SlideShare a Scribd company logo

Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps

VMware Tanzu
VMware Tanzu

As IT organizations build and release software continuously, how do security teams become enablers of this pace? How can you ensure that the higher rate of change is not leading to lesser security? Join our webinar to learn how Pivotal and Signal Sciences work together to make app deployments faster *and* safer in cloud-native environments. This webinar will cover: - Best practices for implementing new security programs and incentivizing their adoption - How to simplify application layer security deployments across a variety of apps, teams and cloud infrastructures - How threat visibility and real time attack telemetry brings security context into DevOps teams, and improves response times. Presenters: Zane Lackey, Signal Sciences and Kamala Dasika, Pivotal

Technology
1 of 49
Download to read offline
Strategies on How to Overcome Security Challenges Unique to Cloud- Native Apps Zane Lackey @ZaneLackey Kamala Dasika @DasikaKN
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Transform how the world builds software. Modern Software Methodology | Modern Cloud-Native Platform About Pivotal
© Copyright 2017 Pivotal Software, Inc. All rights reserved. 76% 35% 100- 150 * April 2017 Internet Security Threat Report + Web Applications Security Statistics Report 2016 Websites with Vulnerabilities* Increase in Ransomeware* Days to Patch/Fix in Enterprises+ Security Matters to All of Us
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Bespoke Application Process Drives Complex, Manual Deploys & Waterfall Release Cycles
© Copyright 2017 Pivotal Software, Inc. All rights reserved. The brittle stack. The long accreditation cycle. The culture of no. The unpatched server. The un-versioned application. The inconsistent configuration The leaked credential. Security Tradition
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Security Tradition Reduce risk by slowing down.
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Reduce risk by going faster.Cloud Native Security
© Copyright 2017 Pivotal Software, Inc. All rights reserved. CORE PILLARS Turn-key Compliance Repair Repave Rotate Starve Resources Needed for Attacks Time/Delays, Misconfigured/Unpatched Software, Leaked Credentials Address vlnerabilities caused by
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Immutable consistent infrastructure 2-layer scheduler Hardened container boundary Constant, full-stack patching Ephemeral servers Fully encrypted network Ubiquitous policy enforcement Control of software supply chain Monitoring and scanning integration Turn-key compliance Platform Security Concepts
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Everything to Deploy and Manage the App 4. Health management 2. Metrics 3. Log Aggregation 1. Roles and Policy 5. Security and Isolation 7. Scaling 6. Blue- Green deploymentü  Consistent Contracts ü  Fully Automated, Repeatable platform managed DevOps processes ü  Developer + Ops + Security Friendly Constructs ü  Infrastructure Failure Agnostic Structured Automation
© Copyright 2017 Pivotal Software, Inc. All rights reserved. 12 Deployment & Buildpacks cf push cf push –b <buildpack> Deployed Artifact Detect (Buildpack) Compile (Dependencies) Release (Execution config & command) Community Buildpacks Custom Buildpacks Partner Buildpacks Built-In Code Artifacts
© Copyright 2017 Pivotal Software, Inc. All rights reserved. 13 Deployment & Buildpacks cf push cf push –b <buildpack> Deployed Artifact Detect (Buildpack) Compile (Dependencies) Release (Execution config & command) Community Buildpacks Custom Buildpacks Partner Buildpacks Built-In Code Artifacts Detect Compile Release
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Stemcell Hardening •  Stemcell = Bare minimal OS + PCF specific utilities and configuration files •  Hardening guidance from commercial and govt. sources •  BOSH Add Ons –  Ensure certain software runs on all VMs managed by the Director. –  E.g. security agents like Tripwire, IPsec, etc., anti- viruses like McAfee, health monitoring agents l and logging agents BOSH/ Ops Manager Stemcell VM VMVM VM VM VM Release Manifest (simplified to illustrate the point)
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Stemcell Hardening •  Stemcell = Bare minimal OS + PCF specific utilities and configuration files •  Hardening guidance from commercial and govt. sources •  BOSH Add Ons –  Ensure certain software runs on all VMs managed by the Director. –  E.g. security agents like Tripwire, IPsec, etc., anti- viruses like McAfee, health monitoring agents l and logging agents BOSH/ Ops Manager Stemcell VM VMVM VM VM VM Release Manifest (simplified to illustrate the point)
