SlideShare a Scribd company logo

Deploying Compliant Kubernetes: Real World Edge Cases

DevOps.com
DevOps.com

This document discusses Lola's deployment of compliant Kubernetes to meet PCI DSS requirements. Lola stores credit card details on behalf of users but does not directly process payments, requiring Level 1 PCI compliance. It outlines how Lola uses technologies like TLS encryption with Ingress controllers, IAM authentication for Kubernetes, and Prometheus for cluster monitoring to meet requirements for firewalls, encryption, secure systems, and access control. The document advises engaging auditors technically rather than treating Kubernetes as a black box, and leveraging open source tools and communities for pre-built applications to simplify compliance tasks like authentication, monitoring, and logging.

Technology
1 of 15
Download to read offline
Deploying Compliant Kubernetes Real World Edge Cases
Speakers 2 Tim Buntel VP of Application Security Products Katie Paugh Lola DevOps Team Lead
Quick Background on Lola 3 Lola.com makes managing corporate travel easy, fast and agile. We provide your company with the visibility and control you need, while giving your travelers the amazing experience they want.
Lola’s Cloud Environment ü General IT ü AWS infrastructure ü CI/CD pipeline 4 ü Logging ü Monitoring MANAGE GENERAL INFRASTRUCTURE ü Security/Compliance ü Kubernetes PCI INFRASTRUCTURE PRODNON- PROD PRODNON- PROD
Lola’s Need for Compliance Credit card details are stored on users’ behalf 5 In-house travel agents can book on behalf of users No direct credit card processing, but Level 1 PCI DSS Compliant
6 Compliance in a K8S World
REQUIREMENT 1 Install and Maintain a firewall configuration to protect cardholder data 7
REQUIREMENT 4 Encrypt transmission of cardholder data across open, public networks 8 § TLS Encryption via Ingress Controllers § Ingress Controller maps to an AWS ALB with appropriate Security Group and ELBSecurityPolicy § Weave as networking layer – Encryption enabled between services within our cluster* * Not a PCI requirement, but an extra layer of security
REQUIREMENT 6 Develop and maintain secure systems and applications 9 DEV SEC OPS Vulnerability Alerts Guidance Centralized Visibility & Control Attack Protection & Threat Intelligence
REQUIREMENT 8 Identify and authenticate access to system components 10 A big challenge for us § How are we going to handle user authentication into our cluster § How do we manage Integration with a new system? § If our Developers get another account will they know which credentials they need to use for what? § Don’t want developers to have yet another account to remember § Etc. AWS IAM Authenticator for Kubernetes (formerly heptio-authenticator) § Use AWS IAM users to authenticate to the Kubernetes cluster § Users assume an IAM Role and each Role is restricted to certain actions § Allows for easy user management § Can give CI/CD pipeline access without giving it a username and password
REQUIREMENT 10 Track and monitor all access to network resources and cardholder data 11 CLUSTER METRICS SEVERITY 1 ALERT SEVERITY 2 & 3 ALERTS INTRUSION DETECTION Prometheus
Talking to the Auditors Stick to the technical controls you have in place – Versioning – User access controls Don’t treat Kubernetes like a black box – “Oh well it just handles things that way because it does” 12
What We’ve Learned So Far USE THE COMMUNITY! – Slack, forums, GitHub Search for Pre-built custom applications – Custom authentication controllers – Customer resource controllers – Monitoring – Logging 13
14
Thank You threatstack.com

Recommended

The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 

Recommended

The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessAkeyless
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protocogori4
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures Stenio Ferreira
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewNick Owen
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...Valerie Lampkin
 
Blockchin architecture & use cases -part-2
Blockchin architecture & use cases -part-2Blockchin architecture & use cases -part-2
Blockchin architecture & use cases -part-2Mohammad Asif
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101CloudIDSummit
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security WebinarThe eCore Group
 
Aws cloud migration_realestatedesign
Aws cloud migration_realestatedesignAws cloud migration_realestatedesign
Aws cloud migration_realestatedesignAnita Luthra
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 

More Related Content

What's hot

CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud SecurityAkeyless
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessAkeyless
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protocogori4
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementMary Racter
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures Stenio Ferreira
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT PlatformRanjith Kumar
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewNick Owen
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...Valerie Lampkin
 
Blockchin architecture & use cases -part-2
Blockchin architecture & use cases -part-2Blockchin architecture & use cases -part-2
Blockchin architecture & use cases -part-2Mohammad Asif
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101CloudIDSummit
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security WebinarThe eCore Group
 

What's hot (20)

CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
 
IBM Secret Key management protoco
IBM Secret Key management protocoIBM Secret Key management protoco
IBM Secret Key management protoco
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Bevywise IoT Platform
Bevywise IoT PlatformBevywise IoT Platform
Bevywise IoT Platform
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
The WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems OverviewThe WiKID Strong Authentication Systems Overview
The WiKID Strong Authentication Systems Overview
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
 
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
DevNexus conference: How to Quickly Connect Internet of Things to IBM Bluemix...
 
