Submit Search
Upload
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
•
0 likes
•
370 views
L
LibbySchulze
Follow
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
Read less
Read more
Internet
Report
Share
Report
Share
1 of 26
Download now
Download to read offline
Recommended
Amazon RDS Proxy 집중 탐구 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon RDS Proxy 집중 탐구 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon Web Services Korea
Open Policy Agent Deep Dive Seattle 2018
Open Policy Agent Deep Dive Seattle 2018
Torin Sandall
AWS 기반 Kubernetes 정복하기::정영준:: AWS Summit Seoul 2018
AWS 기반 Kubernetes 정복하기::정영준:: AWS Summit Seoul 2018
Amazon Web Services Korea
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
BESPIN GLOBAL
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
Amazon DocumentDB vs MongoDB 의 내부 아키텍쳐 와 장단점 비교
Amazon DocumentDB vs MongoDB 의 내부 아키텍쳐 와 장단점 비교
Amazon Web Services Korea
Opa gatekeeper
Opa gatekeeper
Rita Zhang
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes Istio
Araf Karsh Hamid
Recommended
Amazon RDS Proxy 집중 탐구 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon RDS Proxy 집중 탐구 - 윤석찬 :: AWS Unboxing 온라인 세미나
Amazon Web Services Korea
Open Policy Agent Deep Dive Seattle 2018
Open Policy Agent Deep Dive Seattle 2018
Torin Sandall
AWS 기반 Kubernetes 정복하기::정영준:: AWS Summit Seoul 2018
AWS 기반 Kubernetes 정복하기::정영준:: AWS Summit Seoul 2018
Amazon Web Services Korea
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
BESPIN GLOBAL
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
Amazon DocumentDB vs MongoDB 의 내부 아키텍쳐 와 장단점 비교
Amazon DocumentDB vs MongoDB 의 내부 아키텍쳐 와 장단점 비교
Amazon Web Services Korea
Opa gatekeeper
Opa gatekeeper
Rita Zhang
Containers Docker Kind Kubernetes Istio
Containers Docker Kind Kubernetes Istio
Araf Karsh Hamid
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
Amazon Web Services Korea
Cloud Native, Cloud First and Hybrid: How Different Organizations are Approac...
Cloud Native, Cloud First and Hybrid: How Different Organizations are Approac...
Amazon Web Services
Open Policy Agent
Open Policy Agent
Torin Sandall
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
AWS 에서 DevOps 시작하기 – 정영준, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS 에서 DevOps 시작하기 – 정영준, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
Amazon Web Services Korea
AWS Summit Seoul 2023 | AWS에서 최소한의 비용으로 구현하는 멀티리전 DR 자동화 구성
AWS Summit Seoul 2023 | AWS에서 최소한의 비용으로 구현하는 멀티리전 DR 자동화 구성
Amazon Web Services Korea
Azure Governance
Azure Governance
Benjamin Hüpeden
AWS Batch를 통한 손쉬운 일괄 처리 작업 관리하기 - 윤석찬 (AWS 테크에반젤리스트)
AWS Batch를 통한 손쉬운 일괄 처리 작업 관리하기 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
Amazon DynamoDB 키 디자인 패턴
Amazon DynamoDB 키 디자인 패턴
Amazon Web Services Korea
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Amazon Web Services Korea
AWS Summit Seoul 2023 | 100만명이 사용하는 GenerativeAI 이루다를 만들면서 배운 것 : 스캐터랩의 AWS 활용법
AWS Summit Seoul 2023 | 100만명이 사용하는 GenerativeAI 이루다를 만들면서 배운 것 : 스캐터랩의 AWS 활용법
Amazon Web Services Korea
롯데이커머스의 마이크로 서비스 아키텍처 진화와 비용 관점의 운영 노하우-나현길, 롯데이커머스 클라우드플랫폼 팀장::AWS 마이그레이션 A ...
롯데이커머스의 마이크로 서비스 아키텍처 진화와 비용 관점의 운영 노하우-나현길, 롯데이커머스 클라우드플랫폼 팀장::AWS 마이그레이션 A ...
