SlideShare a Scribd company logo
1 of 15
Download to read offline
Containers, Reuse and Security:
What’s in Your Wallet?
Mitch Engel
ACT40T
ACCELERATOR ZONE
Founder
BlueLantern.io
2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
© 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type
of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
For Informational Purposes Only
Terms of this Presentation
3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Abstract
Using containers to accelerate application development, but have security concerns?
Want to improve reuse ability and decrease your risks at the same time? Looking to
improve production application security?
In this session we’ll explore containers and their security concerns for both public and
private registries. We’ll discuss DevSecOps, examine the different vulnerability
techniques, where they fit into the development lifecycle and how binary scanning for
containers can improve your security profile, allow you to shift from reactive to proactive
detection and help increase your confidence level in production.
Mitchell
Engel
BlueLantern.io
Founder
4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Agenda
CONTAINERS AND SECURITY CONSIDERATIONS
SECURITY TECHNIQUES AND THEIR USAGE
EARLY ADOPTERS
DEVSECOPS – SECURITY INTERSECTS WITH DEVOPS
BLUELANTERN AND YOUR CONTAINERS
DISCUSSION – THOUGHTS AND FEEDBACK
1
2
3
4
5
6
5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Containers and Security Considerations
▪ What’s in a container
– Layer hierarchy - yours, mine and ours…
▪ A day in the life of a container
– Images, number of, dynamics, transiency, updates, etc.
▪ Is isolation a concern?
– Containers, VMs, segmentation, etc.
▪ What’s in those public and private repositories
Are they more or less secure?
6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Security Techniques and Their Usage
▪ Static techniques – left biased dev / test
– Code reviews, source analysis, composition
analysis, vulnerability assessment, signing,
configuration and access
▪ Run time – right biased test / stage / production
– Dynamic, Interactive, Runtime Application Self-protection
▪ Process and Governance
– Education, policy enforcement, threat modeling, automated
security, gates and acceptance, secrets, OS hardening
Tactics for Risk Mitigation
7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
DevSecOps – Security Intersects With DevOps
▪ Instilling security throughout the SDLC
– “That’s an Operations problem”
– “I wish those SecOps guys would
leave me alone”
▪ The right technique and when to use it
– There is no one size fits all
▪ Is proactive better than reactive?
– Treat exposures like a bug
Security Is Everyone’s Responsibility
8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
BlueLantern and Your Containers
▪ Proactive security
– Composition and configuration analysis
– Source-less vulnerability assessment (CVE / CWE detection)
– Tracking and auditing
– Risk profiling
– Shifted both left and right in the SDLC
▪ Intelligent run time
▪ Adapted in the context of containers
Deep Scanning
9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Discussion
▪ Primary security concerns with containers?
▪ Host your own container registries?
▪ Use other vendor registries?
▪ What does “official” or “certified” mean to you?
▪ Most effective strategy against exploits?
▪ Who in your organization is responsible for security?
Thoughts and Feedback
10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Experiences
Help evolve our approach to
security as containers
continue to gain widespread
growth and increasing
presence in production
environments.
Key Topics
Containers offer competitive
differentiation in the modern
software factory but speed
and agility exacerbate
security concerns.
Findings
Proactively addressing
published and unpublished
exposures early in the SDLC
is a powerful advantage as
part of a holistic security
strategy with containers.
Summary
A Few Words to Review
11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Check these out on SlideShare if you didn’t see
them live…
SESSION # TITLE DATE/TIME
DST38T
Shifting Security to the Left—Watch End-to-End
DevSecOps Solution in Action
11/15/2017 at 4:15 pm
DST50T How Components Increase Speed and Risk 11/15/2017 at 1:45 pm
ACT37T Docker and Microservice Jeopardy! 11/16/2017 at 11:30 am
12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Yipee.io
Visual Modeling For
Microservice Applications
CA Accelerator Zone
Must See Demos
BlueLantern.io
Securing Containers
Through Intelligent Scanning
CA Accelerator Zone
13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Questions?
14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
Stay connected at communities.ca.com
Thank you.
15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
CA Accelerator
For more information on CA Accelerator,
please visit: ca.com/accelerator

More Related Content

What's hot

DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018Adhitya Hartowo
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationNetworkCollaborators
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationNetworkCollaborators
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesMighty Guides, Inc.
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityMighty Guides, Inc.
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops   is that a question ?To dev secops or not to devsecops   is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
DevSecOps: Security With DevOps
DevSecOps: Security With DevOpsDevSecOps: Security With DevOps
DevSecOps: Security With DevOpsKnoldus Inc.
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
LVickrey_Resume_Leidos-REV03
LVickrey_Resume_Leidos-REV03LVickrey_Resume_Leidos-REV03
LVickrey_Resume_Leidos-REV03Len Vickrey
 
Innovating at speed and scale with implicit security
Innovating at speed and scale with implicit securityInnovating at speed and scale with implicit security
Innovating at speed and scale with implicit securityElasticsearch
 
security in development lifecycle
security in development lifecyclesecurity in development lifecycle
security in development lifecycleTelecomValley
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpskieranjacobsen
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...Elasticsearch
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy  Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy NetworkCollaborators
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIEROSécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIEROTelecomValley
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021Archana Joshi
 

What's hot (20)

DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
 
Surveillence Postcard
Surveillence PostcardSurveillence Postcard
Surveillence Postcard
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to Security
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops   is that a question ?To dev secops or not to devsecops   is that a question ?
To dev secops or not to devsecops is that a question ?
 
