Securing AKS involves providing countermeasures to threats against AKS identities, clusters and nodes, network, and containers. At the end of this session, you should be better able to design and implement security best practices of operating Kubernetes on Azure.

Are you facing issues with teams creating different k8 clusters? Is there an issue managing 100's of clusters across your enterprise. Do you have central governance and security standards? In this talk I focus on how an enterprise can adopt containerization across teams in a standardized fashion.

Security-specific tools are often overlooked until it becomes a requirement, necessity or things have gone terribly wrong. While many organisations will build a security team to address related issues, smaller organisations and individual contributors do not have this option.

This talk is divided into two sections. In the first one, Anais will share the similarities between climbing and the importance of establishing a security-centric mindset. What happens if we do not have security specialists supporting our team? Free-climbing might be an option for experts with years of experience but not for most cluster admins.

The second part will go over security-specific tools in the cloud native ecosystem. We will highlight the different tools available, how and when they are used, as well as emerging technologies in the security space. Anais will showcase how we can get started and the benefits of integrating cloud native security tools, such as Trivy and Tracee, into our existing processes and monitoring stack. The goal is to provide Kubernetes cluster admins and engineers with the tools and knowledge to take ownership of securing their resources without having to become security experts.

Companies with large development teams, enterprises adopting Kubernetes where security teams are in single digits but other teams are in three-plus digits. In this talk, we see some scalable ways to solve Kubernetes Security across such organizations in a practical hands-on context-driven approach.

On July 21, 2015, Kubernetes 1.0 was release by Google and Linux Foundation forming the Cloud Native Computing Foundation (CNCF). Since then, Kubernetes has picked up steam in utilization by organizations for running business critical workloads. Generally, Security and Compliance teams tend to lag behind in understanding the technology and where to implement effective controls. With Cyber criminals taking a more active interest in weaponizing Kubernetes, not having the proper controls will have a big impact on organizations. My presentation is on bringing security and governance teams into the world of Kubernetes. This is done by creating partnerships with security and governance for protection of Kubernetes and workloads.

This presentation will provide you the following takeaways:

• Understanding the current threat scape
• How to approach Security and Governance teams to understand Kubernetes
• How to setup a security and governance model
• How to champion metrics for displaying a more accurate and updated risk profile.

GitOps is becoming the popular way to control, secure and manage cloud assets at scale through unified policies. However, SaaS tools and infrastructure extensions remain outside of our GitOps practices, while they can actually benefit the most from centralized policy and security.