SlideShare a Scribd company logo
1 of 26
Scaling Security in the Cloud
With Open Source
Cloud Village @ DEF CON 27
James Strassburg
Technical Fellow / Chief Software Architect
Direct Supply
Our Cloud Vision and Strategy
Immutable Servers
Infrastructure as Code
Automated Deployments
Secure by Default
Platform as a Service
No automation A few scripts
DevOps / Continuous
Delivery
EVIL
What happened?
How can we do
more with less?
“Secure, store and tightly control access to tokens, passwords,
certificates, encryption keys for protecting secrets and other
sensitive data using a UI, CLI, or HTTP API.”
● Static Secrets - Key/Value Secrets Engine
● Dynamic Secrets
○ Database Credentials - PostgreSQL Database Secrets Engine
○ AWS Access Keys - AWS Secrets Engine
● SSH One Time Password Secrets Engine
Our use cases...
Authentication
Key/Value Secrets Engine
PostgreSQL Database
Secrets Engine
AWS Secrets Engine
SSH One Time Password
Secrets Engine
Cloud Custodian
● Cloud configuration governance
● Automated checking and enforcement
● Policy as code
● Notifications
Cloud Custodian - Example Policy
Cloud Custodian - Notifications
Security Scanning Automation /
Dealing With Cattle
● Eliminate manual effort to update
scan configurations
● Group instances logically by owner
● Support custom scans based on
tags
Scanner Based
Scanning
Agent Based
Scanning
Secure by Default
What went not so well...
● Lots of work before Custodian deployed
● Teams started rolling their own sans modules
● Our integration with a cloud consultancy is preventing us
from taking advantage of some newer features
Resources
● https://carbon.now.sh/
● https://unsplash.com/
● https://www.vaultproject.io/
● https://cloudcustodian.io/
➢ code formatting
➢ images
➢ HashiCorp Vault
➢ Cloud Custodian
james.strassburg@directsupply.com
@jstrassburg

More Related Content

What's hot

Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud eraCloudVillage
 
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
Your Blacklist is Dead: Why the Future of Command and Control is the CloudYour Blacklist is Dead: Why the Future of Command and Control is the Cloud
Your Blacklist is Dead: Why the Future of Command and Control is the CloudCloudVillage
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPNetskope
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application securityJohn Varghese
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesLacework
 
How Serverless Computing Enables Microservices and Micropayment 
How Serverless Computing Enables Microservices and Micropayment  How Serverless Computing Enables Microservices and Micropayment 
How Serverless Computing Enables Microservices and Micropayment  Amazon Web Services
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudCloudVillage
 
AWS Enterprise Summit Netherlands - AWS IoT
AWS Enterprise Summit Netherlands - AWS IoTAWS Enterprise Summit Netherlands - AWS IoT
AWS Enterprise Summit Netherlands - AWS IoTAmazon Web Services
 
Policy as code what helm developers need to know about security
Policy as code  what helm developers need to know about securityPolicy as code  what helm developers need to know about security
Policy as code what helm developers need to know about securityLibbySchulze
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)Amazon Web Services
 
Grabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceGrabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceJP Bourget
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Jay Zarfoss
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big DataAmazon Web Services
 

What's hot (20)

Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud era
 
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
Your Blacklist is Dead: Why the Future of Command and Control is the CloudYour Blacklist is Dead: Why the Future of Command and Control is the Cloud
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
 
Defcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCPDefcon 27 - Exploiting IAM in GCP
Defcon 27 - Exploiting IAM in GCP
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
 
How Serverless Computing Enables Microservices and Micropayment 
How Serverless Computing Enables Microservices and Micropayment  How Serverless Computing Enables Microservices and Micropayment 
How Serverless Computing Enables Microservices and Micropayment 
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory Enterprise
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the Cloud
 
AWS Enterprise Summit Netherlands - AWS IoT
AWS Enterprise Summit Netherlands - AWS IoTAWS Enterprise Summit Netherlands - AWS IoT
AWS Enterprise Summit Netherlands - AWS IoT
 
Policy as code what helm developers need to know about security
Policy as code  what helm developers need to know about securityPolicy as code  what helm developers need to know about security
Policy as code what helm developers need to know about security
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
AWS re:Invent 2016: Cyber Resiliency – surviving the breach (SAC321)
 
Grabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceGrabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/Rackspace
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data(SEC326) Security Science Using Big Data
(SEC326) Security Science Using Big Data
 

Similar to Scaling Security in the Cloud With Open Source

Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance   wwps pre-day sao paolo - markry1. aws security and compliance   wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler Data Tech
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Building Scalable Data Ingestion
Building Scalable Data Ingestion Building Scalable Data Ingestion
Building Scalable Data Ingestion Michael Pearce
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?AWS Germany
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland  - Introducing Well-Architected for DevelopersAWS Summit Auckland  - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAmazon Web Services
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 

Similar to Scaling Security in the Cloud With Open Source (20)

Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance   wwps pre-day sao paolo - markry1. aws security and compliance   wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCP
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Building Scalable Data Ingestion
Building Scalable Data Ingestion Building Scalable Data Ingestion
Building Scalable Data Ingestion
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland  - Introducing Well-Architected for DevelopersAWS Summit Auckland  - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for Developers
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_Sentinel
 

Recently uploaded

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Scaling Security in the Cloud With Open Source

Editor's Notes

  1. Since 1985, Direct Supply has been committed to enhancing the lives of seniors and those who care for them. We help Senior Living providers create amazing environments, improve care and outcomes, optimize building operations, streamline procurement and more.
  2. -method=AWS for IAM auth
  3. Note the filters and actions, taking a less-heavy handed approach where we can
  4. We’re using Custodian for lots more including deregistering old AMI’s, whitelisting AWS services, and adding a security group for patching to running ec2 instances… which leads me to...
  5. All driven by tags on the scanner and the instances pyTenable
  6. Tenable agent is baked into our base Linux/Windows cookbooks/images Automation is, again, driven by tags. The relevant tags are included in a tagging module
  7. When given a new technology, developers will first look for examples to copy. We tried to ensure the first things they found were correct.
  8. AWS Organizations, control tower