SlideShare a Scribd company logo

Kernel Con 2022: Securing Cloud Native Workloads

Gabriel Schuyler
Gabriel Schuyler

So, you've finished your (rushed by lockdown) lift-and-shift to the cloud, and now your developers are adopting cloud-native workloads such as containers, serverless functions, storage buckets, and databases as a service. These new technologies introduce new attack vectors, and must be defended in unique ways. You're not "just running on someone else's servers" when workloads come and go in seconds. How do you secure a function when the communication layer is opaque to you? Can you govern container use well enough to protect it, but without slowing down developers and the business? Heck, do you even know what's out there? This session will provide you with enough knowledge to begin securing the your most important assets in the cloud. Sure, cloud-native workloads can seem mysterious, but once you know the differences (and hidden pitfalls) of cloud-native workloads, you'll be in good shape to start defending them.

Technology
1 of 15
Download to read offline
Securing Cloud-Native Workloads Gabe Schuyler @gabe_sky KernelCon 2022
Gabe Schuyler • Operations veteran • DevOps enthusiast • Cloud security specialist • ... and running, RFID, and 
 using technology to effect 
 positive social change. Gabe Schuyler @gabe_sky KernelCon 2022 I've been in operations for ever -- Playstation. I spent seven years in professional services at PuppetLabs. I work as a solutions engineer at Wiz, Inc right now. In my spare time I like running, playing with RFID, and promoting the use of technology for positive social change.
Shared Responsibility Model Hardware Services Con fi g Workloads Them Us Gabe Schuyler @gabe_sky KernelCon 2022 Cloud security providers talk about the "shared responsibility model." Basically, they promise to keep the servers running and the card machine swiping. You are responsible for how you con fi gure their services. You are also responsible for what you run on workloads. You're also responsible for who you let do what.
Acronyms Con fi g Workloads Gabe Schuyler @gabe_sky KernelCon 2022 CSPM: 
 Cloud Security Posture Management CWPP: 
 Cloud Workload Protection Platform CIEM: 
 Cloud Identity and Entitlement Management CNAPP: 
 Cloud Native Application Protection Platform Let's talk acronyms. Protecting how you con fi gure your services is CSPM. Protecting what you run on your workloads is CWPP. Protecting the way that you authorize people and services to use things is CIEM. Wrap it all up together and you've got what Gartner calls CNAPP.
What is cloud native? • Beyond lift-and-shift • Disposable workloads • Automated and codi fi ed • X as a service Gabe Schuyler @gabe_sky KernelCon 2022 Let's start by talking about what we mean by "cloud native." It's not just lift-and-shift, it's what's evolved from that. Workloads are short-lived. If they break, you destroy and rebuild them. To be able to do this we need to automate, and codify con fi gs and infrastructure. Increasingly we don't even run the server, we let the cloud provider do it.
Securing disposable workloads • The cattle vs. pets metaphor 
 (Randy Bias) • Runtime defense directs redeployment • Con fi guration in version control & pipelines • Developers making infrastructure choices • Security must be part of continuous delivery Gabe Schuyler @gabe_sky KernelCon 2022 We're used to patching/ fi xing broken workloads; in the cloud you just redeploy. So if something gets hacked, you don't use EDR, you update and redeploy. To be able to adopt this lifestyle, the infrastructure itself needs to be part of SDLC. Once infrastructure is codi fi ed, it's now part of the development process itself. Security must be integral to the CICD process, just as other tests are.
Containers in clusters • Single purpose modules • Microservice architecture • Automatic (opaque) networking • But easy to allow-list protect • Base images and layers Gabe Schuyler @gabe_sky KernelCon 2022 front-end cart payment metrics session 443 2711 8088 8089 4744 I'll assume most folks are comfortable with containers. Where they really di ff er is the application architecture of microservices. And in a cluster, the communication is opaque to the outside. It looks complicated, however, single-purpose means allow-lists are obvious. Keep an eye on the base images, and be able to detect the layer of vulnerabilities.
Serverless functions • Single purpose/endpoint • Non-IP communication • Dead-simple allow-lists • Dependencies ... 