Amazon Web Services Korea
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
Amazon Web Services Korea
Well Architected Framework - Data
Well Architected Framework - Data
Craig Milroy
AWS Summit Seoul 2023 | Amazon EKS 데이터 전송 비용 절감 및 카오스 엔지니어링 적용 사례
AWS Summit Seoul 2023 | Amazon EKS 데이터 전송 비용 절감 및 카오스 엔지니어링 적용 사례
Amazon Web Services Korea
Amazon OpenSearch Deep dive - 내부구조, 성능최적화 그리고 스케일링
Amazon OpenSearch Deep dive - 내부구조, 성능최적화 그리고 스케일링
Amazon Web Services Korea
AWS Summit Seoul 2023 | 천만 사용자를 위한 카카오의 AWS Native 글로벌 채팅 서비스
AWS Summit Seoul 2023 | 천만 사용자를 위한 카카오의 AWS Native 글로벌 채팅 서비스
Amazon Web Services Korea
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성
rockplace
AWS Fault Injection Simulator를 통한 실전 카오스 엔지니어링 - 윤석찬 AWS 수석 테크에반젤리스트 / 김신 SW엔...
AWS Fault Injection Simulator를 통한 실전 카오스 엔지니어링 - 윤석찬 AWS 수석 테크에반젤리스트 / 김신 SW엔...
Amazon Web Services Korea
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
Kal BO
More Related Content
What's hot
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
Amazon Web Services Korea
Cloud Native, Cloud First and Hybrid: How Different Organizations are Approac...
Cloud Native, Cloud First and Hybrid: How Different Organizations are Approac...
Amazon Web Services
Open Policy Agent
Open Policy Agent
Torin Sandall
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
AWS 에서 DevOps 시작하기 – 정영준, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS 에서 DevOps 시작하기 – 정영준, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
Amazon Web Services Korea
AWS Summit Seoul 2023 | AWS에서 최소한의 비용으로 구현하는 멀티리전 DR 자동화 구성
AWS Summit Seoul 2023 | AWS에서 최소한의 비용으로 구현하는 멀티리전 DR 자동화 구성
Amazon Web Services Korea
Azure Governance
Azure Governance
Benjamin Hüpeden
AWS Batch를 통한 손쉬운 일괄 처리 작업 관리하기 - 윤석찬 (AWS 테크에반젤리스트)
AWS Batch를 통한 손쉬운 일괄 처리 작업 관리하기 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
Amazon DynamoDB 키 디자인 패턴
Amazon DynamoDB 키 디자인 패턴
Amazon Web Services Korea
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Amazon Web Services Korea
AWS Summit Seoul 2023 | 100만명이 사용하는 GenerativeAI 이루다를 만들면서 배운 것 : 스캐터랩의 AWS 활용법
AWS Summit Seoul 2023 | 100만명이 사용하는 GenerativeAI 이루다를 만들면서 배운 것 : 스캐터랩의 AWS 활용법
Amazon Web Services Korea
롯데이커머스의 마이크로 서비스 아키텍처 진화와 비용 관점의 운영 노하우-나현길, 롯데이커머스 클라우드플랫폼 팀장::AWS 마이그레이션 A ...
롯데이커머스의 마이크로 서비스 아키텍처 진화와 비용 관점의 운영 노하우-나현길, 롯데이커머스 클라우드플랫폼 팀장::AWS 마이그레이션 A ...
Amazon Web Services Korea
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
Amazon Web Services Korea
Well Architected Framework - Data
Well Architected Framework - Data
Craig Milroy
AWS Summit Seoul 2023 | Amazon EKS 데이터 전송 비용 절감 및 카오스 엔지니어링 적용 사례
AWS Summit Seoul 2023 | Amazon EKS 데이터 전송 비용 절감 및 카오스 엔지니어링 적용 사례
Amazon Web Services Korea
Amazon OpenSearch Deep dive - 내부구조, 성능최적화 그리고 스케일링
Amazon OpenSearch Deep dive - 내부구조, 성능최적화 그리고 스케일링
Amazon Web Services Korea
AWS Summit Seoul 2023 | 천만 사용자를 위한 카카오의 AWS Native 글로벌 채팅 서비스
AWS Summit Seoul 2023 | 천만 사용자를 위한 카카오의 AWS Native 글로벌 채팅 서비스
Amazon Web Services Korea
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성
rockplace
AWS Fault Injection Simulator를 통한 실전 카오스 엔지니어링 - 윤석찬 AWS 수석 테크에반젤리스트 / 김신 SW엔...
