The speaker discusses the importance of securing open source adoption in cloud native architectures and presents several open source projects that can help achieve compliance and controls.
- Kubernetes has been a game changer for many organizations, but transparency into compliance matters even more in cloud native architectures
- Open source tooling is the best way to enable highly ready Kubernetes
- Several open source projects built on top of the Open Policy Agent project can help evaluate and validate configurations being deployed to a Kubernetes cluster
- The Secret Store CSI project allows for safe storage of Kubernetes secrets outside of the cluster
- The Azure Active Directory Pod Managed Identity project provides fine-grained controls on authorizing pods to access resources outside the Kubernetes cluster
- Service meshes simplify securing and routing traffic both inside and outside a Kubernetes cluster
- The Open Enclave SDK enables building applications based on trusted execution environments to protect data in use
- The potential and prospects of the security benefits of these open source projects are huge
The speaker mentions the Mystikos project, which supports unmodified Linux binaries and makes it easy to migrate from Docker containers to SGX trusted execution runtime environment. This project is in its infancy, but the potential and prospects of the security benefits that will be solved are huge.
Sharing of Personal Information with Sponsors In order to facilitate networking and business relationships at the event, you may choose to visit a third partyʼs virtual booth or to access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third partyʼs logo in the Solutions Showcase or exhibitor directory, and any actions within the booth thereafter including viewing resources), when accessing sponsored sessions in the Sponsor Theater, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.The intersection between cloud native architectures, tooling, and day one operational governance has greater amplified the need for providing simpler ways to achieve valid operating compliance and controls. We’ll look at key open source projects that add up to superb cloud native security!