SlideShare a Scribd company logo

AWS TechConnect 2018 - Container Adoption

Download as PPTX, PDF
Alex Rhea
Alex Rhea

Cloudreach has built a framework for adopting containers within the enterprise. I shared our framework and perspective with the AWS TechConnect audience.

Technology
1 of 30
Enterprise Container Adoption AWS Techconnect 2018
Alex Rhea Cloud Enablement Leader @ Cloudreach - Have worked with organizations to build hyper-scale infrastructure - Driver of immutable infrastructure and automation over humans - Designed and implemented CaaS platforms for large enterprises - Creator and Maintainer of Harbor Master, a Docker Node.js SDK - Proud Hokie, Golf enthusiast, and Caps fan /alexandermrhea arhea_arheaalex.rhea@cloudreach.com
How do container change what we do and how we do it? Our Perspective
Containers at the core are an application packaging format. Yet containers require organizations rethink the way software is delivered, managed and secured. Cloudreach works with customers to efficiently and effectively adopt containers and gain better insight into their applications. 4
Right Tool Right Job Containers are a crowded market and it can be tough to identify the right tool for the right job. Identifying the tools and processes to successfully adopt containers can be difficult.
Data Container Platform Host Network Layers of Container Security Similar to traditional infrastructure, a layered security model is required to deploy containers successfully. Building a secure Containers as a Service platform requires securing the network, the host, the platform, the container, and the data.
One of the most important pieces to container adoption is managing image sprawl. When done correctly this allows organizations to patch applications faster than ever. It also shifts organizations from being reactive to proactive. 7
8 Base Image Management Base images should be centrally managed so that all applications can be patched. Docker Registry Vulnerability Scanning and Alerting Development of base images (Java, Node.js, etc.) Automated CI/CD to central registry Security + Platform Teams Application Teams Automated Reporting and Alerting Development teams build applications on top of base images Automated CI/CD to central registry Image automatically deployed to production Image Scanning
Awesome, all our applications and dependencies are in one place! But how do we ship code? 9
Delivering Secure Containers to Production A B C D i As enterprises ship more and more software it becomes increasingly difficult to manage production estates and even more difficult to maintain security.
We are now shipping code faster and more secure than ever, but who does what? Surrounding our container environments with a proper operating model is key to a successful platform. 11
12 Responsibility Container security starts with the responsibility model. Containers enable Infrastructure, Development, and Security teams to work together by creating clean partitions between responsibility. Docker Platform On-Premises Hardware Public Cloud Provider Application Development Teams Infrastructure Teams Application Application Application Application Security Team
Containers are best when they can be deployed in an ephemeral manner. That’s great, but my application needs persistent storage. How do I bring storage to my containers if I don’t know where my containers are running? 13
14 Managing Data Containers are ephemeral instances of the application therefore a persistence layer between the container and disk is needed to facilitate data storage. Where possible we always recommend leveraging platform services such as hosted databases, caches, and queues. Docker Daemon Instance Volume Driver Application Application Container requests a persistent disk. Docker or Kubernetes calls the Volume Driver plugin to provide a cloud native disk. The RexRay volume driver by Dell EMC Labs brokers API calls to mount a disk (EBS, EFS, Persistent Disk, or Unmanaged Disk) to the instance and mount that directly into the container.
Our containers are now running and storing data, but do we know how they are doing? Centralized container monitoring and logging is critical to a successful container deployment. 15
16 CVE Monitoring Application components (containers) should be scanned continually for CVEs and remediation. Networking Monitoring Analyze network traffic using Guarduty and Twistlock. Centralized Monitoring Data Centralize data so that data can be correlated Log Analysis Logs should continually analyzed for errors, PII, and performance concerns. Macie and Athena are great tools for doing this at scale. Centralized Logging Platform Logs streamed from containers to a central storage facility like Cloudwatch. Logging and Monitoring Centralized Monitoring and Logging Access to monitoring and logs is critical in an ephemeral environment.