AWS Fault Injection Simulator를 통한 실전 카오스 엔지니어링 - 윤석찬 AWS 수석 테크에반젤리스트 / 김신 SW엔...
Amazon Web Services Korea
What's hot
(20)
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
Cloud Native, Cloud First and Hybrid: How Different Organizations are Approac...
Cloud Native, Cloud First and Hybrid: How Different Organizations are Approac...
Open Policy Agent
Open Policy Agent
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
AWS 에서 DevOps 시작하기 – 정영준, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS 에서 DevOps 시작하기 – 정영준, AWS 솔루션즈 아키텍트:: AWS Builders Online Series
AWS Summit Seoul 2023 | AWS에서 최소한의 비용으로 구현하는 멀티리전 DR 자동화 구성
AWS Summit Seoul 2023 | AWS에서 최소한의 비용으로 구현하는 멀티리전 DR 자동화 구성
Azure Governance
Azure Governance
AWS Batch를 통한 손쉬운 일괄 처리 작업 관리하기 - 윤석찬 (AWS 테크에반젤리스트)
AWS Batch를 통한 손쉬운 일괄 처리 작업 관리하기 - 윤석찬 (AWS 테크에반젤리스트)
Amazon DynamoDB 키 디자인 패턴
Amazon DynamoDB 키 디자인 패턴
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
AWS Summit Seoul 2023 | 100만명이 사용하는 GenerativeAI 이루다를 만들면서 배운 것 : 스캐터랩의 AWS 활용법
AWS Summit Seoul 2023 | 100만명이 사용하는 GenerativeAI 이루다를 만들면서 배운 것 : 스캐터랩의 AWS 활용법
롯데이커머스의 마이크로 서비스 아키텍처 진화와 비용 관점의 운영 노하우-나현길, 롯데이커머스 클라우드플랫폼 팀장::AWS 마이그레이션 A ...
롯데이커머스의 마이크로 서비스 아키텍처 진화와 비용 관점의 운영 노하우-나현길, 롯데이커머스 클라우드플랫폼 팀장::AWS 마이그레이션 A ...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
Well Architected Framework - Data
Well Architected Framework - Data
AWS Summit Seoul 2023 | Amazon EKS 데이터 전송 비용 절감 및 카오스 엔지니어링 적용 사례
AWS Summit Seoul 2023 | Amazon EKS 데이터 전송 비용 절감 및 카오스 엔지니어링 적용 사례
Amazon OpenSearch Deep dive - 내부구조, 성능최적화 그리고 스케일링
Amazon OpenSearch Deep dive - 내부구조, 성능최적화 그리고 스케일링
AWS Summit Seoul 2023 | 천만 사용자를 위한 카카오의 AWS Native 글로벌 채팅 서비스
AWS Summit Seoul 2023 | 천만 사용자를 위한 카카오의 AWS Native 글로벌 채팅 서비스
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성
AWS Fault Injection Simulator를 통한 실전 카오스 엔지니어링 - 윤석찬 AWS 수석 테크에반젤리스트 / 김신 SW엔...
AWS Fault Injection Simulator를 통한 실전 카오스 엔지니어링 - 윤석찬 AWS 수석 테크에반젤리스트 / 김신 SW엔...