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Each Layer Upgradable with No Downtime App Runtime* File system mapping Application Linux host & kernel Blue-Green deploy Canary style deploy * e.g. Embedded webserver, app configurations, JRE, agents for services packaged as buildpacks C o n t a i n e r
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Upgrade and patch with rolling “canary” deploys X YM NA B Update introduced. If the tests pass, keep going X YM NA B X YM NA B Apps redeployed to clear VMs A,B,M,N,X,Y - Application instances - VM prior to update
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Upgrade and patch with rolling “canary” deploys X YM NA B X YM NA B X YM N X YM NA B X YM NA B Automated, No downtime Atomic rolling update X YM NA B A B
19 “The first time ever we fully upgraded Cloud Infrastructure with Zero Impact. In Production. During Business Hours. During Peak Business Hours.” Source: Internal Feedback Shown by Greg Otto, Executive Director@Comcast at Cloud Foundry Summit 2016
© Copyright 2017 Pivotal Software, Inc. All rights reserved. Guest Speaker: Zane Lackey •  Started out in offense –  iSEC Partners / NCC Group •  Moved to defense –  First head of security at Etsy, built and lead the four security groups •  Now scaling defense for many orgs –  Co-founder / CSO at Signal Sciences, delivering a product that defends web applications in the DevOps/Cloud world
Lessons learned being at the forefront of the shift to DevOps/Cloud
Spoiler: Security shifts from being a gatekeeper to enabling teams to be secure by default
What has changed?
The new realities in a DevSecOps world: 1.  Changes happen multiple orders of magnitude faster than previously 2.  Security only becomes successful if it can bake in to the Development/DevOps process 3.  For many apps, cost of attack is so low you will be attacked even if you’re not a brand name
The new realities in a DevSecOps world: 1.  Changes happen multiple orders of magnitude faster than previously 2.  Security only becomes successful if it can bake in to the Development/DevOps process 3.  For many apps, cost of attack is so low you will be attacked even if you’re not a brand name
The new realities in a DevSecOps world: 1.  Changes happen multiple orders of magnitude faster than previously 2.  Security only becomes successful if it can bake in to the Development/DevOps process 3.  For many apps, cost of attack is so low you will be attacked even if you’re not a brand name
Let’s change our approach
What new concepts should security focus on?
What new concepts should security focus on? Visibility + Feedback
Except… These aren’t new concepts!
Performance monitoring, data analytics, A/B testing are all about visibility + feedback
The same hard lessons are slowly shifting to security
First, a story from the old days…
How can we improve?
Ex: Which of these is a quicker way to spot an attack?
Surface security visibility for everyone, not just the security team (if the security team even exists)
Obtaining be3er feedback
Three keys to modern feedback loops: 1.  Combination of bug bounty + pentests 2.  Bounty is not a replacement for pentest, it augments pentest 3.  Bounty gives general but more real time feedback, pentest shifts to giving more directed but less frequent feedback
Three keys to modern feedback loops: 1.  Combination of bug bounty + pentests 2.  Bounty is not a replacement for pentest, it augments pentest 3.  Bounty gives general but more real time feedback, pentest shifts to giving more directed but less frequent feedback
Three keys to modern feedback loops: 1.  Combination of bug bounty + pentests 2.  Bounty is not a replacement for pentest, it augments pentest 3.  Bounty gives general but more real time feedback, pentest shifts to giving more directed but less frequent feedback
Visibility + Feedback success story: “I discovered the vulnerability late Friday afternoon and wasn't quite ready to email it to them … [Etsy] had detected my requests and pushed a patch Saturday morning before I could email them. This was by far the fastest response time by any company I've reported to.” - Source: https://www.reddit.com/r/netsec/comments/vbrzg/ etsy_has_been_one_of_the_best_companies_ive
Embrace DevOps, Cloud, and other means of increasing velocity. But do safely by obtaining: Visibility + Feedback
Thanks!
Strategies on How to Overcome Security Challenges Unique to Cloud- Native Apps Zane Lackey @ZaneLackey Kamala Dasika @DasikaKN

