The presentation discusses the challenges of securing cloud services and presents a solution that enforces authentication controls for all services throughout their development lifecycle.
- Cloud services are open by default, making it difficult for security teams to keep up with the rapid pace of development
- The solution presented requires minimal operational overhead and holds no opinions about the project's development process
- The solution combines network control and infrastructure visibility to ensure security
- The solution includes a firewall manager and a stateless authenticator to provide authentication and authorization controls
- The solution is reliable and automated to ensure that developers do not have to instrument their services manually
The primary issue discussed is that App Engine is open by default and routable on the internet, making it difficult to enforce security policies. The presenters had to create tools to add gating after the fact to ensure security.