.png)
Kalman Tiboldi - CTO & Founder at GemOne-TVH - Simplify or Die: Why Complexity Is the Real IT Challenge
Netherlands Jun 19, 2025 Invitation Only Physical dutch
Leading with data and AI: Strategies for digital succes in 2025. Op 19 juni in de 3D Makers Zone in Haarlem.
Read More.png)
Spain Jun 19, 2025 Country Members Physical spanish
En la noche previa al solsticio de verano, CIONET convoca a los líderes digitales más reconocidos de Cataluña a recibir el verano juntos, en un encuentro único y exclusivo con momentos muy especiales.
Read More
Netherlands Jun 24, 2025 All Members Virtual dutch
Online Tech & Trends update
Read More
Belgium Jun 24, 2025 Country Members Physical english
Cloud computing was hailed as the game-changing solution to modern business challenges—transforming how organisations operate, scale, and innovate. But as the technology matures, it’s time to take a step back and ask: Has cloud truly lived up to the hype, or are we overlooking its deeper complexities and hidden costs?In this critical reflection, we’ll revisit the core promises of cloud—such as enabling product-oriented organisations, facilitating End-to-End accountability, managing vast data volumes, and mitigating obsolescence. But we’ll also challenge the narrative: Are companies really freeing themselves to focus on innovation, or are they becoming dependent on cloud providers in ways that could limit future flexibility? How does the cloud reshape operating models, and are we prepared for the long-term consequences of handing over infrastructure control?
Read More
Germany Jun 24, 2025 Country Members Physical german
Unter dem Titel Empower People – Die neue Ära der digitalen Workforce findet die sechste Edition von CIO Perspectives am 24. Juni 2025 in Frankfurt statt. Im Mittelpunkt steht, wie die digitale Transformation die Arbeitswelt verändert. Lernen Sie, wie Führungskräfte neue Formen der Zusammenarbeit entwickeln, Mitarbeitende stärken und eine Unternehmenskultur fördern können, die Innovation und Wachstum unterstützt. Freuen Sie sich auf inspirierende Vorträge, praxisnahe Einblicke und den Austausch mit führenden Experten. Seien Sie dabei und gestalten Sie die Zukunft der Arbeit aktiv mit!
Read More
Italy Jun 26, 2025 Country Members Physical italian
E' un evento imperdibile dedicato al confronto tra protagonisti di primo piano nei mondi della tecnologia, del business, della scienza e dell’intrattenimento. Si susseguiranno dialoghi, approfondimenti e incontri su due palchi interconnessi, accompagnati da spazi di coworking, installazioni immersive e un’area expo pensata per stimolare connessioni e scambi di idee.
Read More
How Atlassian Enforces Best Practices in Its Cloud Infrastructure
How Atlassian Enforces Best Practices in Its Cloud Infrastructure
INTRODUCTION
This is an updated version of an October 2019 post from the ATLASSIAN Community – How Atlassian enforces Best Practices in its Cloud Infrastructure. Link to original blog post.
The majority of Atlassian’s business runs on Amazon Web Services (AWS). Due to the large scale of our infrastructure, we allow for teams to manage their own changes without a centralised review. Atlassian operates on a “trust, but verify” model: We promote a set of best practices and guidelines for teams to follow and we then check that these best practices are being implemented. Where the target is missed, we help the team readjust.
The most widely known example are S3 buckets that are publicly available and can be accessed by anyone. Countless companies have been caught off guard by accidentally putting confidential information in public buckets. It has prompted Amazon to offer additional safeguards in the form of bucket-level overrides to deny any sort of public object, acknowledging the severity of this problem.
At Atlassian, we have added a new tool to our vulnerability management belt so we can assist teams in following the best practices we have established: Trend Micro Cloud One™ – Conformity which specialises in continuously scanning the configuration of cloud infrastructure.
While they offer support for multiple cloud providers as well as checks for all five pillars of the well-architected framework, we use the tool for its “Security” checks for AWS.
ADOPTION
Nearly all of our AWS accounts are being scanned on an hourly basis and the results are reported to the security team. To enable our developers to move fast and remove security as a gatekeeper we didn’t stop there, though. Instead, we integrated Cloud One - Conformity with our vulnerability pipeline which files Jira tickets for any findings we discover through these scans. Our developers live and breathe Jira day in, day out, so surfacing this information here is much more natural for them than having to look for these findings in some third party tool or needing security as an intermediary.
