-2.png)
Kalman Tiboldi - CTO & Founder at GemOne-TVH - Simplify or Die: Why Complexity Is the Real IT Challenge
Italy Sep 25, 2025 Invitation Only Physical italian
Nel percorso verso l’AI e la trasformazione digitale, dati e automazione sono gli elementi centrali di ogni strategia tecnologica. Ma senza una governance chiara, rischiano di diventare non solo fonte di inefficienza, ma anche di rischi e incoerenza. Come garantire che i dati siano completi, accessibili e affidabili? Come automatizzare le operation IT e i processi aziendali mantenendo controllo, compliance e sicurezza? Durante questa roundtable esclusiva, organizzata da CIONET Italia e IBM, affronteremo: La governance come abilitatore di dati affidabili e automazione sicura. Come prepararsi a un’adozione dell’AI realmente scalabile. Il ruolo di controllo, resilienza e gestione del rischio nell’innovazione.
Read More
Belgium Oct 16, 2025 Invitation Only Physical english
AI isn’t just another tool. It changes how we work, how we think, how we organise ourselves.Yet most organisations still approach it like a digital upgrade, deploying assistants, automating workflows, testing use cases inisolation.The results are predictable. Short-term wins. Long-term confusion.Effort spent. Value unclear.Many companies can’t connect AI to their actual strategic goals,and the promised ROI never materialises.At the same time, something deeper is shifting.AI can now reason, decide, adapt. Not just mimic processes butcontribute to them.The technology is evolving, but the way we implement it hasn’tcaught up.If your AI still fits inside a single department, you’re likely solvingthe wrong problem.If it works only for individuals, you're missing how your teamsactually deliver value.If it replaces people instead of supporting them, you're buildingfor today, not tomorrow.The next step isn’t more AI. It’s the right AI.Built for your business, your teams, your way of working.Not a tool to add but a structure to build around.Are we ready to treat AI as a shared capability, not a scatteredexperiment?Can we move beyond individual efficiency and build systems thatcollaborate, learn and adapt with us?Those are the questions we’ll explore at the round table.
Read More
Germany Oct 28, 2025 Country Members Physical german
Am 28. Oktober lädt CIONET CIOs und Digital Leaders nach Köln ein: hier stellen wir reale Anwendungsfälle vor, in denen KI-Agenten Aufgaben autonom übernehmen, Prozesse beschleunigen und Entscheidungen vorbereiten – mit messbarem Nutzen für das Business.
Read More
France Nov 4, 2025 Country Members Physical french
À l’ère des mutations géopolitiques et réglementaires, l’établissement d’une souveraineté numérique est devenu un élément stratégique essentiel pour les entreprises. Ce dialogue stratégique mettra en lumière le rôle fondamental du réseau dans la mise en place du contrôle, de la confiance et de la résilience. Nous explorerons comment une infrastructure moderne et résiliente permet d’appliquer des politiques de gestion des données et d’assurer la continuité opérationnelle. Ce dialogue stratégique, réservé à un groupe restreint de pairs, est conçu pour permettre aux leaders du numérique d’échanger sur l’un des enjeux les plus urgents aujourd’hui. Nous discuterons des réseaux « sovereign-ready » et débattrons des préoccupations croissantes autour de la souveraineté des données, qui motivent l’adoption de politiques de confidentialité et de protection des données de plus en plus strictes à l’échelle mondiale.
Read More
Netherlands Nov 10, 2025 Public Physical english
CIONET Nederland vertrekt met een groep Nederlandse CIO's en digital leaders 10 t/m 12 november 2025 voor de geheel verzorgde CIO Innovation Trip naar de Web Summit in Lissabon, Portugal. Reis jij mee of neem je collega(s) mee!
Read More
How Atlassian Enforces Best Practices in Its Cloud Infrastructure
How Atlassian Enforces Best Practices in Its Cloud Infrastructure
INTRODUCTION
This is an updated version of an October 2019 post from the ATLASSIAN Community – How Atlassian enforces Best Practices in its Cloud Infrastructure. Link to original blog post.
The majority of Atlassian’s business runs on Amazon Web Services (AWS). Due to the large scale of our infrastructure, we allow for teams to manage their own changes without a centralised review. Atlassian operates on a “trust, but verify” model: We promote a set of best practices and guidelines for teams to follow and we then check that these best practices are being implemented. Where the target is missed, we help the team readjust.
The most widely known example are S3 buckets that are publicly available and can be accessed by anyone. Countless companies have been caught off guard by accidentally putting confidential information in public buckets. It has prompted Amazon to offer additional safeguards in the form of bucket-level overrides to deny any sort of public object, acknowledging the severity of this problem.
