nine, profile picture
Uploaded bynine
100 views

GitOps and security by Reto Bollinger, CSIO nine.ch

The document discusses the integration of GitOps in enhancing security within DevOps practices, emphasizing the principles of confidentiality, integrity, and availability. It highlights best practices such as the necessity of declaring all states, restricting direct instance access, and employing automated testing to improve the resilience and traceability of changes. The effectiveness of GitOps is framed through its ability to document changes and implement approval processes to prevent misconfigurations and inconsistencies.

Embed presentation

Download to read offline
GitOps and security Zürich, 2020-03-12
Zürich,Reto Bollinger / public 2019-02-05 iso@nine:~$ Name: Reto Bollinger Job Title: Chief Information Security Officer @ Nine Internet Solutions AG Tasks: maintain ISMS (ISO27001) and QMS (ISO9001), good cop/bad cop in one Attributes: slightly paranoid ;) and a bit reclusive but overly communicative... iso@nine:~$ wiso@nine:~$ whiso@nine:~$ whoiso@nine:~$ whoaiso@nine:~$ whoamiso@nine:~$ whoami
Zürich, C I A What is information security? Confidentiality Integrity Availability
Zürich, Ops / DevOps / DevSecOps and confidentiality Hey, I need to quickly access that data Sure, * I will adjust permissions quickly and revert them after *) add here one of the following: a) <nothing> b) let me just disable config mgmt and c) let me just get approval for disabling config mgmt and disable config mgmt and
Zürich, Ops / DevOps / DevSecOps and confidentiality
Zürich, Ops / DevOps / DevSecOps and confidentiality … 12 months later: Hey! Why is that accessible to the world? Who the f*** messed with the permissions? And why? Let’s check logs! Damn! Logs only go back 6 months, must have happened before...
Zürich, Ops / DevOps / DevSecOps and integrity Hey I quickly need to check these log files What ugly format is that? Let me strip unnecessary stuff <insert some fancy in-place sed/awk/grep command here recursively going through subdirs> Oops the config files were affected too? Wait, what do you mean they were not revision controlled?!?
Zürich, Ops / DevOps / DevSecOps and availability Let’s roll out that brand new version of the app Oh man, so many dependencies? Luckily package manager resolves it all Oops it breaks everything! Wait, what do you mean we can’t roll back because of dependencies?
Zürich, Sounds familiar? Who has experienced one or the other of those scenarios or something similar?
Zürich, And now for something completely different!
Zürich, Firmware A story from my former life... App Libs OS Drivers Buildsystem (CI/CD) Config Packages OS Builds loaded onto Binary Repo Sourcecode Repo 1 Sourcecode Repo 2 Assume you have the following (slightly simplified): How likely are you able to build a 1:1 identical firmware in 5 years from now?
Zürich, GitOps to the rescue! ● We have lots of dependencies ● We have multiple repositories with their own histories and revisions ● We have additional configurations ● We probably even have data that relies on specific revision of SW (databases) -> We have to track the whole state of all these. Describe the state of each repository, configuration and whatever and track this combination in a repository as well
Zürich, Deployment Let’s get back to the cloud Service 1 Service 2 Service 3 yaml Defined by
Zürich, Deployment Service 2 Dealing with service disruptions/changes Service 1 Service 3 Monitoring DISRUPTION! ssh Ooops it failed! Let’s SSH into it and “fix” it (e.g. chmod a+rw *.*) oh and silence that alert
Zürich, Deployment Service 2 Dealing with service disruptions/changes Service 1 Service 3 Monitoring Service 2 is now insecure. Alerting is completely silenced (for that case) Any update to Service 2 will make the problem re-occur or break even more
Zürich, Deployment Let’s go the GitOps way CI/CD Service 1 Service 2 Service 3 MonitoringBuilds yaml Defined by
Zürich, Deployment Service 2 Let’s go the GitOps way CI/CD Service 1 Service 3 MonitoringBuilds yaml Defined by DISRUPTION! ssh Ooops it failed! Let’s SSH into it and “fix” it No No! No touchy touchy! Only looky looky! With GitOps you should have “read-only” access to your instances X
Zürich, Deployment Service 2 Let’s go the GitOps way CI/CD Service 1 Service 3 MonitoringBuilds Defined by DISRUPTION! vi git Ooops it failed! Let’s SSH into it and “fix” it Let’s fix the declaration and push it yaml
Zürich, Deployment Let’s go the GitOps way CI/CD Service 1 Service 2 Service 3 MonitoringBuilds yaml Defined by What GitOps means: ● Declare EVERYTHING ● Do not depend on external states but declare these states ● Work ONLY on declaration but not on actual instances (looking is allowed)
Zürich, Deployment Let’s go the GitOps way CI/CD Service 1 Service 2 Service 3 Configuration MonitoringBuilds yaml Defined by yaml
Zürich, Deployment CI/CD Service 1 Configuration Service 2 Service 3 Configuration Monitoring yaml Defined by yaml yaml Builds Let’s go GitOps all the way ● Declare everything ● Think about how to bootstrap ● Test incremental changes as well as full rebuilds ● Keep a mirror of public repositories ● Use unique identifiers (tags most often are not necessarily unique)
Zürich, So now: Why is GitOps good from security perspective? Confidentiality: One can still accidentially misconfigure permissions BUT: its documented and traceable merge requests require approval (4 eyes principle) merge requests could be checked for suspicious patterns Direct access to instances can be restricted Integrity: One can no longer create inconsistency: it’s all declarative Availability: Either it runs or it doesn’t: if it doesn’t revert to previous state Rolling out quick-fixes definitely takes longer ...but changes/fixes are of better quality
Zürich, What makes a good GitOps project from security perspective? ● No (or read-only) “backend” access to running instances ● Automated testing: test everything: new way to break it? -> new test! ● Automated testing: incremental (update) as well as bootstrap (from scratch) ● Automated testing: find edge cases and robustify with chaos engineering* ● Merge requests (4+ eyes principle) ● Have a well defined scope: what is declared? Where are your boundaries? (not only “outwards” also “inwards”: customers realm) *) Dan Acristini held a very good talk about it: https://www.nine.ch/de/blog/gcp-meetup-ein-rueckblick-3
Zürich, 2019-11-21Intern / Reto Bollinger / ISM-QMS-intro “Tha ’ al folk !”
Zürich, 2019-11-21Intern / Reto Bollinger / ISM-QMS-intro “An Question ?”

