OMGDEVSECOPSBBQ

Transcript

1. Confidential │ ©2022 VMware, Inc. OMGDEVSECOPSBBQ @cote VMWare Tanzu

2. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

   52% 70% 49% 29% 24% 46% 65% 43% 25% 18% 59% 52% 38% 30% 16% 14% 5% Meeting Security & Compliance Requirements Inadequate Internal Experience & Expertise Difficult to Integrate With Current Infrastructure Insufficient Documentation No Clear Ownership Lack of App Mobility No Challenges What challenges has your organization encountered in DEPLOYING Kubernetes? Choose all that apply. 2020 2021 2022 Source: State of Kubernetes 2022, VMware Tanzu. @cote

3. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

   Secure Software Supply Chain Shift Left (Culture) Security as a Product Confidential │ ©2022 VMware, Inc.

4. Confidential │ ©2022 VMware, Inc. 4 A simple supply chain

5. Confidential │ ©2022 VMware, Inc. 5 Supply Chain Attacks

6. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

   Shift Left means increasing collaboration between development & security PEOPLE

7. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

   A product mind-set meets the organization’s goals by learning & adapting frequently

8. Confidential │ ©2022 VMware, Inc. 8 Security as a Platform

   – Guardrails, Templates, Desire Paths Tanzu Application Platform Catalogs Services Provisioning and Binding API Portal App and Workflows Accelerators App Live View Tanzu CLI and IDE Plugins Dev Tooling UI Plugins Self-hosted / SaaS Developer Productivity Tools Pipeline Service Build Service Convention Service Security Tools App Delivery Supply Chain Choreography Knative Runtime K8s Jobs Batch Runtime Streaming Runtime Cloud Native Runtimes Tanzu Kubernetes Grid / Any conformant K8s cluster Hybrid Cloud Public Cloud Edge Sources: VMware Tanzu Application Platform; “The Adaptive Enterprise: Can Your Application Platform Cope with a Crisis?” Forrester, et. al., Jan 2022. Tanzu Labs Services Tanzu Mission Control Tanzu Observability Tanzu Service Mesh

9. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

   Sources: US “Department of Defense Enterprise DevSecOps Reference Design: Multi-Cluster CNC F Kubernetes,” Sep, 2021. Also, see Tracy Miranda's DevOps Loop 2022 talk, "Blueprint for Secure OSS Supply Chains." If the US Army can secure it, you can too

10. Confidential │ ©2022 VMware, Inc. 10 Coté @cote | http://cote.io

    | [email protected]