Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Modern Security Pain Points with Application Modernization - With Jermaine Edwards

Companies are preparing to modernize many business-to-consumer, business-to-business, and business-to-employee apps to the cloud in support of their digital transformation.

As a result, what are apps modernization security problems to account for during Design and DevSecOps?

This session will present security pain points with app modernization concerning confidentiality, integrity, and availability with a few real examples.

Presented by Jermaine Edwards, Distinguished Engineer, CTO at IBM

  • Be the first to comment

  • Be the first to like this

Modern Security Pain Points with Application Modernization - With Jermaine Edwards

  1. 1. By Jermaine Edwards Modern Security Pain Points with App Modernization 1
  2. 2. 2 Jermaine Edwards IBM Distinguished Engineer, Global Move/Build CTO - Cloud Application Services www.linkedin.com/in/jermaine-edwards
  3. 3. 3 What we’ll discuss today... ▸ Confidentiality, Integrity, Availability (CIA) Security Model ▸ Modern User and Service Authentication ▸ Application Security by Example Presentation recording
  4. 4. 4 Confidentiality, Integrity, Availability (CIA) Security Model Our “Stretching” Exercise
  5. 5. 5 Confidentiality, Integrity, Availability (CIA) Security Model Confidentiality Privacy Data Confidentiality/Encryption Authentication Authorization Integrity Information Integrity Security related event recording Availability Information Availability System Availability
  6. 6. 6 Confidentiality, Integrity, Availability (CIA) Cloud Lessons Learned Confidentiality 1. Project / Application GDPR Compliance 2. Application Trust Model / Microservice-to-Microservice security 3. Health end-point security 4. Application credentials / secret management 5. Certificate Management
  7. 7. 7 Confidentiality, Integrity, Availability (CIA) Cloud Lessons Learned Integrity 1. Single Page Application Security (e.g. CORS) 2. Security Information Event Management 3. Log retention
  8. 8. 8 Confidentiality, Integrity, Availability (CIA) Cloud Lessons Learned Availability 1. Distributed Denial of Service (DDoS) protection 2. Circuit Breakers
  9. 9. 9 Modern User and Service Authentication
  10. 10. 10 End-User Authentication Basic Authentication Form Based SAML OAuth2 OpenID Connect (OIDC) NOTE: There are other authentications methods such as NTLM, SPNEGO, Certificate based, etc.
  11. 11. 11 Service Authentication IP Whitelisting Custom Header Basic Authentication Mutual SSL/TLS OAuth2 OpenID Connect (OIDC) Secure Production Identity Framework for Everyone (SPIFFE)
  12. 12. 12 Application Security by Example
  13. 13. 13 Application Security by Example
  14. 14. 14 Application Security by Example
  15. 15. 15 What we discussed today... ▸ Discussed Confidentiality, Integrity, Availability (CIA) Security Model ▸ Highlighted Modern User and Service Authentication ▸ Performed Application Security by Example
  16. 16. Join the Konveyor Community www.konveyor.io Chat with us on Slack
  17. 17. 17 References ▸ "CIA: Confidentiality, Integrity and Availability”: https://medium.com/bugbountywriteup/cia-confidentiality-integrity-and-availability- d2f567a0f123 ▸ "CIA Triad”: https://resources.infosecinstitute.com/cia-triad/#gref ▸ “Application Security Lab”: https://developer.ibm.com/openlabs/openshift
  18. 18. Thank you! 18 Jermaine Edwards IBM Distinguished Engineer, Global Move/Build CTO - Cloud Application Services jedward2@us.ibm.com Linkedin: www.linkedin.com/in/jermaine-edwards

×