Minimum Viable Security for Cloud Native Stacks
The migration from monoliths to microservices is long behind us, however managing microservices operations at scale comes with a layer of complexity, particularly with aspects of security that still have a learning curve. But what if all of this could be simplified and automated pretty easily? If we think about our production Kubernetes & microservices operations, in the same way we think about how we design and build our products, we could build and automate minimum viable security plans that we could easily bake into our config files and CI/CD processes. Once we build this foundational framework of security, it will always be possible to iterate and evolve our security framework, for advanced layers of security that often comes with time, increased experience, and greater maturity around security. In this talk, we will present what MVS looks like for cloud native operations, how to build a cluster secured by design, continuously monitoring networking, container internals and primitives, and access management with a least privilege principle mindset. In this session we will demonstrate this through code, and even how this can work seamlessly with other CNCF ecosystem projects – from Helm to OPA, ArgoCD, Notary, as well at the most common DevOps stacks – Terraform, to AWS, GitHub Actions and more.
Currently CTO and Co-Founder of Jit, the Continuous Security platform for Developers. David has a PhD in Bioinformatics and for the past 20 years has been a full-stack developer, CTO & technical evangelist, mostly in the cloud, and specifically in cloud security, working for leading organizations such as MyHeritage, CloudLock (acquired by Cisco) and leading the ‘advanced development team’ for the CTO of Cisco’s cloud security (a $500M ARR BU).