More Related Content

PDF
SCMBC闇LT資料
bybleis tift
 
PDF
Git tutorial for CS320 Students
bymuratkrty
 
PDF
Intoroduction of py7zr
byHiroshi Miura
 
PDF
A model of Test Driven Infrastructure
byMarc Saettel
 
PDF
Mwalls velocity levelup
byMandi Walls
 
PDF
Devops, Secops, Opsec, DevSec *ops *.* ?
byKris Buytaert
 
PDF
True Git
bycolleenfry
 
PDF
Pragmatic version control using Git 1st Edition Travis Swicegood
bysebigokgaje
 
SCMBC闇LT資料
bybleis tift
 
Git tutorial for CS320 Students
bymuratkrty
 
Intoroduction of py7zr
byHiroshi Miura
 
A model of Test Driven Infrastructure
byMarc Saettel
 
Mwalls velocity levelup
byMandi Walls
 
Devops, Secops, Opsec, DevSec *ops *.* ?
byKris Buytaert
 
True Git
bycolleenfry
 
Pragmatic version control using Git 1st Edition Travis Swicegood
bysebigokgaje
 

Similar to GitOps and security by Reto Bollinger, CSIO nine.ch

PDF
Delivering Quality at Speed with GitOps
byWeaveworks
 
PPTX
BsidesMCR_2016-what-can-infosec-learn-from-devops
byJames '​-- Mckinlay
 
PDF
Download full ebook of Version Control With Git Jon Loeliger instant download...
bynhywosmogs408
 
PDF
What is GitOps? How GitOps works? we discuss Key Challanges.
byaniporwal00
 
PDF
What is GitOps? How GitOps works? we discuss Key Challanges.
byaniporwal00
 
PPTX
Securing the continuous integration
byIrene Michlin
 
PPT
Configuration Management
byelliando dias
 
PDF
stackconf 2021 | GitOps: yea or nay?
byNETWAYS
 
PDF
Open Source Tools for Leveling Up Operations FOSSET 2014
byMandi Walls
 
PDF
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
byChocolatey Software
 
PDF
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
byMichel Buczynski
 
PPTX
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
byVietnam Open Infrastructure User Group
 