Blockchin architecture & use cases -part-2
Blockchin architecture & use cases -part-2Blockchin architecture & use cases -part-2
Blockchin architecture & use cases -part-2
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security Webinar
 

Similar to Deploying Compliant Kubernetes: Real World Edge Cases

Aws cloud migration_realestatedesign
Aws cloud migration_realestatedesignAws cloud migration_realestatedesign
Aws cloud migration_realestatedesignAnita Luthra
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloadsRuncy Oommen
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler Data Tech
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
Building Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWSBuilding Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWS2nd Watch
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Skip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized appsSkip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized appsHaidee McMahon
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Blueprint for creating a Secure IoT Product
Blueprint for creating a Secure IoT ProductBlueprint for creating a Secure IoT Product
Blueprint for creating a Secure IoT ProductGuy Vinograd ☁
 
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...Xiaoman DONG
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 

Similar to Deploying Compliant Kubernetes: Real World Edge Cases (20)

Aws cloud migration_realestatedesign
Aws cloud migration_realestatedesignAws cloud migration_realestatedesign
Aws cloud migration_realestatedesign
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWS
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCP
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container Platform
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
Building Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWSBuilding Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWS
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Anil Info
Anil InfoAnil Info
Anil Info
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Skip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized appsSkip the anxiety attack when building secure containerized apps
Skip the anxiety attack when building secure containerized apps
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
Blueprint for creating a Secure IoT Product
Blueprint for creating a Secure IoT ProductBlueprint for creating a Secure IoT Product
Blueprint for creating a Secure IoT Product
 
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Deploying Compliant Kubernetes: Real World Edge Cases

  • 2. Speakers 2 Tim Buntel VP of Application Security Products Katie Paugh Lola DevOps Team Lead
  • 3. Quick Background on Lola 3 Lola.com makes managing corporate travel easy, fast and agile. We provide your company with the visibility and control you need, while giving your travelers the amazing experience they want.
  • 4. Lola’s Cloud Environment ü General IT ü AWS infrastructure ü CI/CD pipeline 4 ü Logging ü Monitoring MANAGE GENERAL INFRASTRUCTURE ü Security/Compliance ü Kubernetes PCI INFRASTRUCTURE PRODNON- PROD PRODNON- PROD
  • 5. Lola’s Need for Compliance Credit card details are stored on users’ behalf 5 In-house travel agents can book on behalf of users No direct credit card processing, but Level 1 PCI DSS Compliant
  • 6. 6 Compliance in a K8S World
  • 7. REQUIREMENT 1 Install and Maintain a firewall configuration to protect cardholder data 7
  • 8. REQUIREMENT 4 Encrypt transmission of cardholder data across open, public networks 8 § TLS Encryption via Ingress Controllers § Ingress Controller maps to an AWS ALB with appropriate Security Group and ELBSecurityPolicy § Weave as networking layer – Encryption enabled between services within our cluster* * Not a PCI requirement, but an extra layer of security
  • 9. REQUIREMENT 6 Develop and maintain secure systems and applications 9 DEV SEC OPS Vulnerability Alerts Guidance Centralized Visibility & Control Attack Protection & Threat Intelligence
  • 10. REQUIREMENT 8 Identify and authenticate access to system components 10 A big challenge for us § How are we going to handle user authentication into our cluster § How do we manage Integration with a new system? § If our Developers get another account will they know which credentials they need to use for what? § Don’t want developers to have yet another account to remember § Etc. AWS IAM Authenticator for Kubernetes (formerly heptio-authenticator) § Use AWS IAM users to authenticate to the Kubernetes cluster § Users assume an IAM Role and each Role is restricted to certain actions § Allows for easy user management § Can give CI/CD pipeline access without giving it a username and password
  • 11. REQUIREMENT 10 Track and monitor all access to network resources and cardholder data 11 CLUSTER METRICS SEVERITY 1 ALERT SEVERITY 2 & 3 ALERTS INTRUSION DETECTION Prometheus
  • 12. Talking to the Auditors Stick to the technical controls you have in place – Versioning – User access controls Don’t treat Kubernetes like a black box – “Oh well it just handles things that way because it does” 12
  • 13. What We’ve Learned So Far USE THE COMMUNITY! – Slack, forums, GitHub Search for Pre-built custom applications – Custom authentication controllers – Customer resource controllers – Monitoring – Logging 13
  • 14. 14