SlideShare a Scribd company logo

Managing your robot army with SecDevOps 2.0

Download as PPTX, PDF
Josh Bregman
Josh Bregman

This is the talk that I gave at InfoSec Europe - DevOps Connect on June 4, 2015. It lays out Continuous Secrets Delivery and our open source project - summon.

Technology
1 of 17
SecDevOps 2.0 - Managing Your Robot Army (A.K.A Securing your Cattle from Rustlers) Josh Bregman Vice President/Evangelist @kingoauth
Elizabeth Lawler - CEO/Founder Conjur, Inc. Elizabeth Lawler is CEO and Co-founder of Conjur, Inc., a security company which focuses on security for next generation infrastructure. Lawler has over 20 years of experience working in highly regulated and sensitive data environments. Prior to founding Conjur, she was Chief Data Officer of Generation Health and held a leadership position in research at the Department of Veterans Affairs. She has been a programmer herself, and is constantly working to make software development and IT systems easier to manage for people working in regulated industries. Elizabeth’s RSA Presentation “Is DevOps Breaking your Company?” is still available on line
Josh Bregman - “Enterprise Guy”/Evangelist Josh has 20 years experience successfully architecting, evangelizing, and delivering innovative identity management and security products to customers. Prior to joining Conjur , Josh spent a decade as a solutions and pre-sales leader in the Oracle ecosystem. A developer at heart, early in his career Josh worked as a software engineer at IBM, GTE Labs, and Netegrity. He has 2 U.S. patents and received a B.A. in Math from the University of Rochester in 1995. Elizabeth’s RSA Presentation “Is DevOps Breaking your Company?” is still available on line
My Hiring Process at Conjur - Pets vs. Cattle ◁ Conjur is in a “hot” space - just out of stealth ◁ Team dynamic is SUPER important ◁ Project Based Interview “We secure cattle. Put together some go-to market materials”
Securing Cattle from Rustlers – Step 1 ● Maintain Good Records of the Cattle that You Own
Securing Cattle from Rustlers – Step 6 ● Keep an eye out for suspicious activity
Securing Cattle from Rustlers – Step 2 ● Make sure all of your cattle have their tags and/or have been branded with the brand of your farm or ranch
Securing Cattle from Rustlers – Step 4 ● Ensure the proper location of your handling facilities or loading areas meet farm bio- security measures
My Hiring Process at Conjur - Pets vs. Cattle - cont “...actually Josh, Pets vs. Cattle is a common meme in DevOps” ◁ Got some more guidance from Elizabeth When you treat your servers like Cattle, this introduces a number of security challenges...
SecDevOps 1.0: Current State of Evolution ◆ Source Control ◆ Automated Build and Test ◆ Configuration Management ◆ Orchestration ◆ Software-Defined Networking ◆ Monitoring
SecDevOps 1.0 - Challenges ◁ Lack of Visibility ⊃ Compliance Challenges ◁ Wrong Tool for the Job ⊃ Production Only-Workflows ⊃ Human Bottlenecks ⊃ Conflation of Concerns ◁ Configuration Management as DIY Security System
What is SecDevOps 2.0? Security Orchestration System RBAC for people, machines and code | Self Auditing |Fully programmable with fine granularity | Highly available across any cloud, hybrid and global architecture |End to end encryption DevOps Enabled EnterpriseUsers
Process Environment SecDevOps 2.0 - Reference Architecture Security Orchestration System DevOps Toolchain Process Environment .secrets Summon Summon Driver SCM/CM/CI Host Factory Secrets Storage S D F “Host” - xxx Service to Service Access SSH Access Policy Users
SecDevOps 2.0 - Continuous Secrets Delivery Policy Summon/ .secrets Host Factory High Availability Tools ● 5 step process based on years of delivering secrets management solutions to highly regulated industries ● Skipping steps will result in issues down the road and cause disruption and delay ● DIY projects that start with tools and then try to work backward are extremely difficult
SECRETS SOURCE (Vault, Keywhiz, AWS IAM…) SUMMON PROCESS ENVIRONMENT DOCKER CONTAINE R Summon uses a pluggable secrets provider to load secrets into the environment of an application, service or container. Introducing Cauldron Summon
Get Involved in Summon ● Summon is coming soon ○ Sign up to be notified when it’s ready! ○ If you’re doing DIY or even using another open source project, you can build a driver - spread the word! ● Try to adopt the Continuous Secrets Delivery approach ○ If you think it’s no good, let’s hash it out - join the discussion ● Get Connected ○ Follow us on Twitter (@conjurinc) and LinkedIn
@ConjurInc www.conjur.net Thank you!

