Security has become one of the biggest concerns within organizations. With more companies moving towards distributed work, SaaS solutions, cloud and microservices-based architectures, the added complexity of managing multiple solutions, projects, and virtual appliances introduces more room for malicious visitors to exploit. In this session, we will educate technology managers and architects on how to create a security-focused culture and design secure Sitecore SaaS applications with checks and balances that keep the new generation solutions secure.

We will dispel the myth of a tradeoff between security and rigidity and provide a blueprint for creating flexible, scalable, yet secure SaaS solutions for the new composable world.

Attendees will understand how to design secure decoupled, disconnected, composable, solution in the cloud using Azure appliances. I will share the best practices and learnings from developing serverless distributed scalable applications. We will cover the full scope of security concerns, understand how to align IT and CISO and have both teams can work closely together in creating more secure SaaS infrastructure and as a result, a more secure web application and organization. Those unfamiliar with security concepts will get tactical knowledge for getting started, and those who are interested in hardening security will get the proven practical advice with tactics, design blue prints, and frameworks, that focus on removing 80% of the security issues with 20% of the effort in the new composable cloud-based world.

Topics covered -

1. A brief introduction to enterprise security - understanding the theory behind secure SaaS applications and how security can be achieved through the creating a security focused culture and a well-oiled security engine with technology teams working together.
2. Securing SaaS Solutions with DevSecOps - the rules and guides that deliver most security value per dollar spent
a. Solution Design and Implementation -
i. Secure network topology design in Azure
ii. Securing MACH-based implementations
iii. OWASP top 10, MITRE 25, team structures, peer reviews, threat modeling, OWASP Security Knowledge Framework
iv. Secure coding rules for Headless SaaS development;
v. Top 10 rules for developing secure APIs for middle layers in SaaS;
vi. Hardening Sitecore headless solutions
b. DevSecOps -
i. The nature of composable projects and complexity with multiple solutions
ii. Managing multiple composable solutions and projects built using different technologies
iii. Process and workflow optimization for multiple solutions; decoupled deployments of units of code
iv. Stability and consistency with Infrastructure as code,
v. End-to-end validation with the test pyramid
3. Putting it all together
a. Reference solution for a new Sitecore composable implementation
b. A pipeline blueprint for a modern SaaS solutions with serverless functions, containerization, and Vercel hosting