PDF
Devops, the future is here, it's just not evenly distributed yet.
byKris Buytaert
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
PDF
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
byPerforce
 
PDF
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
byGina Bustos
 
PDF
JAZOON'13 - Stefan Saasen - True Git: The Great Migration
byjazoon13
 
PPTX
SecDevOps: The New Black of IT
byCloudPassage
 
PDF
Secure GitOps pipelines for Kubernetes with Snyk & Weaveworks
byWeaveworks
 
PDF
SQL Server DevOps Jumpstart
byOri Donner
 
Delivering Quality at Speed with GitOps
byWeaveworks
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
byJames '​-- Mckinlay
 
Download full ebook of Version Control With Git Jon Loeliger instant download...
bynhywosmogs408
 
What is GitOps? How GitOps works? we discuss Key Challanges.
byaniporwal00
 
What is GitOps? How GitOps works? we discuss Key Challanges.
byaniporwal00
 
Securing the continuous integration
byIrene Michlin
 
Configuration Management
byelliando dias
 
stackconf 2021 | GitOps: yea or nay?
byNETWAYS
 
Open Source Tools for Leveling Up Operations FOSSET 2014
byMandi Walls
 
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
byChocolatey Software
 
Facilitating continuous delivery in a FinTech world with Salt, Jenkins, Nexus...
byMichel Buczynski
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
byVietnam Open Infrastructure User Group
 
Devops, the future is here, it's just not evenly distributed yet.
byKris Buytaert
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
byPerforce
 
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
byGina Bustos
 
JAZOON'13 - Stefan Saasen - True Git: The Great Migration
byjazoon13
 
SecDevOps: The New Black of IT
byCloudPassage
 
Secure GitOps pipelines for Kubernetes with Snyk & Weaveworks
byWeaveworks
 
SQL Server DevOps Jumpstart
byOri Donner
 

More from nine

PDF
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
bynine
 
PDF
Delivering real-time video globally at Internet scale - Stefan Birrer, Co-Fou...
bynine
 
PDF
How a titan empowers our cloud monitoring infrastructure
bynine
 
PDF
GCP Meetup #3 - Approaches to Cloud Native Architectures
bynine
 
PDF
Security In The Public Cloud
bynine
 
PDF
TechTalkThursday: Microservices
bynine
 
PDF
Automating OpenShift Deployments
bynine
 
PDF
Docker for Developers
bynine
 
PDF
Das Web im Geschwindigkeitsrausch
bynine
 
PDF
TechTalkThursday 29.06.2017: Wie verhält sich DDoS in der Realität?
bynine
 
PDF
TechTalkThursday 02.03.2017: Container-Orchestrierung mit OpenShift - Unser W...
bynine
 
PDF
TechTalkThursday 27.10.2016: Ceph im NVME Cluster
bynine
 
PDF
TechTalkThursday 27.10.2016: Redundante Linux Failover Cluster
bynine
 
PDF
TechTalkThursday 27.10.2016: upd89.org - Orchestrierung von Security-Updates ...
bynine
 
PDF
TechTalkThursday 14.04.2016: Load tests of web applications as a service
bynine
 
PDF
TechTalkThursday 14.04.2016: Service Oriented Architecture @nine.ch
bynine
 
PDF
TechTalkThursday 26.11.2015: Zentrales Metriken-System - ist der Flügelschlag...
bynine
 
PDF
TechTalkThursday 26.11.2015: Manage the minions - Docker Container mit Kubern...
bynine
 
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
bynine
 
Delivering real-time video globally at Internet scale - Stefan Birrer, Co-Fou...
bynine
 
How a titan empowers our cloud monitoring infrastructure
bynine
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
bynine
 
