Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Native - Security threat or opportunity

Liz Rice
October 19, 2017
Technology
0
6.1k

Cloud Native - Security threat or opportunity

Keynote at Velocity London in which I make the case that it's easier to secure a cloud native deployment than a traditional one.

Liz Rice

October 19, 2017
Tweet

More Decks by Liz Rice

See All by Liz Rice
Unleashing the kernel with eBPF
lizrice
0
130
eBPF's Abilities and Limitations: The Truth
lizrice
0
240
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
140
When is a Secure Connection not encrypted? And other stories
lizrice
1
63
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
570
How Many Proxies Do You Need
lizrice
1
120
eBPF for Security Observability
lizrice
0
1.2k
Beginner's Guide to eBPF Programming for Networking
lizrice
1
2.2k
Contributing to Open Source - what's in it for my business?
lizrice
0
43

Other Decks in Technology

See All in Technology
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
190
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
210
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
230
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
120
【LT】ソフトウェア産業は進化しているのか? #Agilejapan
takabow
0
100
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
230
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
13k
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
2
230
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
430

Featured

See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Facilitating Awesome Meetings
lara
50
6.1k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Gamification - CAS2011
davidbonilla
80
5k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
A designer walks into a library…
pauljervisheath
204
24k
Faster Mobile Websites
deanohume
305
30k
It's Worth the Effort
3n
183
27k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Building Your Own Lightsaber
phodgson
103
6.1k

Transcript

  1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    Cloud Native - security threat or opportunity? Liz Rice @lizrice | @aquasecteam

  2. 2 @lizrice What is Cloud Native? Containers ◼ Orchestration ◼

    Microservices

  3. 3 @lizrice Orchestrated, containerized microservices Hundreds of microservices Thousands of

    containers Average container lifetime < 1 day

  4. 4 @lizrice Security is a concern when deploying containers 88%

    agree Sonatype 2017 DevSecOps Survey

  5. 5 @lizrice Before Cloud Native Create software Deploy Patch Provision

    servers

  6. 6 @lizrice Through 2020, zero-day vulnerabilities will play a role

    in less than 0.1% of attacks Source: Gartner 7 Top Security Predictions for 2017

  7. 7 @lizrice Applying patches to containers?

  8. 8 @lizrice

  9. 9 @lizrice Cloud native process Create software Build images Deploy

  10. 10 @lizrice Scan for vulnerabilities Create software Build images Deploy

  11. 11 @lizrice Image policies Create software Build images Deploy ✓

  12. 12 @lizrice What about the hosts?

  13. 13 @lizrice Hosts Host OS Automated testing Recycling Intrusion detection

  14. 14 @lizrice Wait, there’s more!

  15. 15 @lizrice Microservice network segmentation ▪ Restrict communication between microservices

    ▪ Encrypted connections

  16. 16 @lizrice Runtime protection ▪ Restrict container activity ▪ Prevent

    anomalous / suspicious behaviour

  17. Shellshock demo

  18. 18 @lizrice Cloud Native security advantages ▪ Decomposition of the

    problem ▪ Additional layers of defence ▪ Continuous deployment ▪ Shorter attack window ▪ Community best practices

  19. 19 @lizrice Room for improvement in container security 80% agree

    Aqua Security 2017 Survey

  20. 20 @lizrice “Containers … require a more collaborative approach by

    security and DevOps teams.” Source: Gartner 7 Top Security Predictions for 2017

  21. 21 @lizrice “Organizations would do well to embed security early

    into the process” Source: Gartner 7 Top Security Predictions for 2017

  22. 22 @lizrice Continuous integration Continuous deployment Continuous security

  23. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    @lizrice | @aquasecteam aquasec.com/survey github.com/aquasecurity/kube-bench