 dependencies everywhere! Gabe Schuyler @gabe_sky KernelCon 2022 login logout tracker metrics to_png upload 443 443 443 443 queue ? !? Now we get exciting, these aren't just one application piece, they're one function. Also, communication isn't always over IP! It could be a queue, or in-place. However, securing these is dead simple, they do one thing with known inputs. Similar to base images, make sure to not just scan code, but the dependencies.
Persistent services • Storage • Databases • Load balancers • Secrets stores • Firewalls Gabe Schuyler @gabe_sky KernelCon 2022 front-end cart payment session metrics to_png upload storage load balancer secrets So, if everything's ephemeral, how do I use anything persistent. You use software/platform as a service, allowing you to focus on code. This is where CSPM comes in; you need to scan this stu ff for miscon fi gurations. Make sure you understand CIEM, limiting who can do what. (And if they use it.) You'll also want to keep an eye on user behavior anomalies.
Infrastructure as code • Automated and codi fi ed • Terraform, CloudFormation, ARM &c • Puppet, Chef, weaponized Bash scripts • Scan scan scan • Watch for drift Gabe Schuyler @gabe_sky KernelCon 2022 In devops we allow developers to de fi ne the infrastructure, so then use code. It's where we put the dev in ops ... technologies like Terraform, CF, ARM On the lift-and-shift side, we adopted con fi guration management. It's similar! Scan this stu ff everywhere, including in CICD pipelines. And, since this is the authoritative, any drift should be considered an incident.
Shift left security • Prevention vs. cure • Developers' native tools • Find a champion. • Describe underlying patterns • Prioritize true exposure and risks • Offer remediation advice Gabe Schuyler @gabe_sky KernelCon 2022 Blah blah blah an ounce of prevention is worth a pound of cure. (In metric?) Meet developers in the tools they use ... from CLI to IDE to CICD. Look up some talks about fi nding security champions within development teams. Don't just fl ag issues -- describe why they matter and a pattern they represent. Don't just hand over a pile of issues -- prioritize them by true risk. There are plenty of tools that o ff er advice or even a pull request.
Policy as code • Putting the Dev in Ops Sec • Borrow from the best • # lint-ignore ... # sec-ignore ? • Test in the pipeline Gabe Schuyler @gabe_sky KernelCon 2022 From devops we learned that it's not just ops in dev, it's dev in ops. If we're going to codify infrastructure, why not borrow dev tools? Ask yourself, if we let devs skip lint checks, why not security checks? Once you have IaC and PaC going, put it all together in CICD.
Summary • Brave new world • Fast, disposable, automated and codi fi ed • Containers, serverless, X as a service • Shift left on infrastructure as code • Trust Gabe Schuyler @gabe_sky KernelCon 2022 Forget lift-and-shift, this is a new world, and developers are driving to it. Fast, disposable, automated and codi fi ed. Use this for yourself too. Get comfortable enough with the new tech to apply security tools. Shifting left is essential, and easy once everything is codi fi ed. Foster an environment of trust. We've done it for devops ... now it's our turn.
Call to action • Start small • Find champions • Learn new things • Go get 'em! Gabe Schuyler @gabe_sky KernelCon 2022
Securing Cloud-Native Workloads Q & A Gabe Schuyler @gabe_sky KernelCon 2022

Recommended

Using Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveUsing Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveCisco DevNet
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Ken Owens
 
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationDEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationCisco DevNet
 
Keynote: Trends in Modern Application Development - Gilly Dekel, IBM
Keynote: Trends in Modern Application Development - Gilly Dekel, IBMKeynote: Trends in Modern Application Development - Gilly Dekel, IBM
Keynote: Trends in Modern Application Development - Gilly Dekel, IBMCodemotion Tel Aviv
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationCisco DevNet
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 KeynoteKen Owens
 
Application Centric Microservices Architecture
Application Centric Microservices ArchitectureApplication Centric Microservices Architecture
Application Centric Microservices ArchitectureKen Owens
 