Security In The Public Cloud
bynine
 
TechTalkThursday: Microservices
bynine
 
Automating OpenShift Deployments
bynine
 
Docker for Developers
bynine
 
Das Web im Geschwindigkeitsrausch
bynine
 
TechTalkThursday 29.06.2017: Wie verhält sich DDoS in der Realität?
bynine
 
TechTalkThursday 02.03.2017: Container-Orchestrierung mit OpenShift - Unser W...
bynine
 
TechTalkThursday 27.10.2016: Ceph im NVME Cluster
bynine
 
TechTalkThursday 27.10.2016: Redundante Linux Failover Cluster
bynine
 
TechTalkThursday 27.10.2016: upd89.org - Orchestrierung von Security-Updates ...
bynine
 
TechTalkThursday 14.04.2016: Load tests of web applications as a service
bynine
 
TechTalkThursday 14.04.2016: Service Oriented Architecture @nine.ch
bynine
 
TechTalkThursday 26.11.2015: Zentrales Metriken-System - ist der Flügelschlag...
bynine
 
TechTalkThursday 26.11.2015: Manage the minions - Docker Container mit Kubern...
bynine
 

Recently uploaded

PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PPTX
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
PDF
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PDF
Langchain4J - An Introduction for Impatient Developers
byJuarez Junior
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PDF
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
PDF
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
PDF
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
PDF
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
PDF
Supercharging Grafana with Community Plugins
byImma Valls Bernaus
 
PPTX
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
PDF
What is a stablecoin and business adoption in 2026.pdf
bymeerasingh12189
 
PDF
Imperative Bowling Kata - 20 Years On - Delegating Menial Tasks to AI Coding ...
byPhilip Schwarz
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Langchain4J - An Introduction for Impatient Developers
byJuarez Junior
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
Supercharging Grafana with Community Plugins
byImma Valls Bernaus
 
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
What is a stablecoin and business adoption in 2026.pdf
bymeerasingh12189
 
Imperative Bowling Kata - 20 Years On - Delegating Menial Tasks to AI Coding ...
byPhilip Schwarz
 