Anyone who has ever tried to deploy a security scanner inside an organisation knows that they are never set-and-forget. Instead, they require fine-tuning to ensure they only produce meaningful results. Every enterprise environment is different and particularly at scale, edge cases exist that scanners would not anticipate. For example, our internal PaaS enforces a set of best practices that have been developed in collaboration with the security team. Some of the configurations that come out of this are secure in this context, but the scanner will still report on them because they generally wouldn’t be. As a result, we spent some time refining the set of rules we care about.
In our first iteration, we decided to focus on our highest severity AWS accounts. These accounts hold our customers' data or manage our infrastructure, for example our CI/CD. In addition, we narrowed down the initial set of rules to those we consider high severity. We then spent some time working closely with those teams that own these important AWS accounts to ensure all findings provide a meaningful security benefit. Based on this feedback, we adjusted the configuration of our rules to fit right into our organisation. Only for this subset of accounts & rules are we creating Jira tickets, as we have verified the quality of these findings.
The next iteration has already started and is expanding out the scope of accounts having Jira tickets created as well as including more rules that are being reviewed. Eventually, all our AWS accounts will be under our security SLA and every check will have been reviewed and configured to the specifics of our environment.
We also continue working closely with the Conformity team, who are responsive to our feedback and quickly fix any bugs we discover in their product. They are great at including our feature requests in their roadmap and always keep us informed on when work is starting on anything we care about. This way, we keep increasing the value their service provides to us which directly translates into an ever increasing security posture.
When the security researcher “benmap” presented at DEF CON 27 recently, the community learned just how vulnerable public EBS volumes can leave a company, reminding everyone that not just S3 buckets can be made public and contain sensitive information. Naturally, we investigated our own environment for such public volumes. Since Conformity was already actively scanning all of our accounts, we were able to perform a fast investigation that gave a complete picture of all public volumes and we could quickly confirm that none of them contained any sensitive information. In addition, we will be alerted to any future volumes that are being made public and can ensure we are not exposing any sensitive information through them.
As a helpful side-effect these scans provide a forcing function for teams to go into their own environments and clean up any stale resources left over from development experiments. Atlassian enables our developers to iterate quickly, try out new features and innovate on our services. As a security team, we are responsible for making sure that these experiments happen within a suitable environment and in a way that don’t put customer data at risk. Part of this responsibility is making sure that unused resources are being cleaned up and Conformity helps us achieve this. We notify developers about resources with insecure configurations and sometimes developers realise they do not need those resources anymore and delete them.
With a tool like Trend Micro Cloud One - Conformity in our arsenal, we now have ongoing assurance that our cloud infrastructure is in a good and secure state.
We go beyond just vulnerabilities and use it to actually enforce best practices, which ensures our cloud security posture is best of breed.
Kalman Tiboldi - CTO & Founder at GemOne-TVH - Simplify or Die: Why Complexity Is the Real IT Challenge
.png)
Isabelle Droll - CIO for Airline, Corporate, Hotels & Resorts and Sustainability at TUI - Data, Diversity, and Destinations
.png)
Sharon Prior - CIO in transition - How Great Tech Leadership Begins with Business Thinking
-1.jpg)
José Antonio López, Group CIO at TOUS - Jewels, Data & AI: Inside the Digital Transformation of TOUS
.png)
Tom Tanghe - General Manager ITC EMEA at Daikin Europe - Reinventing the CIO Role
.jpg)
CIOFEST 2025 - From Order Taker to Proactive Disruptor
This high-energy panel event explored how artificial intelligence is transforming enterprise strategy, operations, and culture. Industry leaders from AstraZeneca, Orange Business, Strategy and Soho House shared how they are reimagining their organisations to stay competitive in the AI era.
The evolution of AI is comparable to that of IT, but it’s happening much faster. As with IT in its early days, AI is becoming deeply embedded in almost every business function. Amara’s Law also applies here: we tend to overestimate AI’s short-term effects and underestimate its long-term impact. This makes it essential to embed AI across your company in a structured way.
This report provides a comprehensive overview of the event's insights and reflections from industry leaders, along with actionable takeaways for IT professionals aspiring to reach leadership positions.
.png?width=600&height=600&name=Anna%20Kopp%20(1).png)