Similar to CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
Kal BO
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / Kubernetes
Paul Czarkowski
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
Monitoring and Securing Active Directory Government Webinar for the US Army
Monitoring and Securing Active Directory Government Webinar for the US Army
SolarWinds
Open Sourcing GemFire - Apache Geode
Open Sourcing GemFire - Apache Geode
Apache Geode
An Introduction to Apache Geode (incubating)
An Introduction to Apache Geode (incubating)
Anthony Baker
ArchivePod a legacy data solution when migrating to the #CLOUD
ArchivePod a legacy data solution when migrating to the #CLOUD
Garet Keller
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
Maria Colgan
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdf
Tony Pearson
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
DataStax
Veritas + MongoDB
Veritas + MongoDB
MongoDB
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Yusuf Hadiwinata Sutandar
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Canada
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Canada
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Canada
Should healthcare abandon the cloud final
Should healthcare abandon the cloud final
sapenov
01-Chapter 01-Introduction to CASB and Netskope.pptx
01-Chapter 01-Introduction to CASB and Netskope.pptx
ssuser4c54af
Similar to CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
(20)
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / Kubernetes
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
MongoDB World 2018: Managing a Mission Critical eCommerce Application on Mong...
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Monitoring and Securing Active Directory Government Webinar for the US Army
Monitoring and Securing Active Directory Government Webinar for the US Army
Open Sourcing GemFire - Apache Geode
Open Sourcing GemFire - Apache Geode
An Introduction to Apache Geode (incubating)
An Introduction to Apache Geode (incubating)
ArchivePod a legacy data solution when migrating to the #CLOUD
ArchivePod a legacy data solution when migrating to the #CLOUD
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdf
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Veritas + MongoDB
Veritas + MongoDB
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Should healthcare abandon the cloud final
Should healthcare abandon the cloud final
01-Chapter 01-Introduction to CASB and Netskope.pptx
01-Chapter 01-Introduction to CASB and Netskope.pptx
More from LibbySchulze
Running distributed tests with k6.pdf
Running distributed tests with k6.pdf
LibbySchulze
Extending Kubectl.pptx
Extending Kubectl.pptx
LibbySchulze
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
Fallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdf
LibbySchulze
Intro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdf
LibbySchulze
Enhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptx
LibbySchulze
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdf
LibbySchulze
Rancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptx
LibbySchulze
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
LibbySchulze
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
EnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdf
LibbySchulze
AirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdf
LibbySchulze
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
LibbySchulze
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
LibbySchulze
CNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdf
LibbySchulze
Securing Windows workloads.pdf
Securing Windows workloads.pdf
LibbySchulze
Securing Windows workloads.pdf
Securing Windows workloads.pdf
LibbySchulze
Advancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for Azure
LibbySchulze
Containerized IDEs.pdf
Containerized IDEs.pdf
LibbySchulze
More from LibbySchulze
(20)
Running distributed tests with k6.pdf
Running distributed tests with k6.pdf
Extending Kubectl.pptx
Extending Kubectl.pptx
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Fallacies in Platform Engineering.pdf
Fallacies in Platform Engineering.pdf
Intro to Fluvio.pptx.pdf
Intro to Fluvio.pptx.pdf
Enhance your Kafka Infrastructure with Fluvio.pptx
Enhance your Kafka Infrastructure with Fluvio.pptx
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdf
Rancher MasterClass - Avoiding-configuration-drift.pptx
Rancher MasterClass - Avoiding-configuration-drift.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
EnRoute-OPA-Integration.pdf
EnRoute-OPA-Integration.pdf
AirGap_zusammen_neu.pdf
AirGap_zusammen_neu.pdf
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
CNCF_ A step to step guide to platforming your delivery setup.pdf
CNCF_ A step to step guide to platforming your delivery setup.pdf
Securing Windows workloads.pdf
Securing Windows workloads.pdf
Securing Windows workloads.pdf
Securing Windows workloads.pdf
Advancements in Kubernetes Workload Identity for Azure
Advancements in Kubernetes Workload Identity for Azure
Containerized IDEs.pdf
Containerized IDEs.pdf
Recently uploaded
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
rnrncn29
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
ys8omjxb
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
eusebiomeyer
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
rnrncn29
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
editsforyah
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
miss dipika
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
Dyna Gilbert
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Sonam Pathan
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
494f574xmv
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
zdzoqco
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Sonam Pathan
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
Paul Calvano
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
LinaWolf1
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
Marko4394
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
z xss
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Recently uploaded
(17)
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
1.