I hear “containers are more secure.” But how does this work? Containers are a packaging format which allows us to lock down and monitor all aspects of the container toolchain and runtime. 17
Cloudreach has partnered with Twistlock to secure container based applications, networks, and pipelines. Twistlock is a turn key security solution for container vulnerability management, run time defense, and container firewalls. 18 +
TWISTLOCK | © 2018 19 Twistlock platform BUILD SHIP RUN Cloud Native Firewalling Runtime Defense Access Control Vulnerability Management Compliance
TWISTLOCK | © 2018 20 Automatically Prevent Attacks Whitelist based models for every application and traffic flow Cloud Native Layer 3 and Layer 7 Firewalls Fully automated model creation and enforcement – zero touch protection
TWISTLOCK | © 2018 21 Detect and Prevent Vulnerabilities Industry leading precision across images, containers, hosts, and serverless functions Automated prioritization of vulnerabilities based on your environment
TWISTLOCK | © 2018 22 Extend Compliance Into Cloud Native Environments One-click enforcement for CIS, PCI-DSS, HIPAA, GDPR , NIST SP800-190, and FISMA Real-time and trending dashboards and audit- ready reports
TWISTLOCK | © 2018 23 Deliver Devops Speed With CISO Control Native plugins and standalone scanner for integration into any CI/CD workflow “Shift-Left” quality gates and compliance / vulnerability thresholds
There are many steps along the way to successfully adopting containers. Containers are a critical piece to many cloud journeys. This all seems so easy, where do we get started? 24
25 Container Adoption Containers follow a very similar process to cloud adoption within the enterprise. We combine assessments and planning into Container Adoption which drives successful implementations. - Assess Application Container Readiness - Assess security, deployment, logging, and monitoring tooling - Assess high availability, disaster recovery, and backup requirements - Assess Licensing and COTs products estate and implications to containerizing Assess - Container as a Service High Level Design (HLD) - Kubernetes vs Swarm Selection Framework - Containerize vs Hosted Service Framework - Migration, Training, Security, and Operational Planning Plan Container Readiness Assessment Container Governance Model Assess Plan Build Automate Operate
26 Container Platforms At Scale Based on our assessment and planning phases we help organizations build highly available, scalable, and fault tolerant environments using code. Assess Plan Build Automate Operate - Using Terraform we build out the CaaS platform as code - Using Packer we build repeatable machine image creation processes based on enterprise policies and industry best practices - Integrate Active Directory, LDAP, or IAM to the CaaS platform (varies based on platform) - Integrate security tooling with the CaaS platform - Integrate monitoring and logging platforms with the CaaS platform - Deploy Development, Staging, and Production Platforms - Containerize and replatform the application for optimal performance and maintainability - Define applications as code using Docker Compose or Kubernetes tooling Build Containers as a Service Platform Containerized Applications Container Readiness Assessment Container Governance Model
27 Automating Infrastructure and Software Delivery Containers enable organizations to deliver software and infrastructure in a fully automated fashion. Assess Plan Build Automate Operate - Build a Jenkins pipeline to build, test, scan, and deploy containers based on enterprise, regulatory, and industry best practices - Integrate automated unit, integration, and UX testing to the CI/CD pipeline - Implement Blue/Green, Canary, or Rolling deployment strategy - Implement automated health checks and resolutions - Implement automated security checks for best practices and security standards to catch misconfigurations - Implement automated machine image rollout strategies to roll out new machine images with the latest patches after testing in lower environments - Implement a automated infrastructure deployment pipeline for rolling out new infrastructure Automate Automated Software Delivery Automated Infrastructure Delivery Containers as a Service Platform Containerized Applications Container Readiness Assessment Container Governance Model
28 Modern Application Management Cloudreach has always been a cloud first managed service provider. Assess Plan Build Automate Operate
If you would like access to this deck or would like to continue the conversation send me an email at alex.rhea@cloudreach.com 29
Thanks!