At Atlassian, we have added a new tool to our vulnerability management belt so we can assist teams in following the best practices we have established: Trend Micro Cloud One™ – Conformity which specialises in continuously scanning the configuration of cloud infrastructure.
While they offer support for multiple cloud providers as well as checks for all five pillars of the well-architected framework, we use the tool for its “Security” checks for AWS.
ADOPTION
Nearly all of our AWS accounts are being scanned on an hourly basis and the results are reported to the security team. To enable our developers to move fast and remove security as a gatekeeper we didn’t stop there, though. Instead, we integrated Cloud One - Conformity with our vulnerability pipeline which files Jira tickets for any findings we discover through these scans. Our developers live and breathe Jira day in, day out, so surfacing this information here is much more natural for them than having to look for these findings in some third party tool or needing security as an intermediary.
Anyone who has ever tried to deploy a security scanner inside an organisation knows that they are never set-and-forget. Instead, they require fine-tuning to ensure they only produce meaningful results. Every enterprise environment is different and particularly at scale, edge cases exist that scanners would not anticipate. For example, our internal PaaS enforces a set of best practices that have been developed in collaboration with the security team. Some of the configurations that come out of this are secure in this context, but the scanner will still report on them because they generally wouldn’t be. As a result, we spent some time refining the set of rules we care about.
In our first iteration, we decided to focus on our highest severity AWS accounts. These accounts hold our customers' data or manage our infrastructure, for example our CI/CD. In addition, we narrowed down the initial set of rules to those we consider high severity. We then spent some time working closely with those teams that own these important AWS accounts to ensure all findings provide a meaningful security benefit. Based on this feedback, we adjusted the configuration of our rules to fit right into our organisation. Only for this subset of accounts & rules are we creating Jira tickets, as we have verified the quality of these findings.
The next iteration has already started and is expanding out the scope of accounts having Jira tickets created as well as including more rules that are being reviewed. Eventually, all our AWS accounts will be under our security SLA and every check will have been reviewed and configured to the specifics of our environment.
We also continue working closely with the Conformity team, who are responsive to our feedback and quickly fix any bugs we discover in their product. They are great at including our feature requests in their roadmap and always keep us informed on when work is starting on anything we care about. This way, we keep increasing the value their service provides to us which directly translates into an ever increasing security posture.
When the security researcher “benmap” presented at DEF CON 27 recently, the community learned just how vulnerable public EBS volumes can leave a company, reminding everyone that not just S3 buckets can be made public and contain sensitive information. Naturally, we investigated our own environment for such public volumes. Since Conformity was already actively scanning all of our accounts, we were able to perform a fast investigation that gave a complete picture of all public volumes and we could quickly confirm that none of them contained any sensitive information. In addition, we will be alerted to any future volumes that are being made public and can ensure we are not exposing any sensitive information through them.
As a helpful side-effect these scans provide a forcing function for teams to go into their own environments and clean up any stale resources left over from development experiments. Atlassian enables our developers to iterate quickly, try out new features and innovate on our services. As a security team, we are responsible for making sure that these experiments happen within a suitable environment and in a way that don’t put customer data at risk. Part of this responsibility is making sure that unused resources are being cleaned up and Conformity helps us achieve this. We notify developers about resources with insecure configurations and sometimes developers realise they do not need those resources anymore and delete them.
With a tool like Trend Micro Cloud One - Conformity in our arsenal, we now have ongoing assurance that our cloud infrastructure is in a good and secure state.
We go beyond just vulnerabilities and use it to actually enforce best practices, which ensures our cloud security posture is best of breed.
Kalman Tiboldi - CTO & Founder at GemOne-TVH - Simplify or Die: Why Complexity Is the Real IT Challenge
.png)
Isabelle Droll - CIO for Airline, Corporate, Hotels & Resorts and Sustainability at TUI - Data, Diversity, and Destinations
.png)
Sharon Prior - CIO in transition - How Great Tech Leadership Begins with Business Thinking
-1.jpg)
José Antonio López, Group CIO at TOUS - Jewels, Data & AI: Inside the Digital Transformation of TOUS
.png)
Tom Tanghe - General Manager ITC EMEA at Daikin Europe - Reinventing the CIO Role
.jpg)
CIOFEST 2025 - From Order Taker to Proactive Disruptor
Geopolitical tensions have dominated the headlines for over two years now. In this context, the cyber threat landscape is also evolving rapidly. The protection and security of critical infrastructure – both physical and digital – is becoming increasingly important.
.png?width=600&height=600&name=Anna%20Kopp%20(1).png)