Recommended

Journey to Cloud-Native - Reducing Production Risks at Scale
Journey to Cloud-Native - Reducing Production Risks at ScaleJourney to Cloud-Native - Reducing Production Risks at Scale
Journey to Cloud-Native - Reducing Production Risks at ScaleVMware Tanzu
 
Journey to Cloud-Native: Making Sense of Your Service Interactions
Journey to Cloud-Native: Making Sense of Your Service InteractionsJourney to Cloud-Native: Making Sense of Your Service Interactions
Journey to Cloud-Native: Making Sense of Your Service InteractionsVMware Tanzu
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
How to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesHow to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesVMware Tanzu
 
Pivotal Cloud Foundry: A Technical Overview
Pivotal Cloud Foundry: A Technical OverviewPivotal Cloud Foundry: A Technical Overview
Pivotal Cloud Foundry: A Technical OverviewVMware Tanzu
 
Don't Let Legacy CDNs Hold You Back
Don't Let Legacy CDNs Hold You BackDon't Let Legacy CDNs Hold You Back
Don't Let Legacy CDNs Hold You BackCloudflare
 
Webinar - What's New at Cloudflare (8/23/18)
Webinar - What's New at Cloudflare (8/23/18)Webinar - What's New at Cloudflare (8/23/18)
Webinar - What's New at Cloudflare (8/23/18)Cloudflare
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 

Recommended

Journey to Cloud-Native - Reducing Production Risks at Scale
Journey to Cloud-Native - Reducing Production Risks at ScaleJourney to Cloud-Native - Reducing Production Risks at Scale
Journey to Cloud-Native - Reducing Production Risks at ScaleVMware Tanzu
 
Journey to Cloud-Native: Making Sense of Your Service Interactions
Journey to Cloud-Native: Making Sense of Your Service InteractionsJourney to Cloud-Native: Making Sense of Your Service Interactions
Journey to Cloud-Native: Making Sense of Your Service InteractionsVMware Tanzu
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
How to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesHow to Overcome Data Challenges When Refactoring Monoliths to Microservices
How to Overcome Data Challenges When Refactoring Monoliths to MicroservicesVMware Tanzu
 
Pivotal Cloud Foundry: A Technical Overview
Pivotal Cloud Foundry: A Technical OverviewPivotal Cloud Foundry: A Technical Overview
Pivotal Cloud Foundry: A Technical OverviewVMware Tanzu
 
Don't Let Legacy CDNs Hold You Back
Don't Let Legacy CDNs Hold You BackDon't Let Legacy CDNs Hold You Back
Don't Let Legacy CDNs Hold You BackCloudflare
 
Webinar - What's New at Cloudflare (8/23/18)
Webinar - What's New at Cloudflare (8/23/18)Webinar - What's New at Cloudflare (8/23/18)
Webinar - What's New at Cloudflare (8/23/18)Cloudflare
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesRightScale
 
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network IsolationPivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network IsolationVMware Tanzu
 
From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!Jules Pierre-Louis
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIVMware Tanzu
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsVMware Tanzu
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...VMware Tanzu
 
The Cloud Native Journey
The Cloud Native JourneyThe Cloud Native Journey
The Cloud Native JourneyVMware Tanzu
 