Recommended

Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Principled Technologies
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Alex Rhea
 
G07.2014 magic quadrant for enterprise file synchronization and sharing
G07.2014 magic quadrant for enterprise file synchronization and sharingG07.2014 magic quadrant for enterprise file synchronization and sharing
G07.2014 magic quadrant for enterprise file synchronization and sharingSatya Harish
 
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggPractical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggTrish McGinity, CCSK
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsNovell
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
Azure Hybid
Azure HybidAzure Hybid
Azure HybidThomas Treml
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas TechnologyUnnikrishnan P
 

Recommended

Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...
Make Kubernetes containers on Dell EMC PowerEdge R740xd servers easier to man...Principled Technologies
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Alex Rhea
 
G07.2014 magic quadrant for enterprise file synchronization and sharing
G07.2014 magic quadrant for enterprise file synchronization and sharingG07.2014 magic quadrant for enterprise file synchronization and sharing
G07.2014 magic quadrant for enterprise file synchronization and sharingSatya Harish
 
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggPractical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggTrish McGinity, CCSK
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsNovell
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
Azure Hybid
Azure HybidAzure Hybid
Azure HybidThomas Treml
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas TechnologyUnnikrishnan P
 
Raidundant Sky Technology - First Look 8/10/2011
Raidundant Sky Technology - First Look 8/10/2011Raidundant Sky Technology - First Look 8/10/2011
Raidundant Sky Technology - First Look 8/10/2011Murat Karslioglu
 
Evolution to the Hybrid Data Center
Evolution to the Hybrid Data CenterEvolution to the Hybrid Data Center
Evolution to the Hybrid Data CenterCisco Canada
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Transformace IT s technologiemi VMware
Transformace IT s technologiemi VMwareTransformace IT s technologiemi VMware
Transformace IT s technologiemi VMwareMarketingArrowECS_CZ
 
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize SuiteJürgen Ambrosi
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Cloud presentation for marketing purpose
Cloud presentation for marketing purposeCloud presentation for marketing purpose
Cloud presentation for marketing purposeAsif Anik
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Scott Carlson
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...Amazon Web Services
 
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data GuardRTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data GuardMarcel Pils
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
Get Ready for Cloud Testing
Get Ready for Cloud TestingGet Ready for Cloud Testing
Get Ready for Cloud TestingTechWell
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application DevelopmentSiva Rama Krishna Chunduru
 
Hyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the CloudHyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the Cloudbhgolden
 
Jelastic Cloud-in-the-Box on Top of IBM PureSystems
Jelastic Cloud-in-the-Box on Top of IBM PureSystemsJelastic Cloud-in-the-Box on Top of IBM PureSystems
Jelastic Cloud-in-the-Box on Top of IBM PureSystemsJelastic Multi-Cloud PaaS
 
Containers, From Development to Production
Containers, From Development to ProductionContainers, From Development to Production
Containers, From Development to Production2nd Watch
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 
IBM Cloud Paks - IBM Cloud
IBM Cloud Paks - IBM CloudIBM Cloud Paks - IBM Cloud
IBM Cloud Paks - IBM CloudAniaPaplaCardenal
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 

More Related Content

What's hot

Raidundant Sky Technology - First Look 8/10/2011
Raidundant Sky Technology - First Look 8/10/2011Raidundant Sky Technology - First Look 8/10/2011
Raidundant Sky Technology - First Look 8/10/2011Murat Karslioglu
 
Evolution to the Hybrid Data Center
Evolution to the Hybrid Data CenterEvolution to the Hybrid Data Center
Evolution to the Hybrid Data CenterCisco Canada
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Transformace IT s technologiemi VMware
Transformace IT s technologiemi VMwareTransformace IT s technologiemi VMware
Transformace IT s technologiemi VMwareMarketingArrowECS_CZ
 
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize SuiteJürgen Ambrosi
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Cloud presentation for marketing purpose
Cloud presentation for marketing purposeCloud presentation for marketing purpose
Cloud presentation for marketing purposeAsif Anik
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Scott Carlson
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...Amazon Web Services
 
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data GuardRTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data GuardMarcel Pils
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
Get Ready for Cloud Testing
Get Ready for Cloud TestingGet Ready for Cloud Testing
Get Ready for Cloud TestingTechWell
 
Hyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the CloudHyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the Cloudbhgolden
 
Jelastic Cloud-in-the-Box on Top of IBM PureSystems
Jelastic Cloud-in-the-Box on Top of IBM PureSystemsJelastic Cloud-in-the-Box on Top of IBM PureSystems
Jelastic Cloud-in-the-Box on Top of IBM PureSystemsJelastic Multi-Cloud PaaS
 