BayInfotech (BIT) ACI Portfolio
BayInfotech (BIT) ACI PortfolioBayInfotech (BIT) ACI Portfolio
BayInfotech (BIT) ACI PortfolioMaulik Shyani
 

Recommended

Using Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveUsing Cisco pxGrid for Security Platform Integration: a deep dive
Using Cisco pxGrid for Security Platform Integration: a deep diveCisco DevNet
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Ken Owens
 
DEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationDEVNET-1010 Using Cisco pxGrid for Security Platform Integration
DEVNET-1010 Using Cisco pxGrid for Security Platform IntegrationCisco DevNet
 
Keynote: Trends in Modern Application Development - Gilly Dekel, IBM
Keynote: Trends in Modern Application Development - Gilly Dekel, IBMKeynote: Trends in Modern Application Development - Gilly Dekel, IBM
Keynote: Trends in Modern Application Development - Gilly Dekel, IBMCodemotion Tel Aviv
 
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationDEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform Integration
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationCisco DevNet
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 KeynoteKen Owens
 
Application Centric Microservices Architecture
Application Centric Microservices ArchitectureApplication Centric Microservices Architecture
Application Centric Microservices ArchitectureKen Owens
 
BayInfotech (BIT) ACI Portfolio
BayInfotech (BIT) ACI PortfolioBayInfotech (BIT) ACI Portfolio
BayInfotech (BIT) ACI PortfolioMaulik Shyani
 
Cloud native
Cloud nativeCloud native
Cloud nativeKen Owens
 
Enabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve Business ProblemsEnabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve Business ProblemsKen Owens
 
Bringing Cloud Native Innovation to the Enterprise
Bringing Cloud Native Innovation to the EnterpriseBringing Cloud Native Innovation to the Enterprise
Bringing Cloud Native Innovation to the EnterpriseNicolas (Nick) Barcet
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
 
A Hitchhiker's Guide to Enterprise Microservices with Go
A Hitchhiker's Guide to Enterprise Microservices with GoA Hitchhiker's Guide to Enterprise Microservices with Go
A Hitchhiker's Guide to Enterprise Microservices with GoQAware GmbH
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewCisco DevNet
 
Transforming Networks with NFV & SDN
Transforming Networks with NFV & SDNTransforming Networks with NFV & SDN
Transforming Networks with NFV & SDNOpen Networking Summits
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
Discover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionDiscover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionScaleway
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...ITCamp
 
Internet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-AInternet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-ABrian Chambers
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container EnvironmentsTwistlock
 
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...InfluxData
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
NVIDIA Developer Program Overview
NVIDIA Developer Program OverviewNVIDIA Developer Program Overview
NVIDIA Developer Program OverviewNVIDIA
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Learn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistLearn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistJoel W. King
 
Choose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesChoose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesYusuf Hadiwinata Sutandar
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
 
Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalQAware GmbH
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfSavinder Puri
 

More Related Content

What's hot

Cloud native
Cloud nativeCloud native
Cloud nativeKen Owens
 
Enabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve Business ProblemsEnabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve Business ProblemsKen Owens
 
Bringing Cloud Native Innovation to the Enterprise
Bringing Cloud Native Innovation to the EnterpriseBringing Cloud Native Innovation to the Enterprise
Bringing Cloud Native Innovation to the EnterpriseNicolas (Nick) Barcet
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
 
A Hitchhiker's Guide to Enterprise Microservices with Go
A Hitchhiker's Guide to Enterprise Microservices with GoA Hitchhiker's Guide to Enterprise Microservices with Go
A Hitchhiker's Guide to Enterprise Microservices with GoQAware GmbH
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewCisco DevNet
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
Discover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionDiscover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionScaleway
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...ITCamp
 
Internet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-AInternet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-ABrian Chambers
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container EnvironmentsTwistlock
 
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...InfluxData
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
NVIDIA Developer Program Overview
NVIDIA Developer Program OverviewNVIDIA Developer Program Overview
NVIDIA Developer Program OverviewNVIDIA
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Learn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistLearn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistJoel W. King
 
Choose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesChoose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesYusuf Hadiwinata Sutandar
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
 

