Scaling Security
GROW WITHOUT COMPROMISING SECURITY
Slide 2
Slide 2 text
Scaling
mitchellh
Slide 3
Slide 3 text
Scaling
mitchellh
Slide 4
Slide 4 text
Scaling
mitchellh
Developer Operator Production
Slide 5
Slide 5 text
DevOps
mitchellh
Developer
Operator
Production
Slide 6
Slide 6 text
DevOps
mitchellh
Developer
Operator
Production
Security?
Slide 7
Slide 7 text
DevOps
mitchellh
Developer
Operator
Production
Security?
Slide 8
Slide 8 text
Scaling Anything
mitchellh
1. Do less
2. Do it faster
3. Do more in parallel
Slide 9
Slide 9 text
Scaling Security
How do you empower people
to build secure systems?
mitchellh
Slide 10
Slide 10 text
Empowering
Security
mitchellh
Slide 11
Slide 11 text
Empowering Security
• Developers: A powerful, idiomatic API
• Operators: A pure-software solution that is easy to maintain
and can run on commodity hardware
• Security Engineers: Strict usage control, audit trails,
clear threat models
mitchellh
Slide 12
Slide 12 text
Vault
mitchellh
Slide 13
Slide 13 text
Developers: An API for Security
• HTTP (over TLS), JSON
• Secret storage
• Encryption services
• Certificate creation and verification
mitchellh
Slide 14
Slide 14 text
Operators: Its Just Software
• Pure software, no hardware requirement
• Stateless (pluggable data stores)
• Active/standby HA
• Read-scalability with replication (enterprise)
mitchellh
Slide 15
Slide 15 text
Security Engineers: Fort Knox
• N-Person Unseal
• Audit trails
• Access Control
• Clearly defined threat model and architecture
• Open Source, Audited, Compliance, feature support
mitchellh
Slide 16
Slide 16 text
Scaling
Security
mitchellh
Slide 17
Slide 17 text
Scaling Security
mitchellh
Developer
Operator Production
Security
Infrastructure Security, Network Security
Scaling Security: Ops
• Network layout/config,
routing tables, etc.
• OS security, user accounts,
file permissions, etc.
• Infrastructure creation,
change process
mitchellh
Slide 21
Slide 21 text
Application Security, Data Security
Scaling Security: Dev
• TLS connections
• API auth/authz
• Data encryption
• Password request and usage
mitchellh
Slide 22
Slide 22 text
Scaling Security
Trust but verify at every level
mitchellh
Slide 23
Slide 23 text
Scaling Security
GROW WITHOUT COMPROMISING SECURITY