Joey Lei Principal Product
Manager Kasten by Veeam Anders Eknert Developer Advocate Styra Data Protection Guardrails w/ Open Policy Agent (OPA)
2.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Joey Lei • Software Engineering and Product • Former Dell EMC Data Protection • Former Managed Services Portfolio Director Anders Eknert • Software Engineering and Advocacy • Long background in the identity space • Worked with OPA both as an end-user and maintainer About the Speakers Joey Anders
3.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. What is Policy? Policy as Code? Policy is a set of rules • Organizational rules • Permissions for app authorization • Kubernetes admission control • Infrastructure • Builds and deployment • Data filtering • Much more! Policy as Code Treating policy as code provides all the benefits of treating anything as code • Collaboration • Peer review • Testing • Static analysis, linters • No more PDF documents! Decoupling policy from application and business logic means policy can change independently of application life cycle. Policy may be shared across teams and functions. Clear separation of responsibilities.
4.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Open Policy Agent (OPA) Open Source General Purpose Policy Engine • As of February 2021, Graduated CNCF project • Unified toolset and framework for policy across the stack • Decouples policy from application logic • Separates policy decision from enforcement • Policies written in declarative language Rego
5.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Open Policy Agent — Community • 250+ contributors • 70+ integrations • “Used by” 800+ GitHub projects • 6600+ Github Stars • 5800+ Slack users • 130+ million downloads • Ecosystem including Conftest, Gatekeeper, VS Code and IntelliJ editor plugins.
6.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Open Policy Agent
7.
How Does it
Work? Policy Decision Model Rego
8.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. OPA — Policy Decision Model Linux PAM Service OPA Policy (Rego) Data (JSON) Request Policy Decision Policy Query Input can be ANY JSON value Output can be ANY JSON value
9.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. OPA — Rego • Rego — declarative high-level policy language • Allows you to describe policy across the cloud-native stack • Policy consists of any number of rules • Rules commonly return true/false but may return any type available in JSON, like strings, lists and objects • Policy testing made easy with provided unit test framework • Well documented! https://www.openpolicyagent.org/docs/latest • Try it out! https://play.openpolicyagent.org/
10.
Demo Policy Authoring with
Rego
11.
Data Protection Guardrails
with OPA
12.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Risk Management Meets Data Management Confidentiality aims to protect data from unauthorized access and misuse (confidentiality breach results in exploitation of customers) Integrity aims to protect data from alteration, preserving accuracy and completeness (integrity breach results in loss in trust, churn) Availability aims to enable timely access to data for authorized users when they need it (unavailability results in lost sales/revenue) Understanding C-I-A Helps Identify Opportunities for Minimizing Financial Impact
13.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. 81%1 of a popular Infrastructure as Code platform’s community provided modules fail to enable backup and recovery properly. Data Protection Policy Guardrails 1. Source: Bridgecrew by Prisma Cloud (PANW) Data Protection Resources (CRD’s) Role Based Access Control (RBAC) Grants API Access Policy Guardrails Policy as Code
14.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Create Branch Main Branch • Commit Prod IaC • Commit Data Protection IaC • Get Feedback • Data Protection Guardrails Enforcement Merge Branch Pull Request </> Data Protection Guardrails – GitOps Workflow
15.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Git as a source of truth • Best suited for app developers • Avoid misconfigurations in IaC • Deploy consistently every time Commit-time feedback • Check resources against policies in pull requests • Integrate into any CI/CD for instant developer feedback Data Protection Guardrails – GitOps CI Testing ✔ 3-2-1 Backup ✔ 7YR Retention ✔ Hourly RPO companygithub / prod-dp-spec / backup-policy.yaml apiVersion: policy.backup.io/v1alpha1 kind: Policy metadata: name: backup-policy spec: retention: years: [7] actions: - action: backup frequency: ‘@hourly' - action: backup-copy companygithub / prod-dp-spec / backup-target.yaml apiVersion: policy.backup.io/v1alpha1 kind: Profile metadata: name: backup-target namespace: mission-critical-app location: objectstore: #object-lock: true ❌ Immutability pseudocode
16.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Deploy-time feedback • Best suited for CloudOps or Data Protection Specialists • Instant feedback during deployment of apps/infra Data Protection Guardrails – Admission Control Admission Control Authorization Authentication K8s API Call kind: StatefulSet metadata: name: critical-app namespace: prod labels: dataprotection: gold-policy
17.
