Cloud-native architectures built using Kubernetes are composed of containerized microservices managed by an orchestration system. They are distributed systems that run on top of the cloud (or sometimes physical) infrastructure and abstract away details of platform integrations in order to promote portability. Automation, scalability, and resiliency are all important properties of cloud-native systems and all factor into design choices. Security touches every aspect of the architecture, at the application, container, orchestration, and cloud infrastructure layers.

In this presentation, we will explore the Kubernetes attack surface and present methods to keep your cloud-native systems resilient to attack. Building a secure architecture requires carefully considering authentication, authorization, network segmentation, storage, and logging/auditing. There are some no-brainer security controls to take advantage of for quick wins, while others require careful consideration and design-level choices. We will demonstrate how container runtime security factors into the equation as well as what we need to consider in our underlying cloud infrastructure. Microservice security will be discussed along with steps we can take to deploy secure services and meshes.

Our goal is to keep our engineers moving fast, but securely. At the end of the presentation, you'll understand the cloud-native attack surface and how to approach building a hardened infrastructure and deploy secure services with Kubernetes.


Speaker

Jack Mannino
CEO, nVisium
Jack Mannino is the CEO of nVisium. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world's largest software teams.


-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...