What's hot (20)

Cloud native
Cloud nativeCloud native
Cloud native
 
Enabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve Business ProblemsEnabling Microservices Frameworks to Solve Business Problems
Enabling Microservices Frameworks to Solve Business Problems
 
Bringing Cloud Native Innovation to the Enterprise
Bringing Cloud Native Innovation to the EnterpriseBringing Cloud Native Innovation to the Enterprise
Bringing Cloud Native Innovation to the Enterprise
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
 
A Hitchhiker's Guide to Enterprise Microservices with Go
A Hitchhiker's Guide to Enterprise Microservices with GoA Hitchhiker's Guide to Enterprise Microservices with Go
A Hitchhiker's Guide to Enterprise Microservices with Go
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
 
Transforming Networks with NFV & SDN
Transforming Networks with NFV & SDNTransforming Networks with NFV & SDN
Transforming Networks with NFV & SDN
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
 
Discover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionDiscover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solution
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
 
Internet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-AInternet of Things and Edge Compute at Chick-fil-A
Internet of Things and Edge Compute at Chick-fil-A
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container Environments
 
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
Daniel Putz & Maksim Puzykov [Volvo Cars] | History of Monitoring at Volvo Ca...
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environments
 
NVIDIA Developer Program Overview
NVIDIA Developer Program OverviewNVIDIA Developer Program Overview
NVIDIA Developer Program Overview
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Learn To Think Like A Computer Scientist
Learn To Think Like A Computer ScientistLearn To Think Like A Computer Scientist
Learn To Think Like A Computer Scientist
 
Choose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesChoose the Right Container Storage for Kubernetes
Choose the Right Container Storage for Kubernetes
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
 

Similar to Kernel Con 2022: Securing Cloud Native Workloads

Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalQAware GmbH
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfSavinder Puri
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your BusinessWeCode Inc
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sQAware GmbH
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersAtlassian
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ... Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...Weaveworks
 
The Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesThe Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesJacopo Nardiello
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architecturesnine
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrewLibbySchulze
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science PlatformDecision Science Community
 
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Marcin Grzejszczak
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesChakradhar Rao Jonagam
 
Testing infrastructure as code
Testing infrastructure as codeTesting infrastructure as code
Testing infrastructure as codePrancer Io
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Samy Fodil
 
PureApplication: Devops and Urbancode
PureApplication: Devops and UrbancodePureApplication: Devops and Urbancode
PureApplication: Devops and UrbancodeJohn Hawkins
 
Infrastructure as Code with Terraform on AWS
Infrastructure as Code with Terraform on AWSInfrastructure as Code with Terraform on AWS
Infrastructure as Code with Terraform on AWSAli Can Kuştemur 🐧
 

Similar to Kernel Con 2022: Securing Cloud Native Workloads (20)

Enterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New NormalEnterprise Cloud Native is the New Normal
Enterprise Cloud Native is the New Normal
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ... Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
 
The Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on KubernetesThe Art of Cloud Native Defense on Kubernetes
The Art of Cloud Native Defense on Kubernetes
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science Platform
 
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
Continuous Deployment To The Cloud With Spring Cloud Pipelines @WarsawCloudNa...
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/Kubernetes
 
Testing infrastructure as code
Testing infrastructure as codeTesting infrastructure as code
Testing infrastructure as code
 
Let's Program The Cloud
Let's Program The CloudLet's Program The Cloud
Let's Program The Cloud
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
 
PureApplication: Devops and Urbancode
PureApplication: Devops and UrbancodePureApplication: Devops and Urbancode
PureApplication: Devops and Urbancode
 
Infrastructure as Code with Terraform on AWS
Infrastructure as Code with Terraform on AWSInfrastructure as Code with Terraform on AWS
Infrastructure as Code with Terraform on AWS
 

More from Gabriel Schuyler

2024 Kernelcon Attack and Defense of AI.pdf
2024 Kernelcon Attack and Defense of AI.pdf2024 Kernelcon Attack and Defense of AI.pdf
2024 Kernelcon Attack and Defense of AI.pdfGabriel Schuyler
 