Recommended Policies
18.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Data Protection Policy Primer Context: • Security access policies mitigate risk of unauthorized access (enforces confidentiality) • Data protection and availability policies mitigate risk of data loss and service outages (enforces availability) A standard data protection policy defines: • The amount of acceptable data loss (Recovery Point Objective or RPO) • The amount of acceptable downtime (Recovery Time Objective or RTO)
19.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Recovery Objectives (RPO and RTO) Recovery Point Objective • Less than 24H for General Purpose • Less than 15 minutes or <= 1 hour for Mission Critical Target Resource Types: • Policy • Schedule • CronJob Recovery Time Objective • <= Less than 8-12 hours for General Purpose • <=Within 1-3 hours for Mission Critical Target Resource Types: • Action • Restore • Job apiVersion: backup.io/v1alpha1 kind: Policy metadata: name: backup-policy spec: retention: months: [3] actions: - action: backup schedule: ‘@hourly’ - action: backup-copy pseudocode allow { input.request.object.kind == "Policy" input.request.kind.group == "backup.io" has_backup_policy } has_backup_policy { spec := input.request.object.spec.actions some action in action.schedule == "@hourly" }
20.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Ransomware Protection Air Gap or Immutability • Sending backup data to storage targets configured with either S3 ”Object Lock” or ”Air Gap” Target Resource Types: • BackupTarget • PersistentVolumeClaim • Target • LocationProfile • Location apiVersion: backup.io/v1alpha1 kind: BackupTarget metadata: name: aws-west-2-target spec: cloudprovider: aws region: us-west-2 bucket-name: storage-bucket advanced: object-lock: true allow { spec := input.request.spec spec.cloudprovider == "aws" spec.advanced["object-lock"] == true } allow { spec := input.request.spec spec.cloudprovider == "aws" spec.advanced["air-gap"] == true }
21.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Retention Objectives Federal Information Security Management Act (FISMA): 3 Years National Energy Commission (NERC) – 3 to 6 Years Basel II Capital Accord – 3 to 7 Years Sarbanes-Oxley Act of 2002 (SOX) – 7 Years Health Insurance Portability and Accountability Act (HIPAA) - 6 Years National Industrial Security Program Operating Manual (NISPOM) – 6 to 12 Months Payment Card Industry Data Security Standard (PCI-DSS) – Variable Target Resource Types: • Policy • Schedule • CronJob apiVersion: backup.io/v1alpha1 kind: Policy metadata: name: backup-policy spec: retention: years: [7] actions: - action: backup schedule: ‘@daily’ - action: backup-copy OPA code here
22.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. 3-2-1 Backup The Rule of “3-2-1” • 3 Copies of Data • 2 Copies on Different Storage Mediums • 1 ”Offsite” (or in cloud) The Rule of “3-2-1-1-0” • 3 Copies of Data • 2 Copies on Different Storage Mediums • 1 ”Offsite” (or in cloud) • 1 Air Gapped or Immutable • 0 Recovery Verification Errors apiVersion: backup.io/v1alpha1 kind: Policy metadata: name: backup-policy spec: retention: years: [7] actions: - action: backup schedule: ‘@daily’ - action: backup-copy allow { input.request.object.kind == "Policy" spec := input.request.object.spec actions := [action | action := spec.actions[_].action ] "backup" in actions "backup-copy" in actions }
23.
© 2022 Kasten
by Veeam. All rights reserved. All trademarks are the property of their respective owners. Exfiltration Protection “Living off the Land” Attack • Use of the data protection “restore” functionality to exfiltrate data Whitelist Restore Destinations • Namespaces • BackupTargets • Clusters NOTE: Does not protect all ways to exfiltrate data! apiVersion: restore.io/v1alpha1 kind: RestoreJob metadata: name: restore-job spec: target: namespace: prod-copy actions: - action: restore schedule: ‘now’ OPA code here
24.
Demo Data Protection Policy
Guardrails in CI/CD
25.
Questions?
26.
Thank You
Download now