Containers, From Development to Production
Containers, From Development to ProductionContainers, From Development to Production
Containers, From Development to Production2nd Watch
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 

What's hot (20)

Raidundant Sky Technology - First Look 8/10/2011
Raidundant Sky Technology - First Look 8/10/2011Raidundant Sky Technology - First Look 8/10/2011
Raidundant Sky Technology - First Look 8/10/2011
 
Evolution to the Hybrid Data Center
Evolution to the Hybrid Data CenterEvolution to the Hybrid Data Center
Evolution to the Hybrid Data Center
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
Transformace IT s technologiemi VMware
Transformace IT s technologiemi VMwareTransformace IT s technologiemi VMware
Transformace IT s technologiemi VMware
 
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Cloud presentation for marketing purpose
Cloud presentation for marketing purposeCloud presentation for marketing purpose
Cloud presentation for marketing purpose
 
Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-External
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
 
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data GuardRTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
RTO < 15min for 1TB Oracle DB - Actifio replaces Oracle Data Guard
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Get Ready for Cloud Testing
Get Ready for Cloud TestingGet Ready for Cloud Testing
Get Ready for Cloud Testing
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
 
Hyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the CloudHyper Stratus Migrating Applications to the Cloud
Hyper Stratus Migrating Applications to the Cloud
 
Jelastic Cloud-in-the-Box on Top of IBM PureSystems
Jelastic Cloud-in-the-Box on Top of IBM PureSystemsJelastic Cloud-in-the-Box on Top of IBM PureSystems
Jelastic Cloud-in-the-Box on Top of IBM PureSystems
 
Containers, From Development to Production
Containers, From Development to ProductionContainers, From Development to Production
Containers, From Development to Production
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment Guide
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the Cloud
 

Similar to AWS TechConnect 2018 - Container Adoption

Why and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureWhy and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureStefan van Oirschot
 
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native JourneyFrom COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native JourneyFerhat Yildiz
 
Docker FedSummit 2017 - Journey to the Cloud with CaaS
Docker FedSummit 2017 - Journey to the Cloud with CaaSDocker FedSummit 2017 - Journey to the Cloud with CaaS
Docker FedSummit 2017 - Journey to the Cloud with CaaSAlex Rhea
 
IBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container PlatformIBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container PlatformMichael Elder
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandCisco IT
 
Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Steve Wilson
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014Amazon Web Services
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewCisco DevNet
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?DevOps.com
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 
Frictionless Application Development: Radically Change How You Secure and Mo...
Frictionless Application Development: Radically Change How You Secure and Mo...Frictionless Application Development: Radically Change How You Secure and Mo...
Frictionless Application Development: Radically Change How You Secure and Mo...DevOps.com
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the boxKangaroot
 
Enabling Business Agility with SUSE CaaS Platform
Enabling Business Agility with SUSE CaaS PlatformEnabling Business Agility with SUSE CaaS Platform
Enabling Business Agility with SUSE CaaS PlatformSUSE
 
Developing Hybrid Cloud Applications
Developing Hybrid Cloud ApplicationsDeveloping Hybrid Cloud Applications
Developing Hybrid Cloud ApplicationsDaniel Berg
 
Unlocking Opportunities on the Cloud Through Container Technology.pdf
Unlocking Opportunities on the Cloud Through Container Technology.pdfUnlocking Opportunities on the Cloud Through Container Technology.pdf
Unlocking Opportunities on the Cloud Through Container Technology.pdfSkillmine Technology Pvt Ltd
 

Similar to AWS TechConnect 2018 - Container Adoption (20)

IBM Cloud Paks - IBM Cloud
IBM Cloud Paks - IBM CloudIBM Cloud Paks - IBM Cloud
IBM Cloud Paks - IBM Cloud
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Why and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureWhy and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud future
 
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native JourneyFrom COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
From COBOL to Kubernetes: A 250 Year Old Bank's Cloud Native Journey
 
Docker FedSummit 2017 - Journey to the Cloud with CaaS
Docker FedSummit 2017 - Journey to the Cloud with CaaSDocker FedSummit 2017 - Journey to the Cloud with CaaS
Docker FedSummit 2017 - Journey to the Cloud with CaaS
 
IBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container PlatformIBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container Platform
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
 
Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Frictionless Application Development: Radically Change How You Secure and Mo...
Frictionless Application Development: Radically Change How You Secure and Mo...Frictionless Application Development: Radically Change How You Secure and Mo...
Frictionless Application Development: Radically Change How You Secure and Mo...
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
 
Enabling Business Agility with SUSE CaaS Platform
Enabling Business Agility with SUSE CaaS PlatformEnabling Business Agility with SUSE CaaS Platform
Enabling Business Agility with SUSE CaaS Platform
 
Developing Hybrid Cloud Applications
Developing Hybrid Cloud ApplicationsDeveloping Hybrid Cloud Applications
Developing Hybrid Cloud Applications
 
Unlocking Opportunities on the Cloud Through Container Technology.pdf
Unlocking Opportunities on the Cloud Through Container Technology.pdfUnlocking Opportunities on the Cloud Through Container Technology.pdf
Unlocking Opportunities on the Cloud Through Container Technology.pdf
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

AWS TechConnect 2018 - Container Adoption

  • 2. Alex Rhea Cloud Enablement Leader @ Cloudreach - Have worked with organizations to build hyper-scale infrastructure - Driver of immutable infrastructure and automation over humans - Designed and implemented CaaS platforms for large enterprises - Creator and Maintainer of Harbor Master, a Docker Node.js SDK - Proud Hokie, Golf enthusiast, and Caps fan /alexandermrhea arhea_arheaalex.rhea@cloudreach.com
  • 3. How do container change what we do and how we do it? Our Perspective
  • 4. Containers at the core are an application packaging format. Yet containers require organizations rethink the way software is delivered, managed and secured. Cloudreach works with customers to efficiently and effectively adopt containers and gain better insight into their applications. 4
  • 5. Right Tool Right Job Containers are a crowded market and it can be tough to identify the right tool for the right job. Identifying the tools and processes to successfully adopt containers can be difficult.
  • 6. Data Container Platform Host Network Layers of Container Security Similar to traditional infrastructure, a layered security model is required to deploy containers successfully. Building a secure Containers as a Service platform requires securing the network, the host, the platform, the container, and the data.
  • 7. One of the most important pieces to container adoption is managing image sprawl. When done correctly this allows organizations to patch applications faster than ever. It also shifts organizations from being reactive to proactive. 7
  • 8. 8 Base Image Management Base images should be centrally managed so that all applications can be patched. Docker Registry Vulnerability Scanning and Alerting Development of base images (Java, Node.js, etc.) Automated CI/CD to central registry Security + Platform Teams Application Teams Automated Reporting and Alerting Development teams build applications on top of base images Automated CI/CD to central registry Image automatically deployed to production Image Scanning
  • 9. Awesome, all our applications and dependencies are in one place! But how do we ship code? 9
  • 10. Delivering Secure Containers to Production A B C D i As enterprises ship more and more software it becomes increasingly difficult to manage production estates and even more difficult to maintain security.
  • 11. We are now shipping code faster and more secure than ever, but who does what? Surrounding our container environments with a proper operating model is key to a successful platform. 11
  • 12. 12 Responsibility Container security starts with the responsibility model. Containers enable Infrastructure, Development, and Security teams to work together by creating clean partitions between responsibility. Docker Platform On-Premises Hardware Public Cloud Provider Application Development Teams Infrastructure Teams Application Application Application Application Security Team
  • 13. Containers are best when they can be deployed in an ephemeral manner. That’s great, but my application needs persistent storage. How do I bring storage to my containers if I don’t know where my containers are running? 13
  • 14. 14 Managing Data Containers are ephemeral instances of the application therefore a persistence layer between the container and disk is needed to facilitate data storage. Where possible we always recommend leveraging platform services such as hosted databases, caches, and queues. Docker Daemon Instance Volume Driver Application Application Container requests a persistent disk. Docker or Kubernetes calls the Volume Driver plugin to provide a cloud native disk. The RexRay volume driver by Dell EMC Labs brokers API calls to mount a disk (EBS, EFS, Persistent Disk, or Unmanaged Disk) to the instance and mount that directly into the container.
  • 15. Our containers are now running and storing data, but do we know how they are doing? Centralized container monitoring and logging is critical to a successful container deployment. 15