Cloud Native Computing: What does it mean, and is your app Cloud Native?
Cloud Native Computing: What does it mean, and is your app Cloud Native?Cloud Native Computing: What does it mean, and is your app Cloud Native?
Cloud Native Computing: What does it mean, and is your app Cloud Native?Michael O'Sullivan
 
Why Microservice
Why Microservice Why Microservice
Why Microservice Kelvin Yeung
 
SRV210 Improving Microservice and Serverless Observability with Monitoring Data
SRV210 Improving Microservice and Serverless Observability with Monitoring DataSRV210 Improving Microservice and Serverless Observability with Monitoring Data
SRV210 Improving Microservice and Serverless Observability with Monitoring DataNew Relic
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Azure Spring Cloud Workshop - June 17, 2020
Azure Spring Cloud Workshop - June 17, 2020Azure Spring Cloud Workshop - June 17, 2020
Azure Spring Cloud Workshop - June 17, 2020VMware Tanzu
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 
Microservice architecture case study
Microservice architecture case studyMicroservice architecture case study
Microservice architecture case studyRudra Tripathy
 
Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020VMware Tanzu
 
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...VMware Tanzu
 
Accelerate Digital Transformation with Pivotal Cloud Foundry on Azure
Accelerate Digital Transformation with Pivotal Cloud Foundry on AzureAccelerate Digital Transformation with Pivotal Cloud Foundry on Azure
Accelerate Digital Transformation with Pivotal Cloud Foundry on AzureVMware Tanzu
 
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...Lightbend
 
Pivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookPivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookVMware Tanzu
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...VMware Tanzu
 
2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdfSavinder Puri
 
dotSecurity2017
dotSecurity2017dotSecurity2017
dotSecurity2017Zane Lackey
 

More Related Content

What's hot

Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network IsolationPivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network IsolationVMware Tanzu
 
From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!Jules Pierre-Louis
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIVMware Tanzu
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsVMware Tanzu
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...VMware Tanzu
 
The Cloud Native Journey
The Cloud Native JourneyThe Cloud Native Journey
The Cloud Native JourneyVMware Tanzu
 
Cloud Native Computing: What does it mean, and is your app Cloud Native?
Cloud Native Computing: What does it mean, and is your app Cloud Native?Cloud Native Computing: What does it mean, and is your app Cloud Native?
Cloud Native Computing: What does it mean, and is your app Cloud Native?Michael O'Sullivan
 
SRV210 Improving Microservice and Serverless Observability with Monitoring Data
SRV210 Improving Microservice and Serverless Observability with Monitoring DataSRV210 Improving Microservice and Serverless Observability with Monitoring Data
SRV210 Improving Microservice and Serverless Observability with Monitoring DataNew Relic
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Azure Spring Cloud Workshop - June 17, 2020
Azure Spring Cloud Workshop - June 17, 2020Azure Spring Cloud Workshop - June 17, 2020
Azure Spring Cloud Workshop - June 17, 2020VMware Tanzu
 
Microservice architecture case study
Microservice architecture case studyMicroservice architecture case study
Microservice architecture case studyRudra Tripathy
 
Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020VMware Tanzu
 
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...VMware Tanzu
 
Accelerate Digital Transformation with Pivotal Cloud Foundry on Azure
Accelerate Digital Transformation with Pivotal Cloud Foundry on AzureAccelerate Digital Transformation with Pivotal Cloud Foundry on Azure
Accelerate Digital Transformation with Pivotal Cloud Foundry on AzureVMware Tanzu
 
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...Lightbend
 
Pivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookPivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookVMware Tanzu
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...VMware Tanzu
 

What's hot (20)

Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network IsolationPivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
Pivotal Cloud Foundry 1.10: First Look - Windows at Scale, Network Isolation
 
From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
 
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsInfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOps
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security
 
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
Pivotal Web Services - a Real World Example of Running Cloud Foundry at Scale...
 
