Overview
Explore the vast landscape of Cloud Native security in this 33-minute Devoxx conference talk. Dive into three key areas: platform security, user management and permissions, and software supply chain. Learn about securing control planes and nodes, isolating compute and network resources, managing secrets, and implementing authentication and authorization strategies. Discover common pitfalls in admin permissions and explore threat models with mitigation techniques. Gain a comprehensive understanding of Cloud Native security breadth and depth, leaving with valuable resources to further enhance your knowledge in this critical field.
Syllabus
Intro
FOLLOW SECURITY BEST PRACTICES
4 C's OF CLOUD NATIVE SECURITY
SECURING CONTROL PLANES & NODES CONT'D
ISOLATING COMPUTE
ISOLATING NETWORK RESOURCES
MANAGING SECRETS
AUTHENTICATION (AUTHN)
RBAC AUDITING
NAMESPACES vs CLUSTER WIDE
GOTCHA: ADMIN PERMISSIONS
SOME ACTUAL THREAT MODELS & HOW TO MITIGATE THEM
DON'T FORGET ABOUT YOUR CODE
Taught by
Devoxx