2023 BSides ATX Trending Attack and Defense.pdf
2023 BSides ATX Trending Attack and Defense.pdf2023 BSides ATX Trending Attack and Defense.pdf
2023 BSides ATX Trending Attack and Defense.pdfGabriel Schuyler
 
Trends in Cloud Security Attack & Defense
Trends in Cloud Security Attack & DefenseTrends in Cloud Security Attack & Defense
Trends in Cloud Security Attack & DefenseGabriel Schuyler
 
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real CloudsPancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real CloudsGabriel Schuyler
 
Automating Security Tests in Development with Docker
Automating Security Tests in Development with DockerAutomating Security Tests in Development with Docker
Automating Security Tests in Development with DockerGabriel Schuyler
 
2022 GrrCON Shifting Right with Policy as Code.pdf
2022 GrrCON Shifting Right with Policy as Code.pdf2022 GrrCON Shifting Right with Policy as Code.pdf
2022 GrrCON Shifting Right with Policy as Code.pdfGabriel Schuyler
 
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdfTexas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdfGabriel Schuyler
 
Dog Days of Devops 2022: Policy as Code
Dog Days of Devops 2022: Policy as CodeDog Days of Devops 2022: Policy as Code
Dog Days of Devops 2022: Policy as CodeGabriel Schuyler
 
fwd:cloudsec 2022: Shifting right with policy-as-code
fwd:cloudsec 2022: Shifting right with policy-as-codefwd:cloudsec 2022: Shifting right with policy-as-code
fwd:cloudsec 2022: Shifting right with policy-as-codeGabriel Schuyler
 
Hope 2022: Just Enough RFID Cloning to be Dangerous
Hope 2022: Just Enough RFID Cloning to be DangerousHope 2022: Just Enough RFID Cloning to be Dangerous
Hope 2022: Just Enough RFID Cloning to be DangerousGabriel Schuyler
 
ShmooCon 2022: RFID Key Cloning for Angry Bikers
ShmooCon 2022: RFID Key Cloning for Angry BikersShmooCon 2022: RFID Key Cloning for Angry Bikers
ShmooCon 2022: RFID Key Cloning for Angry BikersGabriel Schuyler
 
Migrating Puppet 3 to 4 -- Code Changes
Migrating Puppet 3 to 4 -- Code ChangesMigrating Puppet 3 to 4 -- Code Changes
Migrating Puppet 3 to 4 -- Code ChangesGabriel Schuyler
 
IC3 -- Configuration Management 101
IC3 -- Configuration Management 101IC3 -- Configuration Management 101
IC3 -- Configuration Management 101Gabriel Schuyler
 

More from Gabriel Schuyler (14)

2024 Kernelcon Attack and Defense of AI.pdf
2024 Kernelcon Attack and Defense of AI.pdf2024 Kernelcon Attack and Defense of AI.pdf
2024 Kernelcon Attack and Defense of AI.pdf
 
2023 BSides ATX Trending Attack and Defense.pdf
2023 BSides ATX Trending Attack and Defense.pdf2023 BSides ATX Trending Attack and Defense.pdf
2023 BSides ATX Trending Attack and Defense.pdf
 
Trends in Cloud Security Attack & Defense
Trends in Cloud Security Attack & DefenseTrends in Cloud Security Attack & Defense
Trends in Cloud Security Attack & Defense
 
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real CloudsPancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
Pancakes Con 4 Trends in Cloud Security & Fun Facts about Real Clouds
 
Automating Security Tests in Development with Docker
Automating Security Tests in Development with DockerAutomating Security Tests in Development with Docker
Automating Security Tests in Development with Docker
 
2022 GrrCON Shifting Right with Policy as Code.pdf
2022 GrrCON Shifting Right with Policy as Code.pdf2022 GrrCON Shifting Right with Policy as Code.pdf
2022 GrrCON Shifting Right with Policy as Code.pdf
 
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdfTexas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
Texas Cyber Summit 2022: Challenges Securing Cloud-Native.pdf
 