  • 16. 16 CVE Monitoring Application components (containers) should be scanned continually for CVEs and remediation. Networking Monitoring Analyze network traffic using Guarduty and Twistlock. Centralized Monitoring Data Centralize data so that data can be correlated Log Analysis Logs should continually analyzed for errors, PII, and performance concerns. Macie and Athena are great tools for doing this at scale. Centralized Logging Platform Logs streamed from containers to a central storage facility like Cloudwatch. Logging and Monitoring Centralized Monitoring and Logging Access to monitoring and logs is critical in an ephemeral environment.
  • 17. I hear “containers are more secure.” But how does this work? Containers are a packaging format which allows us to lock down and monitor all aspects of the container toolchain and runtime. 17
  • 18. Cloudreach has partnered with Twistlock to secure container based applications, networks, and pipelines. Twistlock is a turn key security solution for container vulnerability management, run time defense, and container firewalls. 18 +
  • 19. TWISTLOCK | © 2018 19 Twistlock platform BUILD SHIP RUN Cloud Native Firewalling Runtime Defense Access Control Vulnerability Management Compliance
  • 20. TWISTLOCK | © 2018 20 Automatically Prevent Attacks Whitelist based models for every application and traffic flow Cloud Native Layer 3 and Layer 7 Firewalls Fully automated model creation and enforcement – zero touch protection
  • 21. TWISTLOCK | © 2018 21 Detect and Prevent Vulnerabilities Industry leading precision across images, containers, hosts, and serverless functions Automated prioritization of vulnerabilities based on your environment
  • 22. TWISTLOCK | © 2018 22 Extend Compliance Into Cloud Native Environments One-click enforcement for CIS, PCI-DSS, HIPAA, GDPR , NIST SP800-190, and FISMA Real-time and trending dashboards and audit- ready reports
  • 23. TWISTLOCK | © 2018 23 Deliver Devops Speed With CISO Control Native plugins and standalone scanner for integration into any CI/CD workflow “Shift-Left” quality gates and compliance / vulnerability thresholds
  • 24. There are many steps along the way to successfully adopting containers. Containers are a critical piece to many cloud journeys. This all seems so easy, where do we get started? 24
  • 25. 25 Container Adoption Containers follow a very similar process to cloud adoption within the enterprise. We combine assessments and planning into Container Adoption which drives successful implementations. - Assess Application Container Readiness - Assess security, deployment, logging, and monitoring tooling - Assess high availability, disaster recovery, and backup requirements - Assess Licensing and COTs products estate and implications to containerizing Assess - Container as a Service High Level Design (HLD) - Kubernetes vs Swarm Selection Framework - Containerize vs Hosted Service Framework - Migration, Training, Security, and Operational Planning Plan Container Readiness Assessment Container Governance Model Assess Plan Build Automate Operate
  • 26. 26 Container Platforms At Scale Based on our assessment and planning phases we help organizations build highly available, scalable, and fault tolerant environments using code. Assess Plan Build Automate Operate - Using Terraform we build out the CaaS platform as code - Using Packer we build repeatable machine image creation processes based on enterprise policies and industry best practices - Integrate Active Directory, LDAP, or IAM to the CaaS platform (varies based on platform) - Integrate security tooling with the CaaS platform - Integrate monitoring and logging platforms with the CaaS platform - Deploy Development, Staging, and Production Platforms - Containerize and replatform the application for optimal performance and maintainability - Define applications as code using Docker Compose or Kubernetes tooling Build Containers as a Service Platform Containerized Applications Container Readiness Assessment Container Governance Model
  • 27. 27 Automating Infrastructure and Software Delivery Containers enable organizations to deliver software and infrastructure in a fully automated fashion. Assess Plan Build Automate Operate - Build a Jenkins pipeline to build, test, scan, and deploy containers based on enterprise, regulatory, and industry best practices - Integrate automated unit, integration, and UX testing to the CI/CD pipeline - Implement Blue/Green, Canary, or Rolling deployment strategy - Implement automated health checks and resolutions - Implement automated security checks for best practices and security standards to catch misconfigurations - Implement automated machine image rollout strategies to roll out new machine images with the latest patches after testing in lower environments - Implement a automated infrastructure deployment pipeline for rolling out new infrastructure Automate Automated Software Delivery Automated Infrastructure Delivery Containers as a Service Platform Containerized Applications Container Readiness Assessment Container Governance Model
  • 28. 28 Modern Application Management Cloudreach has always been a cloud first managed service provider. Assess Plan Build Automate Operate
  • 29. If you would like access to this deck or would like to continue the conversation send me an email at alex.rhea@cloudreach.com 29

