We'll describe our experience in extending our security program, both nontechnical and technical, to IaaS cloud solutions, particularly to Amazon Web Services and, to some extent, GCP. We'll cover our central IT cloud IaaS strategy as well as how to manage the proliferation of this activity outside of central IT. Topics will include our challenges, solutions, lessons learned, and how risk is driving decisions on where to spend scarce resources to improve our IaaS cloud-security posture.

Outcomes: Learn how to adapt your on-premises security program to an IaaS solution like AWS * Examine a risk-based approach to managing the proliferation of IaaS outside of central IT * Explore methods of implementing some technical and nontechnical security controls within an IaaS environment