SlideShare a Scribd company logo

DevOps Security: A New Paradigm

Download as PPTX, PDF
Tripwire
Tripwire

With the advent of virtualization, infrastructure has become software, introducing new possibilities for managing “infrastructure as code.” Today, techniques such as containerization and automation are hallmarks of programmable infrastructure, and a primary aspect of the DevOps revolution in IT operations. But what do these radical changes mean for security? In this presentation, Scott Crawford of 451 Research and Dave Meltzer of Tripwire discuss: -What these changes mean for the tools and expertise required to manage security and their impact on security readiness -Where security can be applied to new environments such as containerized IT -How to verify that the security measures you’ve applied are effective

Technology
1 of 24
DevOps: A New Paradigm for Security Operations February 14, 2018 Scott Crawford Research Director Information Security 451 Research David Meltzer CTO Tripwire
DevOps: A new operational paradigm • Building on the advantages of virtualization • “Infrastructure as code” • The entire stack becomes programmable • Automation becomes central • Not just about the tech – Breaking down silos of culture & practice, too! 2
Security principles: The same, only different The same: • Reducing attack surface • Defining secure configuration • Defining secure operations • Assessment & validation Different: • The “stack” • A central focus today: Containers • The tools • The processes • A key security advantage: Immutability 3
Containers: A closer look • A self-contained package of everything needed to run one software unit • Why? Efficiency: • Packaging • Portability • Manageability • Security benefits • Reduced attack surface • Reduced variability • Reduced vulnerability • …but with a gotcha or two (more shortly) 4 VM paradigm Container paradigm vs. Images: http://www.dockermall.com/coexistence-or-love-to-kill- container-virtual-machine-and-docker-concept-full-analysis/
A new IT ecosystem • Containers: building everything in • “Infrastructure as code”: Versioning, repositories, registries • API-driven • Modularity • Immutability • Orchestration, at multiple levels • Availability • Componentry • Complete application • “Microservices” • Composite applications 5 container con- tainer container Application container containercontainer container Pod Swarm container micro- service micro- service Application micro- servicemicro- service
Security: Three key focus areas 6 Definition Deployment Operations
Definition: Preparing & maintaining the environment • Key principles • Minimize the attack surface • Reduce exposures of available functionality • Service provider • Host OS • Container environment • Host configuration • Container images • Build files • Container runtime 7
Definition: The container registry • Key principles: • Confidence vs. “trust” • Verification • Assessment • Against security specifications • Image sources • Public vs. private registries • Verifying “inheritance” • Authentication • e.g. Docker Content Trust • Communications • E.g. TLS/SSL for image movement, C&C 8
Deployment: Understanding toolchains A sequence of stages 9 Build Deploy Operate
The temptation: Automation “without borders” 10 Build Deploy Operate • Cutting to the chase: e.g. build systems with deployment platform access • Automating this access via, e.g., web hooks • Why this isn’t a good idea: • Building automation without code review in the build tool • Credentials to one platform embedded in another • Individual platforms with access to multiple others • Applying “SoD” to the toolchain • CI to build, push to registry • Orchestration to pull and deploy
Operations: Orchestrating the production environment • DevOps orchestration: Automation at multiple levels • Containers & software: Kubernetes, Mesopshere, Rancher, etc. • Infrastructure: Puppet, Chef, Ansible, etc. • Enforcement of security definitions at multiple levels • Network infrastructure • Underlying platform configuration & control • Access & RBAC • Policy segmentation of resources • And much, much more 11 spec: nodeSelector: role: policyA InSpec Declarative language
Some additional operational principles • Immutability • One of DevOps’ most valuable security aspects • Less: • Repair production instances • More • Remediate the image • On-demand deployment, incremental • CI, CD …Why not continuous validation? • Build assessment/re-assessment • Production environment: Assessment & evaluation • Catching drift, vulnerability persistence • When new vulnerabilities emerge 12
Going forward • More granular modularity = More orchestration • = More automation • Shifting emphasis of people • From app development to app engineering 13 • Critical to security: • Familiarity with tools, processes • Applying security knowledge via tools • Identifying key points of control To make the road as smooth as possible… • How’s the relationship with Dev & Ops teams? • Does your team have the skills? • Do they have the right tools?
Thank you!
DevOps Security: A New Paradigm David Meltzer, Chief Technology Officer - Tripwire February 14, 2018
The Interlinked Connection of DevOps, Docker, & Cloud
Containerization Intertwined with Cloud Security Requirements: » Assess images before production » Secure container registries » Secure continuous integration » Secure container orchestration » Secure the stack
DevOps Intertwined with Cloud Move fast, break things – sounds like a bad idea
https://forge.puppet.com/tripwire https://supermarket.chef.io/cookbooks/tripwire_agent https://github.com/Tripwire
tripwire.com | @TripwireInc