DevSecOps: Security With DevOps
DevSecOps: Security With DevOpsDevSecOps: Security With DevOps
DevSecOps: Security With DevOps
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
LVickrey_Resume_Leidos-REV03
LVickrey_Resume_Leidos-REV03LVickrey_Resume_Leidos-REV03
LVickrey_Resume_Leidos-REV03
 
Innovating at speed and scale with implicit security
Innovating at speed and scale with implicit securityInnovating at speed and scale with implicit security
Innovating at speed and scale with implicit security
 
security in development lifecycle
security in development lifecyclesecurity in development lifecycle
security in development lifecycle
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOps
 
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
 
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy  Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
 
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIEROSécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
 

Similar to Containers, Reuse and Security: What’s in Your Wallet?

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowAmien Harisen Rosyandino
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...Turja Narayan Chaudhuri
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Shannon Williams
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019Stefan Streichsbier
 
Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....Eturnti Consulting Pvt Ltd
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_programShannon Lietz
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 
pbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptxpbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptxJulie Tsai
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a  Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a  Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
 
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration SecurityDevOps.com
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...Turja Narayan Chaudhuri
 

Similar to Containers, Reuse and Security: What’s in Your Wallet? (20)

Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....Agile Relevance in the age of Continuous Everything ....
Agile Relevance in the age of Continuous Everything ....
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
pbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptxpbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptx
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a  Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a  Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
 
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
 

More from CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementCA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 

More from CA Technologies (20)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 

Recently uploaded

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 

Recently uploaded (20)

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 

Containers, Reuse and Security: What’s in Your Wallet?

  • 1. Containers, Reuse and Security: What’s in Your Wallet? Mitch Engel ACT40T ACCELERATOR ZONE Founder BlueLantern.io
  • 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
  • 3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract Using containers to accelerate application development, but have security concerns? Want to improve reuse ability and decrease your risks at the same time? Looking to improve production application security? In this session we’ll explore containers and their security concerns for both public and private registries. We’ll discuss DevSecOps, examine the different vulnerability techniques, where they fit into the development lifecycle and how binary scanning for containers can improve your security profile, allow you to shift from reactive to proactive detection and help increase your confidence level in production. Mitchell Engel BlueLantern.io Founder
  • 4. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda CONTAINERS AND SECURITY CONSIDERATIONS SECURITY TECHNIQUES AND THEIR USAGE EARLY ADOPTERS DEVSECOPS – SECURITY INTERSECTS WITH DEVOPS BLUELANTERN AND YOUR CONTAINERS DISCUSSION – THOUGHTS AND FEEDBACK 1 2 3 4 5 6
  • 5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Containers and Security Considerations ▪ What’s in a container – Layer hierarchy - yours, mine and ours… ▪ A day in the life of a container – Images, number of, dynamics, transiency, updates, etc. ▪ Is isolation a concern? – Containers, VMs, segmentation, etc. ▪ What’s in those public and private repositories Are they more or less secure?
  • 6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security Techniques and Their Usage ▪ Static techniques – left biased dev / test – Code reviews, source analysis, composition analysis, vulnerability assessment, signing, configuration and access ▪ Run time – right biased test / stage / production – Dynamic, Interactive, Runtime Application Self-protection ▪ Process and Governance – Education, policy enforcement, threat modeling, automated security, gates and acceptance, secrets, OS hardening Tactics for Risk Mitigation
  • 7. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps – Security Intersects With DevOps ▪ Instilling security throughout the SDLC – “That’s an Operations problem” – “I wish those SecOps guys would leave me alone” ▪ The right technique and when to use it – There is no one size fits all ▪ Is proactive better than reactive? – Treat exposures like a bug Security Is Everyone’s Responsibility
  • 8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS BlueLantern and Your Containers ▪ Proactive security – Composition and configuration analysis – Source-less vulnerability assessment (CVE / CWE detection) – Tracking and auditing – Risk profiling – Shifted both left and right in the SDLC ▪ Intelligent run time ▪ Adapted in the context of containers Deep Scanning
  • 9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Discussion ▪ Primary security concerns with containers? ▪ Host your own container registries? ▪ Use other vendor registries? ▪ What does “official” or “certified” mean to you? ▪ Most effective strategy against exploits? ▪ Who in your organization is responsible for security? Thoughts and Feedback
  • 10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Experiences Help evolve our approach to security as containers continue to gain widespread growth and increasing presence in production environments. Key Topics Containers offer competitive differentiation in the modern software factory but speed and agility exacerbate security concerns. Findings Proactively addressing published and unpublished exposures early in the SDLC is a powerful advantage as part of a holistic security strategy with containers. Summary A Few Words to Review
  • 11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Check these out on SlideShare if you didn’t see them live… SESSION # TITLE DATE/TIME DST38T Shifting Security to the Left—Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST50T How Components Increase Speed and Risk 11/15/2017 at 1:45 pm ACT37T Docker and Microservice Jeopardy! 11/16/2017 at 11:30 am
  • 12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Yipee.io Visual Modeling For Microservice Applications CA Accelerator Zone Must See Demos BlueLantern.io Securing Containers Through Intelligent Scanning CA Accelerator Zone
  • 13. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Questions?
  • 14. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
  • 15. 15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Accelerator For more information on CA Accelerator, please visit: ca.com/accelerator