GitOps and security by Reto Bollinger, CSIO nine.ch

  • 1.
  • 2.
    Zürich,Reto Bollinger /public 2019-02-05 iso@nine:~$ Name: Reto Bollinger Job Title: Chief Information Security Officer @ Nine Internet Solutions AG Tasks: maintain ISMS (ISO27001) and QMS (ISO9001), good cop/bad cop in one Attributes: slightly paranoid ;) and a bit reclusive but overly communicative... iso@nine:~$ wiso@nine:~$ whiso@nine:~$ whoiso@nine:~$ whoaiso@nine:~$ whoamiso@nine:~$ whoami
  • 3.
    Zürich, C I A Whatis information security? Confidentiality Integrity Availability
  • 4.
    Zürich, Ops / DevOps/ DevSecOps and confidentiality Hey, I need to quickly access that data Sure, * I will adjust permissions quickly and revert them after *) add here one of the following: a) <nothing> b) let me just disable config mgmt and c) let me just get approval for disabling config mgmt and disable config mgmt and
  • 5.
    Zürich, Ops / DevOps/ DevSecOps and confidentiality
  • 6.
    Zürich, Ops / DevOps/ DevSecOps and confidentiality … 12 months later: Hey! Why is that accessible to the world? Who the f*** messed with the permissions? And why? Let’s check logs! Damn! Logs only go back 6 months, must have happened before...
  • 7.
    Zürich, Ops / DevOps/ DevSecOps and integrity Hey I quickly need to check these log files What ugly format is that? Let me strip unnecessary stuff <insert some fancy in-place sed/awk/grep command here recursively going through subdirs> Oops the config files were affected too? Wait, what do you mean they were not revision controlled?!?
  • 8.
    Zürich, Ops / DevOps/ DevSecOps and availability Let’s roll out that brand new version of the app Oh man, so many dependencies? Luckily package manager resolves it all Oops it breaks everything! Wait, what do you mean we can’t roll back because of dependencies?
  • 9.
    Zürich, Sounds familiar? Who hasexperienced one or the other of those scenarios or something similar?
  • 10.
    Zürich, And now forsomething completely different!
  • 11.
    Zürich, Firmware A story frommy former life... App Libs OS Drivers Buildsystem (CI/CD) Config Packages OS Builds loaded onto Binary Repo Sourcecode Repo 1 Sourcecode Repo 2 Assume you have the following (slightly simplified): How likely are you able to build a 1:1 identical firmware in 5 years from now?
  • 12.
    Zürich, GitOps to therescue! ● We have lots of dependencies ● We have multiple repositories with their own histories and revisions ● We have additional configurations ● We probably even have data that relies on specific revision of SW (databases) -> We have to track the whole state of all these. Describe the state of each repository, configuration and whatever and track this combination in a repository as well
  • 13.
    Zürich, Deployment Let’s get backto the cloud Service 1 Service 2 Service 3 yaml Defined by
  • 14.
    Zürich, Deployment Service 2 Dealing withservice disruptions/changes Service 1 Service 3 Monitoring DISRUPTION! ssh Ooops it failed! Let’s SSH into it and “fix” it (e.g. chmod a+rw *.*) oh and silence that alert
  • 15.
    Zürich, Deployment Service 2 Dealing withservice disruptions/changes Service 1 Service 3 Monitoring Service 2 is now insecure. Alerting is completely silenced (for that case) Any update to Service 2 will make the problem re-occur or break even more
  • 16.
    Zürich, Deployment Let’s go theGitOps way CI/CD Service 1 Service 2 Service 3 MonitoringBuilds yaml Defined by
  • 17.
    Zürich, Deployment Service 2 Let’s gothe GitOps way CI/CD Service 1 Service 3 MonitoringBuilds yaml Defined by DISRUPTION! ssh Ooops it failed! Let’s SSH into it and “fix” it No No! No touchy touchy! Only looky looky! With GitOps you should have “read-only” access to your instances X
  • 18.
    Zürich, Deployment Service 2 Let’s gothe GitOps way CI/CD Service 1 Service 3 MonitoringBuilds Defined by DISRUPTION! vi git Ooops it failed! Let’s SSH into it and “fix” it Let’s fix the declaration and push it yaml
  • 19.
    Zürich, Deployment Let’s go theGitOps way CI/CD Service 1 Service 2 Service 3 MonitoringBuilds yaml Defined by What GitOps means: ● Declare EVERYTHING ● Do not depend on external states but declare these states ● Work ONLY on declaration but not on actual instances (looking is allowed)
  • 20.
    Zürich, Deployment Let’s go theGitOps way CI/CD Service 1 Service 2 Service 3 Configuration MonitoringBuilds yaml Defined by yaml
  • 21.
    Zürich, Deployment CI/CD Service 1 Configuration Service 2Service 3 Configuration Monitoring yaml Defined by yaml yaml Builds Let’s go GitOps all the way ● Declare everything ● Think about how to bootstrap ● Test incremental changes as well as full rebuilds ● Keep a mirror of public repositories ● Use unique identifiers (tags most often are not necessarily unique)
  • 22.
    Zürich, So now: Why isGitOps good from security perspective? Confidentiality: One can still accidentially misconfigure permissions BUT: its documented and traceable merge requests require approval (4 eyes principle) merge requests could be checked for suspicious patterns Direct access to instances can be restricted Integrity: One can no longer create inconsistency: it’s all declarative Availability: Either it runs or it doesn’t: if it doesn’t revert to previous state Rolling out quick-fixes definitely takes longer ...but changes/fixes are of better quality
  • 23.
    Zürich, What makes agood GitOps project from security perspective? ● No (or read-only) “backend” access to running instances ● Automated testing: test everything: new way to break it? -> new test! ● Automated testing: incremental (update) as well as bootstrap (from scratch) ● Automated testing: find edge cases and robustify with chaos engineering* ● Merge requests (4+ eyes principle) ● Have a well defined scope: what is declared? Where are your boundaries? (not only “outwards” also “inwards”: customers realm) *) Dan Acristini held a very good talk about it: https://www.nine.ch/de/blog/gcp-meetup-ein-rueckblick-3
  • 24.
    Zürich, 2019-11-21Intern /Reto Bollinger / ISM-QMS-intro “Tha ’ al folk !”
  • 25.
    Zürich, 2019-11-21Intern /Reto Bollinger / ISM-QMS-intro “An Question ?”