logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Xiaosheng Tan
2023-05-11

Data has been regarded as the fifth factor of production, and data security is ranked a high priority by governments across the world. In China, data security-related legislation such as the "Data Security Law" and "Personal Information Protection Law" have been promulgated and have were put into effect in 2022. The number of data security projects also increased rapidly. The government, finance, telecommunications, energy, education, healthcare, and other industries have different regulatory requirements for data security and their strategies for data security are quite different.The biggest challenge facing data security is that data security technologies, products, solutions, and service capabilities are far behind regulatory and customer requirements. Some companies have made meaningful explorations in data security products and solutions, such as privacy enhanced computing, transparent encrypt/decrypt, zero trust in data security, etc.
Authors: Petter Sveum
2023-04-21

tldr - powered by Generative AI

The presentation discusses the challenges of data protection and application recovery in cloud and Kubernetes architectures and proposes an autonomous data management platform as a solution.
  • More customers are building critical infrastructure into Kubernetes, but struggle with data protection and recovery.
  • Critical applications require persistent storage and disaster recovery orchestration.
  • An autonomous data management platform should be cloud-optimized, API-enabled, microservices containerized, elastic, multi-cloud, and multi-tenant.
  • The platform should deliver advanced functionalities like automated capacity management, self-optimization, recovery of service, resiliency of service, and end-to-end security.
  • The platform should apply a set of criteria for protecting workloads and ensuring security and predictability for recovery.
  • The platform should provide an outcome where data is protected end-to-end, resiliency can be managed, tested, and validated, and there is optimized and efficient usage of infrastructure.
Authors: Xiangqian Yu
2023-04-20

tldr - powered by Generative AI

The presentation discusses the progress and updates of the Kubernetes Data Protection Working Group in developing components for application backup and restoration in Kubernetes context.
  • The working group has published a white paper that outlines the projects, problems, and gaps in Kubernetes, as well as the components being developed and the directions being taken.
  • The group has also released an annual report that documents the achievements in the past year and the focus for the future.
  • The application backup in Kubernetes context consists of two parts: the Kubernetes resources that shape the application and the data backup stored on persistent volumes.
  • The group is developing components to support the entire application backup workflow, including volume model convention, container notifier, and consistent group snapshot.
  • The group is also working on a Kubernetes API that defines stateful applications and how to take a snapshot backup of those applications.
  • The group has made progress in developing the components, with some moving to Alpha and Beta releases.
  • The group encourages participation through bi-weekly meetings, a mailing list, and a Slack channel.
Authors: Kim Wuyts
2023-02-15

tldr - powered by Generative AI

The presentation discusses the importance of threat modeling in ensuring privacy and security in software development. It highlights the different approaches and resources available for successful threat modeling.
  • Threat modeling is crucial for ensuring privacy and security in software development
  • There are different approaches and resources available for successful threat modeling, such as the Threat Modeling Manifesto, Linden, and Stride
  • Threat modeling should be done early in the development cycle, but it's never too late to do it
  • Threat modeling should be a continuous process and the output should be used as input for subsequent steps
  • Threat modeling can be easy and fun, as illustrated by the example of analyzing a doll's privacy risks
Authors: David Ko, Joshua Moody
2022-10-27

Longhorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. In this talk, there will be several parts to have an introduction of Longhorn and have deep-dive discussions to talk about the technical details, the recent release, and future plans. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021.
Authors: Xiangqian Yu
2022-10-26

Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
Authors: Tobin Feldman-FItzthum, Mikko Ylinen
2022-10-25

Typical data protection ensures data is encrypted while in transit and at rest. Confidential computing (CC) adds data protection while data is in use, in memory, enabling end-to-end protection. Highly regulated industries such as finance and health care are driving the market for CC. Cloud service providers are adding CC capabilities in their offerings. In parallel the open-source cloud native ecosystem is seeing more new projects and start-ups building upon CC. For instance, the CNCF recently accepted the sandbox project Confidential Containers with active participation from different hardware and software vendors and CSPs. In this workshop we will talk about CC in cloud native. We will start by giving an overview of CC and a detailed introduction to the Confidential Containers project and its building blocks. Next, we walk the audience through detailed steps to get the Confidential Containers environment set up. Finally, we want to leave some time for interactive discussion with the audience about cloud native use cases and CC.
Authors: Xing Yang, Xiangqian Yu
2022-05-18

tldr - powered by Generative AI

The Data Protection Working Group in Kubernetes aims to provide basic components to support stateful application protections in the Kubernetes environment. The group has made progress in identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes.
  • The motivation of the Data Protection Working Group is to provide or build or design the basic components to support stateful application protections in the Kubernetes environment.
  • The group has identified gaps in day two operations for stateful workloads in Kubernetes, particularly in application level consistency snapshots or backup of systems and restoration pieces along with data stored in persistent volumes.
  • The group has published the first-ever white paper in the community, which outlines modern applications that consider or are moving to Kubernetes environment and the mechanisms those applications use to protect data.
  • The group has developed several Caps, including the William model convention, which aims to fix the CVE vulnerability introduced by the volume model transition.
  • The group has several active contributors from various organizations, including storage and backup vendors, cloud providers, application developers, and end-users.
  • Interested parties can join the working group and contribute to the effort.
Authors: Prashanto Kochavara
2021-10-14

tldr - powered by Generative AI

The presentation discusses the benefits of using Kubernetes for data management and application migration in a multi-cloud and hybrid cloud environment.
  • Kubernetes allows for faster innovation and simplified management of stateful workloads
  • A cloud-native data management solution can improve software releases and increase revenue
  • Infrastructure-agnostic and policy-driven solutions are necessary for successful application migration
  • Data volumes should be managed as first-class citizens and data staging capabilities are important for multi-cloud and hybrid cloud environments
Authors: Xiangqian Yu
2021-10-13

tldr - powered by Generative AI

The presentation discusses the need for data protection in Kubernetes and outlines the common use cases and modules needed to achieve this goal.
  • The working group's charter is to define what it means to protect data in Kubernetes and propose modules to ensure application restoration in case of disaster
  • Kubernetes context involves two pieces: API resources and persistent volume data
  • Common use cases include protecting MySQL databases, migrating data, and enforcing RTO/RPO policies
  • Modules needed include workload APIs, application CRB, and CSI snapshot