What does DevOps adoption look like at enterprises, and what is the impact of that on cloud-native security? 451 Research presents results from its quantitative and qualitative research into cloud native security, particularly the relationship between current security practices and DevOps.
Secrets (SQL/LDAP passwords, SSH-keys and API-tokens) are usually kept by applications in configuration files or as source code constants. Kubernetes offers a great feature to store your application's Secrets where your containers can access them on demand. In our talk, we’ll share several use cases and flaws were using Kubernetes built-in Secrets Storage is insufficient, and review several future features of K8s and other concepts available in order to be able to better manage and secure your secrets.
How would you react if your laptop was stolen? Are you worried about attackers performing a cold boot attack to extract your Kubernetes credentials? Do you already use a YubiKey for SSH and GPG, and wonder why you cannot use it with kubectl? If yes, then this talk is for you!
Liz's new Container Security book includes a Security Checklist covering items you should at least think about when considering how to secure your deployments running on containers. In this talk, Liz gives an overview of the checklist, and dives into the details on some potential weaknesses that you really need to avoid. The takeaway challenge is for you to check whether your own environments comply with the most important of these recommendations.
With container technology rapidly entering the IT operations world together with the increasing demand in certifications of the IT environment such as ISO 27001, there is a high chance that you will get in contact with questions regarding operational compliance of your Kubernetes stack.
Based on the current available documentation on security requirements for container environments by the BSI and NIST, we will give an overview about how we would answer those questions for our in-house Kubernetes platform at WEB.DE and GMX.
.jpg)
.png){kind=logo}
.jpg)
Over the past year, the Aqua Security cyber research team has uncovered increasingly sophisticated attacks on containers that use obfuscation and evasion techniques to avoid detection by static scanners. Such attacks utilize novel, innocuous-looking images to embed their own code, which is often encrypted or deployed a as polymorphic malware to avoid detection. The malicious behavior of the image can only be observed when it is run as a container.
Once you get past the basics of Kubernetes security, locking down your APIs and implementing RBAC you might think you’ve got most of your security issues sorted. However, like any complex system Kubernetes has some sharp security edges. This is a talk about avoiding getting cut by them.
Red Hat recently achieved SOC-2 and ISO 27001 certifications for one of our managed Enterprise Kubernetes as a service offerings, OpenShift Dedicated (OSD) on AWS.
Learn how we leveraged the built-in security features of Kubernetes and the mature security expertise of Red Hat to achieve compliance and certification of our large, multi-cluster Kubernetes fleet.
Specifically, topics covered in this session include:
In this session we will discuss the five most common gateway deployment patterns and their security implications. Each pattern has its time and place, but how can we tell which one is right for our app? The fundamental pros and cons of each pattern will be brought to light enabling us to make an informed decision on a per-app or service basis.
Single-cluster security in Kubernetes is a broadly covered topic with well-established best practices. Kubernetes adoption typically starts with a limited proof of concept in a single team, but can quickly find massive growth and decentralized adoption across an organization. This growth stage introduces security challenges as team practices diverge.
In this talk I will address how security requirements and solutions evolve with the scope of your kubernetes usage and how you can carry these already established best practices across your organization.
-1.png)