Recommended

Roles and Responsibilities of a DevOps Engineer
Roles and Responsibilities of a DevOps EngineerRoles and Responsibilities of a DevOps Engineer
Roles and Responsibilities of a DevOps EngineerZaranTech LLC
 
Scaling Your DevOps with Chef (December 15th 2016)
Scaling Your DevOps with Chef (December 15th 2016)Scaling Your DevOps with Chef (December 15th 2016)
Scaling Your DevOps with Chef (December 15th 2016)Anthony Hodson
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsSeaLights
 
How to implement DevOps in your Organization
How to implement DevOps in your OrganizationHow to implement DevOps in your Organization
How to implement DevOps in your OrganizationDalibor Blazevic
 
DevOps 2020: How Enterprise Strategy has Matured
DevOps 2020: How Enterprise Strategy has MaturedDevOps 2020: How Enterprise Strategy has Matured
DevOps 2020: How Enterprise Strategy has MaturedEnterprise Management Associates
 
Dev ops != Dev+Ops
Dev ops != Dev+OpsDev ops != Dev+Ops
Dev ops != Dev+OpsShalu Ahuja
 
QA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsQA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsTatyana Kravtsov
 
DevOps Foundation
DevOps FoundationDevOps Foundation
DevOps FoundationHomepree Rloy
 

Recommended

Roles and Responsibilities of a DevOps Engineer
Roles and Responsibilities of a DevOps EngineerRoles and Responsibilities of a DevOps Engineer
Roles and Responsibilities of a DevOps EngineerZaranTech LLC
 
Scaling Your DevOps with Chef (December 15th 2016)
Scaling Your DevOps with Chef (December 15th 2016)Scaling Your DevOps with Chef (December 15th 2016)
Scaling Your DevOps with Chef (December 15th 2016)Anthony Hodson
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsSeaLights
 
How to implement DevOps in your Organization
How to implement DevOps in your OrganizationHow to implement DevOps in your Organization
How to implement DevOps in your OrganizationDalibor Blazevic
 
DevOps 2020: How Enterprise Strategy has Matured
DevOps 2020: How Enterprise Strategy has MaturedDevOps 2020: How Enterprise Strategy has Matured
DevOps 2020: How Enterprise Strategy has MaturedEnterprise Management Associates
 
Dev ops != Dev+Ops
Dev ops != Dev+OpsDev ops != Dev+Ops
Dev ops != Dev+OpsShalu Ahuja
 
QA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsQA in DevOps: Transformation thru Automation via Jenkins
QA in DevOps: Transformation thru Automation via JenkinsTatyana Kravtsov
 
DevOps Foundation
DevOps FoundationDevOps Foundation
DevOps FoundationHomepree Rloy
 
Introducing DevOps, IT Sharing Session 20 Nov 2017
Introducing DevOps, IT Sharing Session 20 Nov 2017Introducing DevOps, IT Sharing Session 20 Nov 2017
Introducing DevOps, IT Sharing Session 20 Nov 2017Danny Ariwicaksono
 
DevOps for absolute beginners
DevOps for absolute beginnersDevOps for absolute beginners
DevOps for absolute beginnersAhmed Misbah
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in PracticeDerek Chen
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallPeter Marshall
 
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Simplilearn
 
CI/CT/CD and Role of Quality Engineering
CI/CT/CD and Role of Quality EngineeringCI/CT/CD and Role of Quality Engineering
CI/CT/CD and Role of Quality EngineeringSushma
 
DevOps - Overview - One of the Top Trends in IT Industry
DevOps - Overview - One of the Top Trends in IT IndustryDevOps - Overview - One of the Top Trends in IT Industry
DevOps - Overview - One of the Top Trends in IT IndustryRahul Tilloo
 
Dev ops
Dev opsDev ops
Dev opsGourav Varma
 
Patterns and Practices of a Successful DevOps Transformation
Patterns and Practices of a Successful DevOps TransformationPatterns and Practices of a Successful DevOps Transformation
Patterns and Practices of a Successful DevOps TransformationChef
 
What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar ITSM Academy, Inc.
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps SurveySonatype
 
DevOps presentation
DevOps presentationDevOps presentation
DevOps presentationAxsh Co. LTD
 
Continuous testing for devops
Continuous testing for devopsContinuous testing for devops
Continuous testing for devopsSubrahmaniam S.R.V
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOpsAdithya Krishnakant
 
A True Story of Why QA Loves DevOps
A True Story of Why QA Loves DevOpsA True Story of Why QA Loves DevOps
A True Story of Why QA Loves DevOpsIBM UrbanCode Products
 
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.ioSoftware Guru
 
DevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsDevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsCA Technologies
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterpriseSanjeev Sharma
 
