Karl Ots
Head of Cloud Security at EPAM | Author of Azure Security Handbook | RD & MVP
Zürich, Switzerland
Karl Ots is a cloud and cybersecurity expert, as well as international speaker and trainer, with a broad range of deep Azure expertise. He believes that secure cloud technologies are the key to successful digital transformation. He applies his passion as Head of Cloud Security at EPAM Systems.
Karl has been working with Microsoft Azure since 2011 in a variety of forums ranging from large projects to speaking at largest tech conferences, such as Microsoft Ignite. Karl is a Microsoft Certified Trainer (MCT) and a Certified Information Systems Security Professional (CISSP). He is the author of Azure Security Handbook.
Awards
Area of Expertise
Topics
Master the unknown: protect yourself against zero-day cloud vulnerabilities
Congratulations, you've achieved a high level of cloud security maturity and now know how to protect yourself against misconfigurations and manage the ever-present security drift.
But how do you protect against what’s truly unknown, such as Microsoft’s Azure cloud OMIGOD and Amazon Web Service’s SuperGlue vulnerabilities affecting the cloud service provider itself? This is your next challenge in cloud security.
In this session, you will learn through real-life examples about how to assess and protect yourself against cloud service provider vulnerabilities. Specifically, I will walk through 3 distinct examples of recent cloud provider vulnerabilities.
I will provide the audience the tools and mindset on how to evaluate future cloud provider vulnerabilities and rapidly protect yourself against them.
Top public cloud security fails and how to avoid them
Based on hands-on experiences from a large number of cloud application development projects, Karl has compiled a list of top 5 key security pitfalls that are common across all application types and team sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Top pitfalls of Microsoft Azure security and how to avoid them
Did you know that contrary to popular belief, the most common cloud security threats are not outside attacks, but rather misconfigurations? To fully secure public cloud platforms, we need to understand them deeply. This requires both upskilling existing information security office with cloud expertise and shifting the way security responsibilities are spread across the organization.
I have assessed the security hundreds of solutions built on the Microsoft Azure cloud and found that there are some key security pitfalls that are common across all industry verticals and company sizes. In this session, I will share what these security pitfalls are, why do they matter and how to mitigate them.
Cloud security predictions for the post-pandemic world
Cloud computing is perhaps the largest information technology megatrend of this decade. Furthermore, the global disruptions of the COVID-19 pandemic proved that the hyperscale cloud providers can answer the most unpredictable demand thrown at them.
As demonstrated with the Solorigate supply-chain attacks, taming the beast of cloud security with traditional methods can seem overwhelming. The answer is what I like to call cloud native security.
Based on real-life experiences from implementing cloud security programs in some of the largest enterprises in the world, I will present my top cloud security predictions that make sense for the current cybersecurity climate, your business and your developers.
Lessons learned from enterprise cloud security programs
In the on-premises world, cybersecurity risks were limited to your organization’s network perimeter. In the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding rise of DevOps methodology, security is now the responsibility of everyone who are part of the application development lifecycle, not just security specialists. In this session, I will present my findings on methods and processes to build the cloud security framework that make sense for both your business and your developers. The session is based on real-life experiences from implementing cloud security programs in some of the largest enterprises in the world.
India Cloud Security Summit , 2021
TechDays Finland 2018
Navigating in the sea of containers in Azure: when to choose which service and why?
TechDays Sweden 2017
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
TechDays Netherlands 2017
Building globally scalable media solutions with Azure Media Services