The Cloud Native Journey
The Cloud Native JourneyThe Cloud Native Journey
The Cloud Native Journey
 
Cloud Native Computing: What does it mean, and is your app Cloud Native?
Cloud Native Computing: What does it mean, and is your app Cloud Native?Cloud Native Computing: What does it mean, and is your app Cloud Native?
Cloud Native Computing: What does it mean, and is your app Cloud Native?
 
Why Microservice
Why Microservice Why Microservice
Why Microservice
 
SRV210 Improving Microservice and Serverless Observability with Monitoring Data
SRV210 Improving Microservice and Serverless Observability with Monitoring DataSRV210 Improving Microservice and Serverless Observability with Monitoring Data
SRV210 Improving Microservice and Serverless Observability with Monitoring Data
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
 
Azure Spring Cloud Workshop - June 17, 2020
Azure Spring Cloud Workshop - June 17, 2020Azure Spring Cloud Workshop - June 17, 2020
Azure Spring Cloud Workshop - June 17, 2020
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Microservice architecture case study
Microservice architecture case studyMicroservice architecture case study
Microservice architecture case study
 
Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020
 
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
Cloud Foundry Summit 2015: Managing Hybrid Deployments Using Cloud Foundry on...
 
Accelerate Digital Transformation with Pivotal Cloud Foundry on Azure
Accelerate Digital Transformation with Pivotal Cloud Foundry on AzureAccelerate Digital Transformation with Pivotal Cloud Foundry on Azure
Accelerate Digital Transformation with Pivotal Cloud Foundry on Azure
 
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
Enterprise Development Trends 2016 - Cloud, Container and Microservices Insig...
 
Pivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookPivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First Look
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
 

Similar to Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps

2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdfSavinder Puri
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAmazon Web Services
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...DevOps Indonesia
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
DevOps trends to look out for in 2022.pdf
DevOps trends to look out for in 2022.pdfDevOps trends to look out for in 2022.pdf
DevOps trends to look out for in 2022.pdfEnov8
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogStefan Streichsbier
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
Patterns and Antipatterns for Software updates
Patterns and Antipatterns for Software updatesPatterns and Antipatterns for Software updates
Patterns and Antipatterns for Software updatesDISHAMESWANIA
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the CloudtCell
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Agile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtAgile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtVincent Burckhardt
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
Continuous Delivery in a Legacy Shop—One Step at a Time
Continuous Delivery in a Legacy Shop—One Step at a TimeContinuous Delivery in a Legacy Shop—One Step at a Time
Continuous Delivery in a Legacy Shop—One Step at a TimeTechWell
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 

Similar to Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps (20)

2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf
 
dotSecurity2017
dotSecurity2017dotSecurity2017
dotSecurity2017
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018
 
How to Build a DevOps Toolchain
How to Build a DevOps ToolchainHow to Build a DevOps Toolchain
How to Build a DevOps Toolchain
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
DevOps trends to look out for in 2022.pdf
DevOps trends to look out for in 2022.pdfDevOps trends to look out for in 2022.pdf
DevOps trends to look out for in 2022.pdf
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
Patterns and Antipatterns for Software updates
Patterns and Antipatterns for Software updatesPatterns and Antipatterns for Software updates
Patterns and Antipatterns for Software updates
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
Agile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtAgile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is built
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Continuous Delivery in a Legacy Shop—One Step at a Time
Continuous Delivery in a Legacy Shop—One Step at a TimeContinuous Delivery in a Legacy Shop—One Step at a Time
Continuous Delivery in a Legacy Shop—One Step at a Time
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps

  • 1. Strategies on How to Overcome Security Challenges Unique to Cloud- Native Apps Zane Lackey @ZaneLackey Kamala Dasika @DasikaKN
  • 2. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Transform how the world builds software. Modern Software Methodology | Modern Cloud-Native Platform About Pivotal
  • 3.
  • 4. © Copyright 2017 Pivotal Software, Inc. All rights reserved. 76% 35% 100- 150 * April 2017 Internet Security Threat Report + Web Applications Security Statistics Report 2016 Websites with Vulnerabilities* Increase in Ransomeware* Days to Patch/Fix in Enterprises+ Security Matters to All of Us
  • 5. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Bespoke Application Process Drives Complex, Manual Deploys & Waterfall Release Cycles
  • 6. © Copyright 2017 Pivotal Software, Inc. All rights reserved. The brittle stack. The long accreditation cycle. The culture of no. The unpatched server. The un-versioned application. The inconsistent configuration The leaked credential. Security Tradition
  • 7. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Security Tradition Reduce risk by slowing down.
  • 8. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Reduce risk by going faster.Cloud Native Security
  • 9. © Copyright 2017 Pivotal Software, Inc. All rights reserved. CORE PILLARS Turn-key Compliance Repair Repave Rotate Starve Resources Needed for Attacks Time/Delays, Misconfigured/Unpatched Software, Leaked Credentials Address vlnerabilities caused by
  • 10. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Immutable consistent infrastructure 2-layer scheduler Hardened container boundary Constant, full-stack patching Ephemeral servers Fully encrypted network Ubiquitous policy enforcement Control of software supply chain Monitoring and scanning integration Turn-key compliance Platform Security Concepts
  • 11. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Everything to Deploy and Manage the App 4. Health management 2. Metrics 3. Log Aggregation 1. Roles and Policy 5. Security and Isolation 7. Scaling 6. Blue- Green deploymentü  Consistent Contracts ü  Fully Automated, Repeatable platform managed DevOps processes ü  Developer + Ops + Security Friendly Constructs ü  Infrastructure Failure Agnostic Structured Automation
  • 12. © Copyright 2017 Pivotal Software, Inc. All rights reserved. 12 Deployment & Buildpacks cf push cf push –b <buildpack> Deployed Artifact Detect (Buildpack) Compile (Dependencies) Release (Execution config & command) Community Buildpacks Custom Buildpacks Partner Buildpacks Built-In Code Artifacts
  • 13. © Copyright 2017 Pivotal Software, Inc. All rights reserved. 13 Deployment & Buildpacks cf push cf push –b <buildpack> Deployed Artifact Detect (Buildpack) Compile (Dependencies) Release (Execution config & command) Community Buildpacks Custom Buildpacks Partner Buildpacks Built-In Code Artifacts Detect Compile Release
  • 14. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Stemcell Hardening •  Stemcell = Bare minimal OS + PCF specific utilities and configuration files •  Hardening guidance from commercial and govt. sources •  BOSH Add Ons –  Ensure certain software runs on all VMs managed by the Director. –  E.g. security agents like Tripwire, IPsec, etc., anti- viruses like McAfee, health monitoring agents l and logging agents BOSH/ Ops Manager Stemcell VM VMVM VM VM VM Release Manifest (simplified to illustrate the point)
  • 15. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Stemcell Hardening •  Stemcell = Bare minimal OS + PCF specific utilities and configuration files •  Hardening guidance from commercial and govt. sources •  BOSH Add Ons –  Ensure certain software runs on all VMs managed by the Director. –  E.g. security agents like Tripwire, IPsec, etc., anti- viruses like McAfee, health monitoring agents l and logging agents BOSH/ Ops Manager Stemcell VM VMVM VM VM VM Release Manifest (simplified to illustrate the point)
  • 16. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Each Layer Upgradable with No Downtime App Runtime* File system mapping Application Linux host & kernel Blue-Green deploy Canary style deploy * e.g. Embedded webserver, app configurations, JRE, agents for services packaged as buildpacks C o n t a i n e r