Editor's Notes

  1. We talked early about Twistlock being a full-lifecycle platform. Before we move into a product demo – I want to set the stage by sharing how our product capabilities map to the application delivery lifecycle. What we begin with is compliance and vulnerability management. During the build stage, Twistlock integrates with the DevOps toolchain to scan applications and detect vulnerabilities or compliance issues. We allow you to block or fail builds – preventing code with violations from reaching production. As applications are deployed – we continue to monitor the vulnerability and compliance posture – but also layer in our cloud native firewalls and threat protection / runtime defense capabilities. These are an automatically-deployed layer of protection that uses machine learning to create security models, and integration with orchestration platforms to dynamically enforce network security policy. Our integration across the full lifecycle allows us to provide stronger results at every stage within the lifecycle – whether it’s using knowledge of your production deployment to provide prioritization of vulnerabilities identified in registries, or using the scanning we do during the build process to automatically create the core of models to enforce at runtime.
  2. When you’re continousously deploying – you can’t rely on manual security processes. With Twistlock, we use machine learning and behavioral modeling to automatically create a profile of every application at every build. This whitelist based profile outlines known good behavior across processes, filestystem, network calls, and system calls – shifting you from a posture of keeping up with all known threats, to one of explicitaly allowing only known good actions. This whitelist-based approach strengthens your overall security – and because we automatically create these policies – no manual learning mode or user intervention required – you get stronger protection without sacrificing speed. Twistlock doesn’t just deliver application protection though. We’ve also built a layer 3 and layer 7 firewalls that are container aware and integrate seamlessly with dynamically orchestrated environments. Instead of being bound to static IP endpoints – the protection from these firewalls follows your applications – no matter how your environment shifts – again – without user intervention to make configuration changes.
  3. Twistlock delivers an industry leading precision. We curate over 30 distinct vulnerability feeds to deliver to customers the lowest possible false positive rate. When scanning for vulnerabilities – false positives create churn and make it harder to address risks in a timely fashion. That’s why we don’t ask our customers to accept a certain false positive rate – if Twistlock returns a false positive during vuln scanning – that’s a bug in the product. But even when removing false positives from the equation – it can be difficult to know what vulnerabilities need to be addressed first. That’s why Twistlock automatically generates a risk score for every detected CVE in your environment – a risk score based on the nature of the vulnerability, as well as how your applications are deployed and running. By tailoring this prioritization to your specific environment – teams can focus on remediation for the most important risks first.
  4. We mentioned earlier our authorship of the NIST SP on container security. The work done there is built into the platform. In less than a minute, you can apply the NIST recommendations to your environment or any portion of it – the same is true with FISMA, GDPR, PCI DSS and HIPAA. These templates are only a subset of Twistlock’s comprehensive compliance controls, with full support for the Docker and Kubernetes CIS benchmarks, and a centralized compliance dashboard that provides audit teams with a single pane of glass to inspect current and historical compliance across all elements of your cloud native environment.
  5. It’s our belief that security shouldn’t be an operational burden. Traditional security tools, and a lot of other container security solutions as well often require developers to step out of their toolchain to see the security posture of applications they’re building. With Twistlock, our goal is to meet developers where they already are. We have a native Jenkins plugin and a standalone scanner that works with any CI/CD tool – to deliver vulnerability and compliance scan results directly to developers; without requiring them to leave the tools they already use. In addition to this visibility, Twistlock can block or fail builds that exceed user-defined thresholds – so you can prevent risky or non-compliant applications from reaching sensitive environments.