Conference:  Black Hat Asia 2023

Authors: Dagmawi Mulugeta, Colin Estep

2023-05-11

What if your organization could discover which of your employees are exfiltrating data prior to leaving? The 2020 Securonix Insider Threat Report found that 60% of Insider Threats involve "Flight Risk" employees planning to leave. While we know this is a problem, it has been tough to solve, especially as cloud services proliferate and personal vs. business traffic becomes more challenging to separate. In this talk, we will discuss the indicators we have used in a large production environment to find employees that are exfiltrating data before they leave.We approached this problem by analyzing anonymized data of over 4 million users from more than 200 different organizations worldwide. The data was collected from a subset of Netskope users with prior authorization. Our analysis revealed that approximately 15% of all employees leaving their job used personal cloud apps to take data with them. Based on our study, we created some models to identify insider threat flight risks and ran them for several months. We found multiple real insiders exfiltrating data that were otherwise unknown.We will present the behavioral insights found for employees preparing to leave, the nature and quantity of the data they target, and the cloud providers they use. We hope these indicators will enable organizations to protect their data more effectively.

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Michael McCune, Bridget Kromhout, Joel Speed

2023-04-20

The presentation discusses the Cloud Controller Manager (CCM) in Kubernetes and how it can be used to manage cloud providers. It highlights the importance of understanding the CCM and its deployment in order to avoid downtime and ensure high availability.

• The CCM is a tool in Kubernetes that manages cloud providers
• It is important to understand the CCM and its deployment to avoid downtime
• Multiple replicas of the CCM can be used for redundancy
• Leader election and pod disruption budget can also be used for high availability
• An anecdote is given about the importance of tolerations and the need to be observant of low-level no schedule kind of taints

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Adam Wolfe Gordon

2023-04-19

Service catalog and the problem of managing dependencies in Kubernetes

• Developers using Kubernetes often need to manage dependencies like databases and message queues
• Manually provisioning and managing these dependencies is not scalable
• Service catalog was an attempt to solve this problem by providing a single source of truth for all infrastructure and application dependencies
• Service catalog was built on top of the open service broker API, which allows for decoupling between service providers and consumers
• One issue with service catalog was its complexity and lack of adoption

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Evan Gilman

2022-10-26

The presentation discusses how to use SPIFFE/SPIRE to securely access cloud resources from anywhere without having to generate, store, or manage API keys.

• SPIFFE and SPIRE enable identity federation for cloud native workloads
• SPIFFE IDs are structured strings that include a trust domain name and service name
• Trust domains are security domains that have a one-to-one relationship with a set of identity issuers
• SPIRE can be used to securely access AWS, Azure, and GCP resources without a secret access key

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Adi Polak, Annie Talvasto

2021-10-14

Climate change is one of the biggest challenges of this century, and at the same time adoption of cloud services increases the world’s CO2 production. We will show a demo showcasing how we can combat climate change with Kubernetes, e.g. by using event driven autoscaling (KEDA), spot instances, aggregated data from multiple sources as well as CNCF projects. We will take you through the creation & ideation of the open source project and prove that by optimising your cloud & Kubernetes, you can also decrease the environmental impact of your compute.