  • 17. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Upgrade and patch with rolling “canary” deploys X YM NA B Update introduced. If the tests pass, keep going X YM NA B X YM NA B Apps redeployed to clear VMs A,B,M,N,X,Y - Application instances - VM prior to update
  • 18. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Upgrade and patch with rolling “canary” deploys X YM NA B X YM NA B X YM N X YM NA B X YM NA B Automated, No downtime Atomic rolling update X YM NA B A B
  • 19. 19 “The first time ever we fully upgraded Cloud Infrastructure with Zero Impact. In Production. During Business Hours. During Peak Business Hours.” Source: Internal Feedback Shown by Greg Otto, Executive Director@Comcast at Cloud Foundry Summit 2016
  • 20. © Copyright 2017 Pivotal Software, Inc. All rights reserved. Guest Speaker: Zane Lackey •  Started out in offense –  iSEC Partners / NCC Group •  Moved to defense –  First head of security at Etsy, built and lead the four security groups •  Now scaling defense for many orgs –  Co-founder / CSO at Signal Sciences, delivering a product that defends web applications in the DevOps/Cloud world
  • 21. Lessons learned being at the forefront of the shift to DevOps/Cloud
  • 22. Spoiler: Security shifts from being a gatekeeper to enabling teams to be secure by default
  • 24. The new realities in a DevSecOps world: 1.  Changes happen multiple orders of magnitude faster than previously 2.  Security only becomes successful if it can bake in to the Development/DevOps process 3.  For many apps, cost of attack is so low you will be attacked even if you’re not a brand name
  • 25. The new realities in a DevSecOps world: 1.  Changes happen multiple orders of magnitude faster than previously 2.  Security only becomes successful if it can bake in to the Development/DevOps process 3.  For many apps, cost of attack is so low you will be attacked even if you’re not a brand name
  • 26. The new realities in a DevSecOps world: 1.  Changes happen multiple orders of magnitude faster than previously 2.  Security only becomes successful if it can bake in to the Development/DevOps process 3.  For many apps, cost of attack is so low you will be attacked even if you’re not a brand name
  • 28. What new concepts should security focus on?
  • 29. What new concepts should security focus on? Visibility + Feedback
  • 30. Except… These aren’t new concepts!
  • 31. Performance monitoring, data analytics, A/B testing are all about visibility + feedback
  • 32. The same hard lessons are slowly shifting to security
  • 33. First, a story from the old days…
  • 34.
  • 35.
  • 36. How can we improve?
  • 37. Ex: Which of these is a quicker way to spot an attack?
  • 38.
  • 39.
  • 40. Surface security visibility for everyone, not just the security team (if the security team even exists)
  • 41.
  • 43. Three keys to modern feedback loops: 1.  Combination of bug bounty + pentests 2.  Bounty is not a replacement for pentest, it augments pentest 3.  Bounty gives general but more real time feedback, pentest shifts to giving more directed but less frequent feedback
  • 44. Three keys to modern feedback loops: 1.  Combination of bug bounty + pentests 2.  Bounty is not a replacement for pentest, it augments pentest 3.  Bounty gives general but more real time feedback, pentest shifts to giving more directed but less frequent feedback
  • 45. Three keys to modern feedback loops: 1.  Combination of bug bounty + pentests 2.  Bounty is not a replacement for pentest, it augments pentest 3.  Bounty gives general but more real time feedback, pentest shifts to giving more directed but less frequent feedback
  • 46. Visibility + Feedback success story: “I discovered the vulnerability late Friday afternoon and wasn't quite ready to email it to them … [Etsy] had detected my requests and pushed a patch Saturday morning before I could email them. This was by far the fastest response time by any company I've reported to.” - Source: https://www.reddit.com/r/netsec/comments/vbrzg/ etsy_has_been_one_of_the_best_companies_ive
  • 47. Embrace DevOps, Cloud, and other means of increasing velocity. But do safely by obtaining: Visibility + Feedback
  • 49. Strategies on How to Overcome Security Challenges Unique to Cloud- Native Apps Zane Lackey @ZaneLackey Kamala Dasika @DasikaKN