Dog Days of Devops 2022: Policy as Code
Dog Days of Devops 2022: Policy as CodeDog Days of Devops 2022: Policy as Code
Dog Days of Devops 2022: Policy as Code
 
fwd:cloudsec 2022: Shifting right with policy-as-code
fwd:cloudsec 2022: Shifting right with policy-as-codefwd:cloudsec 2022: Shifting right with policy-as-code
fwd:cloudsec 2022: Shifting right with policy-as-code
 
Hope 2022: Just Enough RFID Cloning to be Dangerous
Hope 2022: Just Enough RFID Cloning to be DangerousHope 2022: Just Enough RFID Cloning to be Dangerous
Hope 2022: Just Enough RFID Cloning to be Dangerous
 
ShmooCon 2022: RFID Key Cloning for Angry Bikers
ShmooCon 2022: RFID Key Cloning for Angry BikersShmooCon 2022: RFID Key Cloning for Angry Bikers
ShmooCon 2022: RFID Key Cloning for Angry Bikers
 
Cybersecurity in 2022
Cybersecurity in 2022Cybersecurity in 2022
Cybersecurity in 2022
 
Migrating Puppet 3 to 4 -- Code Changes
Migrating Puppet 3 to 4 -- Code ChangesMigrating Puppet 3 to 4 -- Code Changes
Migrating Puppet 3 to 4 -- Code Changes
 
IC3 -- Configuration Management 101
IC3 -- Configuration Management 101IC3 -- Configuration Management 101
IC3 -- Configuration Management 101
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Kernel Con 2022: Securing Cloud Native Workloads

