Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Native - Security threat or opportunity

Liz Rice
October 19, 2017
Technology
0
5.8k

Cloud Native - Security threat or opportunity

Keynote at Velocity London in which I make the case that it's easier to secure a cloud native deployment than a traditional one.

Liz Rice

October 19, 2017
Tweet

More Decks by Liz Rice

See All by Liz Rice
Unleashing the kernel with eBPF
lizrice
0
12
eBPF's Abilities and Limitations: The Truth
lizrice
0
30
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
13
When is a Secure Connection not encrypted? And other stories
lizrice
1
17
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
460
How Many Proxies Do You Need
lizrice
1
100
eBPF for Security Observability
lizrice
0
1k
Beginner's Guide to eBPF Programming for Networking
lizrice
1
2k
Contributing to Open Source - what's in it for my business?
lizrice
0
35

Other Decks in Technology

See All in Technology
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
0
300
20分で完全に理解するGrafanaダッシュボード
hamadakoji
3
660
require(ESM)とECMAScript仕様
uhyo
3
760
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
140
現代CSSフレームワークの内部実装とその仕組み
poteboy
7
3.6k
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
プラットフォームってつくることより計測することが重要なんじゃないかという話 / Platform Engineering Meetup #8
taishin
1
370
「スニダン」開発組織の構造に込めた意図 ~組織作りはパッションや政治ではない!~
rinchsan
3
570
Cracking the KubeCon CfP
inductor
2
250
オーナーシップを持つ領域を明確にする
konifar
13
3.2k
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
4
440

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
A better future with KSS
kneath
231
16k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
The Language of Interfaces
destraynor
151
23k
Embracing the Ebb and Flow
colly
80
4.1k
Product Roadmaps are Hard
iamctodd
44
9.7k
YesSQL, Process and Tooling at Scale
rocio
164
13k
A designer walks into a library…
pauljervisheath
200
23k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Into the Great Unknown - MozCon
thekraken
10
990
Code Review Best Practice
trishagee
55
15k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k

Transcript

  1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    Cloud Native - security threat or opportunity? Liz Rice @lizrice | @aquasecteam

  2. 2 @lizrice What is Cloud Native? Containers ◼ Orchestration ◼

    Microservices

  3. 3 @lizrice Orchestrated, containerized microservices Hundreds of microservices Thousands of

    containers Average container lifetime < 1 day

  4. 4 @lizrice Security is a concern when deploying containers 88%

    agree Sonatype 2017 DevSecOps Survey

  5. 5 @lizrice Before Cloud Native Create software Deploy Patch Provision

    servers

  6. 6 @lizrice Through 2020, zero-day vulnerabilities will play a role

    in less than 0.1% of attacks Source: Gartner 7 Top Security Predictions for 2017

  7. 7 @lizrice Applying patches to containers?

  8. 8 @lizrice

  9. 9 @lizrice Cloud native process Create software Build images Deploy

  10. 10 @lizrice Scan for vulnerabilities Create software Build images Deploy

  11. 11 @lizrice Image policies Create software Build images Deploy ✓

  12. 12 @lizrice What about the hosts?

  13. 13 @lizrice Hosts Host OS Automated testing Recycling Intrusion detection

  14. 14 @lizrice Wait, there’s more!

  15. 15 @lizrice Microservice network segmentation ▪ Restrict communication between microservices

    ▪ Encrypted connections

  16. 16 @lizrice Runtime protection ▪ Restrict container activity ▪ Prevent

    anomalous / suspicious behaviour

  17. Shellshock demo

  18. 18 @lizrice Cloud Native security advantages ▪ Decomposition of the

    problem ▪ Additional layers of defence ▪ Continuous deployment ▪ Shorter attack window ▪ Community best practices

  19. 19 @lizrice Room for improvement in container security 80% agree

    Aqua Security 2017 Survey

  20. 20 @lizrice “Containers … require a more collaborative approach by

    security and DevOps teams.” Source: Gartner 7 Top Security Predictions for 2017

  21. 21 @lizrice “Organizations would do well to embed security early

    into the process” Source: Gartner 7 Top Security Predictions for 2017

  22. 22 @lizrice Continuous integration Continuous deployment Continuous security

  23. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    @lizrice | @aquasecteam aquasec.com/survey github.com/aquasecurity/kube-bench