Leading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleLeading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleIBM UrbanCode Products
 
The Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryThe Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryPerforce
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 

More Related Content

What's hot

Introducing DevOps, IT Sharing Session 20 Nov 2017
Introducing DevOps, IT Sharing Session 20 Nov 2017Introducing DevOps, IT Sharing Session 20 Nov 2017
Introducing DevOps, IT Sharing Session 20 Nov 2017Danny Ariwicaksono
 
DevOps for absolute beginners
DevOps for absolute beginnersDevOps for absolute beginners
DevOps for absolute beginnersAhmed Misbah
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in PracticeDerek Chen
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallPeter Marshall
 
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Simplilearn
 
CI/CT/CD and Role of Quality Engineering
CI/CT/CD and Role of Quality EngineeringCI/CT/CD and Role of Quality Engineering
CI/CT/CD and Role of Quality EngineeringSushma
 
DevOps - Overview - One of the Top Trends in IT Industry
DevOps - Overview - One of the Top Trends in IT IndustryDevOps - Overview - One of the Top Trends in IT Industry
DevOps - Overview - One of the Top Trends in IT IndustryRahul Tilloo
 
Patterns and Practices of a Successful DevOps Transformation
Patterns and Practices of a Successful DevOps TransformationPatterns and Practices of a Successful DevOps Transformation
Patterns and Practices of a Successful DevOps TransformationChef
 
What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar ITSM Academy, Inc.
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps SurveySonatype
 
DevOps presentation
DevOps presentationDevOps presentation
DevOps presentationAxsh Co. LTD
 
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.ioSoftware Guru
 
DevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsDevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsCA Technologies
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterpriseSanjeev Sharma
 
Leading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleLeading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleIBM UrbanCode Products
 
The Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryThe Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryPerforce
 

What's hot (20)

Introducing DevOps, IT Sharing Session 20 Nov 2017
Introducing DevOps, IT Sharing Session 20 Nov 2017Introducing DevOps, IT Sharing Session 20 Nov 2017
Introducing DevOps, IT Sharing Session 20 Nov 2017
 
DevOps for absolute beginners
DevOps for absolute beginnersDevOps for absolute beginners
DevOps for absolute beginners
 
DevOps in Practice
DevOps in PracticeDevOps in Practice
DevOps in Practice
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hall
 
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
 
CI/CT/CD and Role of Quality Engineering
CI/CT/CD and Role of Quality EngineeringCI/CT/CD and Role of Quality Engineering
CI/CT/CD and Role of Quality Engineering
 
DevOps - Overview - One of the Top Trends in IT Industry
DevOps - Overview - One of the Top Trends in IT IndustryDevOps - Overview - One of the Top Trends in IT Industry
DevOps - Overview - One of the Top Trends in IT Industry
 
Dev ops
Dev opsDev ops
Dev ops
 
Patterns and Practices of a Successful DevOps Transformation
Patterns and Practices of a Successful DevOps TransformationPatterns and Practices of a Successful DevOps Transformation
Patterns and Practices of a Successful DevOps Transformation
 
What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar What is DevOps? - ITSM Academy Webinar
What is DevOps? - ITSM Academy Webinar
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps Survey
 
DevOps presentation
DevOps presentationDevOps presentation
DevOps presentation
 
Continuous testing for devops
Continuous testing for devopsContinuous testing for devops
Continuous testing for devops
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOps
 
A True Story of Why QA Loves DevOps
A True Story of Why QA Loves DevOpsA True Story of Why QA Loves DevOps
A True Story of Why QA Loves DevOps
 
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
¿Qué es DevOps y por qué es importante en el Ciclo de Software? por michelada.io
 
DevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
DevOps Patterns Distilled: Implementing The Needed Practices In Practical StepsDevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
DevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
 
Leading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at ScaleLeading the Transformation: Applying DevOps and Agile Principles at Scale
Leading the Transformation: Applying DevOps and Agile Principles at Scale
 
The Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous DeliveryThe Challenges & Pitfalls of Database Continuous Delivery
The Challenges & Pitfalls of Database Continuous Delivery
 

Similar to Managing your robot army with SecDevOps 2.0

Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration SecurityDevOps.com
 
Security as Code
Security as CodeSecurity as Code
Security as CodeEd Bellis
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseJames Wickett
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_programShannon Lietz
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012Nick Galbreath
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Shannon Williams
 
DevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn GandhiDevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn GandhiTriNimbus
 

Similar to Managing your robot army with SecDevOps 2.0 (20)

Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security
 
Security as Code
Security as CodeSecurity as Code
Security as Code
 
Product Security
Product SecurityProduct Security
Product Security
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
DevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn GandhiDevOps in the Amazon Warehouse - Shawn Gandhi
DevOps in the Amazon Warehouse - Shawn Gandhi
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Managing your robot army with SecDevOps 2.0

  • 1. SecDevOps 2.0 - Managing Your Robot Army (A.K.A Securing your Cattle from Rustlers) Josh Bregman Vice President/Evangelist @kingoauth
  • 2. Elizabeth Lawler - CEO/Founder Conjur, Inc. Elizabeth Lawler is CEO and Co-founder of Conjur, Inc., a security company which focuses on security for next generation infrastructure. Lawler has over 20 years of experience working in highly regulated and sensitive data environments. Prior to founding Conjur, she was Chief Data Officer of Generation Health and held a leadership position in research at the Department of Veterans Affairs. She has been a programmer herself, and is constantly working to make software development and IT systems easier to manage for people working in regulated industries. Elizabeth’s RSA Presentation “Is DevOps Breaking your Company?” is still available on line
  • 3. Josh Bregman - “Enterprise Guy”/Evangelist Josh has 20 years experience successfully architecting, evangelizing, and delivering innovative identity management and security products to customers. Prior to joining Conjur , Josh spent a decade as a solutions and pre-sales leader in the Oracle ecosystem. A developer at heart, early in his career Josh worked as a software engineer at IBM, GTE Labs, and Netegrity. He has 2 U.S. patents and received a B.A. in Math from the University of Rochester in 1995. Elizabeth’s RSA Presentation “Is DevOps Breaking your Company?” is still available on line
  • 4. My Hiring Process at Conjur - Pets vs. Cattle ◁ Conjur is in a “hot” space - just out of stealth ◁ Team dynamic is SUPER important ◁ Project Based Interview “We secure cattle. Put together some go-to market materials”
  • 5. Securing Cattle from Rustlers – Step 1 ● Maintain Good Records of the Cattle that You Own
  • 6. Securing Cattle from Rustlers – Step 6 ● Keep an eye out for suspicious activity
  • 7. Securing Cattle from Rustlers – Step 2 ● Make sure all of your cattle have their tags and/or have been branded with the brand of your farm or ranch
  • 8. Securing Cattle from Rustlers – Step 4 ● Ensure the proper location of your handling facilities or loading areas meet farm bio- security measures
  • 9. My Hiring Process at Conjur - Pets vs. Cattle - cont “...actually Josh, Pets vs. Cattle is a common meme in DevOps” ◁ Got some more guidance from Elizabeth When you treat your servers like Cattle, this introduces a number of security challenges...
  • 10. SecDevOps 1.0: Current State of Evolution ◆ Source Control ◆ Automated Build and Test ◆ Configuration Management ◆ Orchestration ◆ Software-Defined Networking ◆ Monitoring
  • 11. SecDevOps 1.0 - Challenges ◁ Lack of Visibility ⊃ Compliance Challenges ◁ Wrong Tool for the Job ⊃ Production Only-Workflows ⊃ Human Bottlenecks ⊃ Conflation of Concerns ◁ Configuration Management as DIY Security System
  • 12. What is SecDevOps 2.0? Security Orchestration System RBAC for people, machines and code | Self Auditing |Fully programmable with fine granularity | Highly available across any cloud, hybrid and global architecture |End to end encryption DevOps Enabled EnterpriseUsers
  • 13. Process Environment SecDevOps 2.0 - Reference Architecture Security Orchestration System DevOps Toolchain Process Environment .secrets Summon Summon Driver SCM/CM/CI Host Factory Secrets Storage S D F “Host” - xxx Service to Service Access SSH Access Policy Users
  • 14. SecDevOps 2.0 - Continuous Secrets Delivery Policy Summon/ .secrets Host Factory High Availability Tools ● 5 step process based on years of delivering secrets management solutions to highly regulated industries ● Skipping steps will result in issues down the road and cause disruption and delay ● DIY projects that start with tools and then try to work backward are extremely difficult
  • 15. SECRETS SOURCE (Vault, Keywhiz, AWS IAM…) SUMMON PROCESS ENVIRONMENT DOCKER CONTAINE R Summon uses a pluggable secrets provider to load secrets into the environment of an application, service or container. Introducing Cauldron Summon
  • 16. Get Involved in Summon ● Summon is coming soon ○ Sign up to be notified when it’s ready! ○ If you’re doing DIY or even using another open source project, you can build a driver - spread the word! ● Try to adopt the Continuous Secrets Delivery approach ○ If you think it’s no good, let’s hash it out - join the discussion ● Get Connected ○ Follow us on Twitter (@conjurinc) and LinkedIn