logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Pratik Lotia, Jon Zeolla
2022-10-25

Organizations are in need for a standard, sane way to perform an assessment of their cloud native environments. This talk provides insight on how security professionals as well as auditors can identify whether they are following the controls and practices suggested in CNCF published white papers and thereby adhering to NIST 800-53v5 controls.. We will also provide examples on how we plan to develop open source automation (such as OSCAL) to reduce the toil of audits; and cross mapping to various frameworks and standards to enable builders focus on making their environments safer.
Authors: Aradhna Chetal, Kapil Bareja, Jim Bugwadia, Anil Karmel, Elizabeth Vasquez Alban
2022-10-24

tldr - powered by Generative AI

The conference presentation discusses the importance of building a golden path for Cloud Native organizations to ensure security and compliance. The path should be unique to each organization and based on the type of data they are trying to protect and their regulatory requirements. Automation and observability are key components of the golden path.
  • Building a golden path is crucial for Cloud Native organizations to ensure security and compliance
  • The path should be unique to each organization and based on their data and regulatory requirements
  • Automation and observability are key components of the golden path
Authors: Brandon Lum, Parth Patel
2022-06-21

tldr - powered by Generative AI

The presentation discusses the challenges of locking down Providence metadata fields in Tecton and proposes a solution using Spiffy Inspire for strong attestation and verification.
  • Tecton users have direct access to objects and metadata fields, making it difficult to lock down Providence metadata fields
  • Kubernetes cluster classes are managed by different entities, making it challenging to restrict access to metadata fields
  • The Task Run object becomes a main attack point for malicious actors
  • The proposed solution involves creating a trusted computing base and restricting access to metadata fields
  • Spiffy Inspire provides strong attestation and verification for the trusted computing base
  • Future work includes extending the solution to other custom resources and validating artifacts passed between tasks
Authors: Edwin Kwan
2021-09-24

The number of security incidents and data breaches are increasing. It feels like not a week goes by without hearing of another breach or compromise. Are we getting worse at doing security? In this talk I'll provide my opinion on this, from an application security perspective, by taking a look at how software development has changed over the years. As we move towards Cloud Native workloads, staying secure is harder; and it's not always your developers' fault.