logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: James Callaghan
2023-04-21

tldr - powered by Generative AI

The presentation discusses the use of threat modeling in a fictitious example of a workload architecture, and the importance of prototyping early to understand how technologies integrate with each other and what can go wrong.
  • The example architecture includes an external facing service using TLS, mutual TLS for service communication, and web identity federation for accessing AWS services
  • Two approaches are presented: a simple web service and a service mesh approach using Istio and OPA
  • Data flow diagrams are essential for threat modeling and can be used to apply STRIDE to individual communications
  • Prototyping early helps to understand technology integration and potential issues
  • The presentation includes a relevant anecdote about a last-minute issue with AWS policies on S3 buckets
Authors: Josh Van Leeuwen, Thomas Meadows
2023-04-19

tldr - powered by Generative AI

The presentation discusses the Secure Production Identity Framework for Everyone (SPIFFE) and how it can be used with Cert Manager to deliver certificates to pods that are SPIFFE-compliant and attested by workload identity.
  • SPIFFE is an open-source framework that defines a standard for defining a workload or machine identity.
  • SPIFFE can issue SVIDs in two document formats, JWT and x509, and can verify SVIDs of other workloads.
  • SPIFFE has an emerging ecosystem of plugins to integrate with other tools and services.
  • CSI Driver SPIFFE can be used with Cert Manager to deliver certificates to pods that are SPIFFE-compliant and attested by workload identity.
  • CSI is the way that any kind of storage works in Kubernetes.
Authors: Yuji Watanabe, Jayashree Ramanathan
2022-10-25

tldr - powered by Generative AI

The presentation discusses the importance of policy-based governance in protecting the integrity of Ansible playbooks and ensuring a consistent approach to managing clusters. The approach involves representing best practices as policies, managing them like source code, and deploying them using GitHub's methodology. The benefits include reduced operational costs, continuous security and audit readiness, and efficient day-to-day collaboration among various personas. The presentation also highlights the Kubernetes Policy Workgroup's white paper on policy management and the Open Cluster Management CNCF Sandbox project that enables the policy-based governance approach.
  • Policy-based governance is crucial in protecting the integrity of Ansible playbooks and ensuring a consistent approach to managing clusters
  • Best practices can be represented as policies, managed like source code, and deployed using GitHub's methodology
  • Benefits include reduced operational costs, continuous security and audit readiness, and efficient day-to-day collaboration among various personas
  • The Kubernetes Policy Workgroup's white paper on policy management and the Open Cluster Management CNCF Sandbox project enable the policy-based governance approach
Authors: Adelina Simion
2022-05-19

tldr - powered by Generative AI

The presentation discusses the challenges faced in the world of payments processing and the solution of moving to cloud-agnostic technologies, specifically Kubernetes, to achieve high availability and flexibility for clients to run on multi-cloud.
  • Challenges in payments processing include a large volume of transactions, reliability and durability, and maintenance of external payment infrastructures
  • The architecture before the multi-cloud project involved payment services hosted in AWS and a hybrid architecture with two data centers hosted by partners at Equinix
  • Moving to cloud-agnostic technologies, specifically Kubernetes, allowed for the same development and deployment experience regardless of cloud provider and enabled automation of deployment, scaling, and management of applications
  • Networking and service discovery were identified as the most difficult part of going to multi-cloud, but Kubernetes allowed for high availability and flexibility for clients to connect to whichever payment service they preferred
Authors: Zhonghu Xu
2022-05-19

tldr - powered by Generative AI

The presentation discusses the challenges and solutions for implementing a multi-cloud strategy in organizations, with a focus on the use of Kubernetes Commander and Easter for inter-cloud communication.
  • The need for companies to maintain strict compliance with data privacy regulations is increasing, making a multi-cloud strategy the most effective and efficient approach.
  • Multi-cloud strategy offers improved security, better failover options, enhanced disaster recovery, and improved flexibility and scalability.
  • The challenges of managing multi-container clusters include workload fragmentation, resource scheduling, and vendor locking.
  • Kubernetes Commander is an open and cloud-native multi-cloud orchestration engine that provides a central control line for managing multi-cloud clusters.
  • Easter is a service mesh project that facilitates inter-cloud communication by securely encrypting traffic and providing DNS resolution.
  • Flat network and different network models have their own advantages and challenges for implementing a multi-cloud strategy.
Authors: Pavel Nikolov
2022-05-19

tldr - powered by Generative AI

The presentation discusses the use of eventual consistency in microservices deployment to address data consistency, latency, reliability, and disaster recovery problems.
  • Microservices deployment can benefit from eventual consistency
  • Eventual consistency can address data consistency, latency, reliability, and disaster recovery problems
  • Hosted database solutions may not provide 100% consistency and may be a single point of failure
  • Long-running connections need to be reconnected to ensure high availability
Authors: Brandon Lum, Mariusz Sabath
2021-10-14

tldr - powered by Generative AI

The presentation discusses the Universal Zero Trust Workload Identity project, which aims to strengthen security by executing cloud provider-specific and platform attestation, and supports different identity mechanisms using consistent universal identity schema.
  • The Universal Zero Trust Workload Identity project aims to strengthen security by executing cloud provider-specific and platform attestation.
  • It supports different identity mechanisms using consistent universal identity schema.
  • The project uses Kubernetes and can be deployed on any cloud provider.
  • The project is still in development and is open to feedback and contributions.
  • The presentation includes a demo of the project using AWS and Vault to retrieve secrets.
  • The project has Helm charts and YouTube videos available for deployment and learning.
Authors: Ovidiu Cical
2021-09-24

tldr - powered by Generative AI

Applying knowledge graph to cyber security will improve data organization and provide a contextual view of digital assets, resulting in a more effective cyber security program.
  • A knowledge graph can provide a map of all digital assets and their relationships, allowing for a contextual view of data
  • Importing data from various sources, such as HR tools, can create an abstract layer for the knowledge graph
  • Using a knowledge graph can surface vulnerabilities and prioritize mediation
  • Managed services, such as Amazon Web Services Neptune, can be leveraged for a graph database system
  • Tools like Cartography and OpenCSPM can be used to map assets and create relationships