  • 1. Securing Cloud-Native Workloads Gabe Schuyler @gabe_sky KernelCon 2022
  • 2. Gabe Schuyler • Operations veteran • DevOps enthusiast • Cloud security specialist • ... and running, RFID, and 
 using technology to effect 
 positive social change. Gabe Schuyler @gabe_sky KernelCon 2022 I've been in operations for ever -- Playstation. I spent seven years in professional services at PuppetLabs. I work as a solutions engineer at Wiz, Inc right now. In my spare time I like running, playing with RFID, and promoting the use of technology for positive social change.
  • 3. Shared Responsibility Model Hardware Services Con fi g Workloads Them Us Gabe Schuyler @gabe_sky KernelCon 2022 Cloud security providers talk about the "shared responsibility model." Basically, they promise to keep the servers running and the card machine swiping. You are responsible for how you con fi gure their services. You are also responsible for what you run on workloads. You're also responsible for who you let do what.
  • 4. Acronyms Con fi g Workloads Gabe Schuyler @gabe_sky KernelCon 2022 CSPM: 
 Cloud Security Posture Management CWPP: 
 Cloud Workload Protection Platform CIEM: 
 Cloud Identity and Entitlement Management CNAPP: 
 Cloud Native Application Protection Platform Let's talk acronyms. Protecting how you con fi gure your services is CSPM. Protecting what you run on your workloads is CWPP. Protecting the way that you authorize people and services to use things is CIEM. Wrap it all up together and you've got what Gartner calls CNAPP.
  • 5. What is cloud native? • Beyond lift-and-shift • Disposable workloads • Automated and codi fi ed • X as a service Gabe Schuyler @gabe_sky KernelCon 2022 Let's start by talking about what we mean by "cloud native." It's not just lift-and-shift, it's what's evolved from that. Workloads are short-lived. If they break, you destroy and rebuild them. To be able to do this we need to automate, and codify con fi gs and infrastructure. Increasingly we don't even run the server, we let the cloud provider do it.
  • 6. Securing disposable workloads • The cattle vs. pets metaphor 
 (Randy Bias) • Runtime defense directs redeployment • Con fi guration in version control & pipelines • Developers making infrastructure choices • Security must be part of continuous delivery Gabe Schuyler @gabe_sky KernelCon 2022 We're used to patching/ fi xing broken workloads; in the cloud you just redeploy. So if something gets hacked, you don't use EDR, you update and redeploy. To be able to adopt this lifestyle, the infrastructure itself needs to be part of SDLC. Once infrastructure is codi fi ed, it's now part of the development process itself. Security must be integral to the CICD process, just as other tests are.
  • 7. Containers in clusters • Single purpose modules • Microservice architecture • Automatic (opaque) networking • But easy to allow-list protect • Base images and layers Gabe Schuyler @gabe_sky KernelCon 2022 front-end cart payment metrics session 443 2711 8088 8089 4744 I'll assume most folks are comfortable with containers. Where they really di ff er is the application architecture of microservices. And in a cluster, the communication is opaque to the outside. It looks complicated, however, single-purpose means allow-lists are obvious. Keep an eye on the base images, and be able to detect the layer of vulnerabilities.
  • 8. Serverless functions • Single purpose/endpoint • Non-IP communication • Dead-simple allow-lists • Dependencies ... 
 dependencies everywhere! Gabe Schuyler @gabe_sky KernelCon 2022 login logout tracker metrics to_png upload 443 443 443 443 queue ? !? Now we get exciting, these aren't just one application piece, they're one function. Also, communication isn't always over IP! It could be a queue, or in-place. However, securing these is dead simple, they do one thing with known inputs. Similar to base images, make sure to not just scan code, but the dependencies.
  • 9. Persistent services • Storage • Databases • Load balancers • Secrets stores • Firewalls Gabe Schuyler @gabe_sky KernelCon 2022 front-end cart payment session metrics to_png upload storage load balancer secrets So, if everything's ephemeral, how do I use anything persistent. You use software/platform as a service, allowing you to focus on code. This is where CSPM comes in; you need to scan this stu ff for miscon fi gurations. Make sure you understand CIEM, limiting who can do what. (And if they use it.) You'll also want to keep an eye on user behavior anomalies.
  • 10. Infrastructure as code • Automated and codi fi ed • Terraform, CloudFormation, ARM &c • Puppet, Chef, weaponized Bash scripts • Scan scan scan • Watch for drift Gabe Schuyler @gabe_sky KernelCon 2022 In devops we allow developers to de fi ne the infrastructure, so then use code. It's where we put the dev in ops ... technologies like Terraform, CF, ARM On the lift-and-shift side, we adopted con fi guration management. It's similar! Scan this stu ff everywhere, including in CICD pipelines. And, since this is the authoritative, any drift should be considered an incident.
  • 11. Shift left security • Prevention vs. cure • Developers' native tools • Find a champion. • Describe underlying patterns • Prioritize true exposure and risks • Offer remediation advice Gabe Schuyler @gabe_sky KernelCon 2022 Blah blah blah an ounce of prevention is worth a pound of cure. (In metric?) Meet developers in the tools they use ... from CLI to IDE to CICD. Look up some talks about fi nding security champions within development teams. Don't just fl ag issues -- describe why they matter and a pattern they represent. Don't just hand over a pile of issues -- prioritize them by true risk. There are plenty of tools that o ff er advice or even a pull request.
  • 12. Policy as code • Putting the Dev in Ops Sec • Borrow from the best • # lint-ignore ... # sec-ignore ? • Test in the pipeline Gabe Schuyler @gabe_sky KernelCon 2022 From devops we learned that it's not just ops in dev, it's dev in ops. If we're going to codify infrastructure, why not borrow dev tools? Ask yourself, if we let devs skip lint checks, why not security checks? Once you have IaC and PaC going, put it all together in CICD.
  • 13. Summary • Brave new world • Fast, disposable, automated and codi fi ed • Containers, serverless, X as a service • Shift left on infrastructure as code • Trust Gabe Schuyler @gabe_sky KernelCon 2022 Forget lift-and-shift, this is a new world, and developers are driving to it. Fast, disposable, automated and codi fi ed. Use this for yourself too. Get comfortable enough with the new tech to apply security tools. Shifting left is essential, and easy once everything is codi fi ed. Foster an environment of trust. We've done it for devops ... now it's our turn.
  • 14. Call to action • Start small • Find champions • Learn new things • Go get 'em! Gabe Schuyler @gabe_sky KernelCon 2022
  • 15. Securing Cloud-Native Workloads Q & A Gabe Schuyler @gabe_sky KernelCon 2022