Recommended

Azure serverless computing
Azure serverless computingAzure serverless computing
Azure serverless computingUdaiappa Ramachandran
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelinkUdaiappa Ramachandran
 
A Decade of Microservices
A Decade of MicroservicesA Decade of Microservices
A Decade of MicroservicesRuman Khan
 
Agile Development in the Cloud - AWS India Summit 2012
Agile Development in the Cloud - AWS India Summit 2012Agile Development in the Cloud - AWS India Summit 2012
Agile Development in the Cloud - AWS India Summit 2012Amazon Web Services
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricSaba Jamalian
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor AppsSiva Rama Krishna Chunduru
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsStorage Switzerland
 
Mendix Cloud Hosting on CloudFoundry
Mendix Cloud Hosting on CloudFoundryMendix Cloud Hosting on CloudFoundry
Mendix Cloud Hosting on CloudFoundryJasper van der Hoek
 

Recommended

Azure serverless computing
Azure serverless computingAzure serverless computing
Azure serverless computingUdaiappa Ramachandran
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelinkUdaiappa Ramachandran
 
A Decade of Microservices
A Decade of MicroservicesA Decade of Microservices
A Decade of MicroservicesRuman Khan
 
Agile Development in the Cloud - AWS India Summit 2012
Agile Development in the Cloud - AWS India Summit 2012Agile Development in the Cloud - AWS India Summit 2012
Agile Development in the Cloud - AWS India Summit 2012Amazon Web Services
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricSaba Jamalian
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor AppsSiva Rama Krishna Chunduru
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsStorage Switzerland
 
Mendix Cloud Hosting on CloudFoundry
Mendix Cloud Hosting on CloudFoundryMendix Cloud Hosting on CloudFoundry
Mendix Cloud Hosting on CloudFoundryJasper van der Hoek
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019Kim Clark
 
Microservice architecture case study
Microservice architecture case studyMicroservice architecture case study
Microservice architecture case studyRudra Tripathy
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWade Wegner
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware
 
Building Cloud Native Applications
Building Cloud Native Applications Building Cloud Native Applications
Building Cloud Native Applications Munish Gupta
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpVMware Tanzu
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application DevelopmentSiva Rama Krishna Chunduru
 
Microservices in Practice
Microservices in PracticeMicroservices in Practice
Microservices in PracticeKasun Indrasiri
 
FORUM PA 2015 - Microservices with IBM Bluemix
FORUM PA 2015 - Microservices with IBM BluemixFORUM PA 2015 - Microservices with IBM Bluemix
FORUM PA 2015 - Microservices with IBM Bluemixgjuljo
 
HyperGrid Journey to Automation
HyperGrid Journey to AutomationHyperGrid Journey to Automation
HyperGrid Journey to AutomationHyperGrid
 
VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware
 
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)Callon Campbell
 
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)Denny Muktar
 
Smart building mendix azure influx / smart City / IoT
Smart building mendix azure influx / smart City / IoT Smart building mendix azure influx / smart City / IoT
Smart building mendix azure influx / smart City / IoT Conclusion Connect enabling industry 4.0 with IoT
 
Enterprise Cloud Governance: A Frictionless Approach
Enterprise Cloud Governance: A Frictionless ApproachEnterprise Cloud Governance: A Frictionless Approach
Enterprise Cloud Governance: A Frictionless ApproachRightScale
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"Daniel Bryant
 
F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security Services F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security ServicesAmazon Web Services
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsNovell
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?ACA IT-Solutions
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 

More Related Content

What's hot

The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019Kim Clark
 
Microservice architecture case study
Microservice architecture case studyMicroservice architecture case study
Microservice architecture case studyRudra Tripathy
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWade Wegner
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware
 
Building Cloud Native Applications
Building Cloud Native Applications Building Cloud Native Applications
Building Cloud Native Applications Munish Gupta
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpVMware Tanzu
 
Microservices in Practice
Microservices in PracticeMicroservices in Practice
Microservices in PracticeKasun Indrasiri
 
FORUM PA 2015 - Microservices with IBM Bluemix
FORUM PA 2015 - Microservices with IBM BluemixFORUM PA 2015 - Microservices with IBM Bluemix
FORUM PA 2015 - Microservices with IBM Bluemixgjuljo
 
