logo
allArticlesConferencesPresentations

Keynote: How Developers Help Scale Kubernetes Security

Conference:  KubeCon + CloudNativeCon Europe 2022

2022-05-20

Authors:   Connor Gorman

Summary

Developers play a crucial role in scaling Kubernetes security by integrating security into development workflows and becoming security stakeholders.
  • The success of Kubernetes and its ecosystem has enabled developers to ship more code, build more deployments, and ship faster than ever before, but this also poses security challenges.
  • The number of developers is much larger than the number of security engineers, making it difficult for small security teams to support the ever-growing number of deployments.
  • Developers and security teams need to collaborate to mitigate security issues and prepare for the next vulnerability.
  • Integrating security deeply into development workflows empowers developers to be security stakeholders and scales the remediation of security issues.
  • Developers should be involved as early as possible in security and helped to solve their own issues.
  • Creating gates should focus on the why and make developers more proactive.
  • Mitigating security issues is like a race, and it takes a concerted effort by both developers and security operations to make it happen.
  • Building up muscle memory by practicing day-to-day workflows and processes is crucial to achieving smooth code shipping and treating every security-related commit equally.
The critical vulnerability in the Log4j logging library, known as Log4Shell, brought developers and security teams together to quickly collaborate and fix the issue. This event highlights the need for permanent collaboration between developers and security teams to prepare for the next vulnerability.

Abstract

Properly securing applications deployed onto Kubernetes is a shared responsibility. Security teams define organizational policies that improve security posture while developers implement those policies through good security practices, keeping  images up to date with the latest vulnerability fixes and configurations that follow the principle of least privilege. The declarative nature of Kubernetes allows security to be deeply integrated into development workflows. This integration empowers developers to be security stakeholders and scales the remediation of security issues. In this session, we’ll explore concrete ways and best practices for integrating security into both CI (Continuous Integration) and CD (Continuous Deployment).Click here to view captioning/translation in the MeetingPlay platform!
Materials:
Tags:
Kubernetes
Security
applications
development
CI

Post a comment

Related work

A New Way To Roll: Supply Chain Choreography For Enterprise Grade Kubernetes

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Kirti Apte, Steve Watkins
2022-10-27