that the open source community do to secure and harden the platform.

We add another layer of continuous audit by integrating static and dynamic code analysis into our continuous integration pipelines. Cloud Foundry provides us with a platform that allows us to direct our assets and inspection to a well scoped threat area for hosted apps. In addition, it provides us with the ability to consistently and reliably do security related analysis, and enables us to confidently deploy to production knowing that our risk profiles do not change across environment.

Our approach of “secure by design” and “continuous audit” across all layers, coupled with the capabilities that Cloud Foundry provides, allows us to confidently assure our customers that they are in good hands.

Speakers
avatar for David Brock

David Brock

Product Manager, Allstate Insurance Co.
David Brock is the Product Manager for the CompoZed platform at Allstate. Over his many years at Allstate as a product manager, engineer and developer, he has gained in depth knowledge of mobile and platform architecture. David utilizes these skills to help accelerate development... Read More →
NG

Nathan Gibson

Senior Manager Application & Cloud Security, Allstate Insurance Co.
Nathan Gibson is an information security professional with over 15 years experience in the industry who loves continuous integration, inspection, and deployment environments. Nathan specializes in bringing information security concepts to continuous deployment software developmen... Read More →



Thursday June 15, 2017 4:10pm - 4:40pm
Grand Ballroom GH