HyperGrid Journey to Automation
HyperGrid Journey to AutomationHyperGrid Journey to Automation
HyperGrid Journey to AutomationHyperGrid
 
VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware
 
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)Callon Campbell
 
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)Denny Muktar
 
Enterprise Cloud Governance: A Frictionless Approach
Enterprise Cloud Governance: A Frictionless ApproachEnterprise Cloud Governance: A Frictionless Approach
Enterprise Cloud Governance: A Frictionless ApproachRightScale
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"Daniel Bryant
 
F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security Services F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security ServicesAmazon Web Services
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsNovell
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?ACA IT-Solutions
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 

What's hot (20)

The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019
 
Microservice architecture case study
Microservice architecture case studyMicroservice architecture case study
Microservice architecture case study
 
Wisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows AzureWisconsin .NET UG - Windows Azure
Wisconsin .NET UG - Windows Azure
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
 
Building Cloud Native Applications
Building Cloud Native Applications Building Cloud Native Applications
Building Cloud Native Applications
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOp
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
 
Microservices in Practice
Microservices in PracticeMicroservices in Practice
Microservices in Practice
 
FORUM PA 2015 - Microservices with IBM Bluemix
FORUM PA 2015 - Microservices with IBM BluemixFORUM PA 2015 - Microservices with IBM Bluemix
FORUM PA 2015 - Microservices with IBM Bluemix
 
HyperGrid Journey to Automation
HyperGrid Journey to AutomationHyperGrid Journey to Automation
HyperGrid Journey to Automation
 
VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for Migration
 
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
 
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
IBM Private Cloud Platform - Setting Foundation for Hybrid (JUKE, 2015)
 
Smart building mendix azure influx / smart City / IoT
Smart building mendix azure influx / smart City / IoT Smart building mendix azure influx / smart City / IoT
Smart building mendix azure influx / smart City / IoT
 
Enterprise Cloud Governance: A Frictionless Approach
Enterprise Cloud Governance: A Frictionless ApproachEnterprise Cloud Governance: A Frictionless Approach
Enterprise Cloud Governance: A Frictionless Approach
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
 
F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security Services F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security Services
 
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management SolutionsVirtual Desktop Infrastructure with Novell Endpoint Management Solutions
Virtual Desktop Infrastructure with Novell Endpoint Management Solutions
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service Proxy
 

Similar to DevOps Security: A New Paradigm

10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to KubernetesM. Scott Ford
 
Where and When to Docker
Where and When to DockerWhere and When to Docker
Where and When to Dockerdantheelder
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Lucas Jellema
 
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly DavidoffDevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly DavidoffDevSecCon
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
DevSecOps in a cloudnative world
DevSecOps in a cloudnative worldDevSecOps in a cloudnative world
DevSecOps in a cloudnative worldKarthik Gaekwad
 
Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security John Willis
 
Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016Keith Lynch
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE Manager
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE ManagerSviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE Manager
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE ManagerSUSE Italy
 
Azure meetup cloud native concepts - may 28th 2018
Azure meetup cloud native concepts - may 28th 2018Azure meetup cloud native concepts - may 28th 2018
Azure meetup cloud native concepts - may 28th 2018Jim Bugwadia
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementDevOps.com
 
Using Camunda on Kubernetes through Operators
Using Camunda on Kubernetes through OperatorsUsing Camunda on Kubernetes through Operators
Using Camunda on Kubernetes through Operatorscamunda services GmbH
 

Similar to DevOps Security: A New Paradigm (20)

Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
 
Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to Kubernetes
 
Where and When to Docker
Where and When to DockerWhere and When to Docker
Where and When to Docker
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
 
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly DavidoffDevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
DevSecOps in a cloudnative world
DevSecOps in a cloudnative worldDevSecOps in a cloudnative world
DevSecOps in a cloudnative world
 
Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security Evolve 2017 - Vegas - Devops, Docker and Security
Evolve 2017 - Vegas - Devops, Docker and Security
 
Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realists
 
Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016Containers - Transforming the data centre as we know it 2016
Containers - Transforming the data centre as we know it 2016
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE Manager
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE ManagerSviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE Manager
Sviluppare velocemente applicazioni sicure con SUSE CaaS Platform e SUSE Manager
 
Azure meetup cloud native concepts - may 28th 2018
Azure meetup cloud native concepts - may 28th 2018Azure meetup cloud native concepts - may 28th 2018
Azure meetup cloud native concepts - may 28th 2018
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
 
Using Camunda on Kubernetes through Operators
Using Camunda on Kubernetes through OperatorsUsing Camunda on Kubernetes through Operators
Using Camunda on Kubernetes through Operators
 

More from Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

DevOps Security: A New Paradigm

  • 1. DevOps: A New Paradigm for Security Operations February 14, 2018 Scott Crawford Research Director Information Security 451 Research David Meltzer CTO Tripwire
  • 2. DevOps: A new operational paradigm • Building on the advantages of virtualization • “Infrastructure as code” • The entire stack becomes programmable • Automation becomes central • Not just about the tech – Breaking down silos of culture & practice, too! 2
  • 3. Security principles: The same, only different The same: • Reducing attack surface • Defining secure configuration • Defining secure operations • Assessment & validation Different: • The “stack” • A central focus today: Containers • The tools • The processes • A key security advantage: Immutability 3
  • 4. Containers: A closer look • A self-contained package of everything needed to run one software unit • Why? Efficiency: • Packaging • Portability • Manageability • Security benefits • Reduced attack surface • Reduced variability • Reduced vulnerability • …but with a gotcha or two (more shortly) 4 VM paradigm Container paradigm vs. Images: http://www.dockermall.com/coexistence-or-love-to-kill- container-virtual-machine-and-docker-concept-full-analysis/
  • 5. A new IT ecosystem • Containers: building everything in • “Infrastructure as code”: Versioning, repositories, registries • API-driven • Modularity • Immutability • Orchestration, at multiple levels • Availability • Componentry • Complete application • “Microservices” • Composite applications 5 container con- tainer container Application container containercontainer container Pod Swarm container micro- service micro- service Application micro- servicemicro- service
  • 6. Security: Three key focus areas 6 Definition Deployment Operations
  • 7. Definition: Preparing & maintaining the environment • Key principles • Minimize the attack surface • Reduce exposures of available functionality • Service provider • Host OS • Container environment • Host configuration • Container images • Build files • Container runtime 7
  • 8. Definition: The container registry • Key principles: • Confidence vs. “trust” • Verification • Assessment • Against security specifications • Image sources • Public vs. private registries • Verifying “inheritance” • Authentication • e.g. Docker Content Trust • Communications • E.g. TLS/SSL for image movement, C&C 8
  • 9. Deployment: Understanding toolchains A sequence of stages 9 Build Deploy Operate
  • 10. The temptation: Automation “without borders” 10 Build Deploy Operate • Cutting to the chase: e.g. build systems with deployment platform access • Automating this access via, e.g., web hooks • Why this isn’t a good idea: • Building automation without code review in the build tool • Credentials to one platform embedded in another • Individual platforms with access to multiple others • Applying “SoD” to the toolchain • CI to build, push to registry • Orchestration to pull and deploy
  • 11. Operations: Orchestrating the production environment • DevOps orchestration: Automation at multiple levels • Containers & software: Kubernetes, Mesopshere, Rancher, etc. • Infrastructure: Puppet, Chef, Ansible, etc. • Enforcement of security definitions at multiple levels • Network infrastructure • Underlying platform configuration & control • Access & RBAC • Policy segmentation of resources • And much, much more 11 spec: nodeSelector: role: policyA InSpec Declarative language
  • 12. Some additional operational principles • Immutability • One of DevOps’ most valuable security aspects • Less: • Repair production instances • More • Remediate the image • On-demand deployment, incremental • CI, CD …Why not continuous validation? • Build assessment/re-assessment • Production environment: Assessment & evaluation • Catching drift, vulnerability persistence • When new vulnerabilities emerge 12
  • 13. Going forward • More granular modularity = More orchestration • = More automation • Shifting emphasis of people • From app development to app engineering 13 • Critical to security: • Familiarity with tools, processes • Applying security knowledge via tools • Identifying key points of control To make the road as smooth as possible… • How’s the relationship with Dev & Ops teams? • Does your team have the skills? • Do they have the right tools?
  • 15. DevOps Security: A New Paradigm David Meltzer, Chief Technology Officer - Tripwire February 14, 2018
  • 16.
  • 17. The Interlinked Connection of DevOps, Docker, & Cloud
  • 18. Containerization Intertwined with Cloud Security Requirements: » Assess images before production » Secure container registries » Secure continuous integration » Secure container orchestration » Secure the stack
  • 19. DevOps Intertwined with Cloud Move fast, break things – sounds like a bad idea
  • 20.
  • 21.
  • 23.