An organization’s move to cloud native can be fraught with difficulty, but the potential to reap huge rewards for the effort is great. Among the risks that can fill any reasonable DevOps team with dread and trepidation are the potential security holes that the move to a container- and Kubernetes-based platform brings with such a shift.
During the Cloud Native Security Live, 2020 Virtual Summit to take place Feb. 11, 2020, we will discuss and debate common concerns, challenges and fears that many organizations are dreading — or experiencing — in the move to cloud native environments.
Hosted in partnership with The New Stack, the summit’s speakers will include, among many others:
- Chenxi Wang, managing director of venture capital firm Rain Capital.
- Rochelle Mattern, a Google Cloud customer engineer.
- Gareth Rushgrove, director of product management, Snyk.
- Xiaobo Long, senior vice president of cloud security, Citibank.
- Rohit Gupta, global segment leader, security, Amazon Web Services (AWS).
- Mike Liedike, manager, Deloitte Consulting’s innovations and platforms team, Deloitte.
The discussion will be hosted by Alex Williams, founder and publisher of The New Stack, and Varun Badhwar, senior vice president, Prisma Cloud at Palo Alto Networks.
The topics covered are intended to be of interest to developers, DevOps teams, security practitioners and chief technology officer-level executives. The main topics will cover:
- What the shift left in software development production pipelines means for securing the cloud and why it’s relevant.
- DevSecOps strategies as more applications are moved to the cloud.
- What the future holds for cloud security and why cloud native security platforms will be highly relevant and critical.
The forum organizers are aware of how many, if not most, organizations are only beginning their shift to cloud native environments. Many are also in the middle of their digital journeys as they embrace container and Kubernetes environments. Security processes and management must thus cover both legacy and new ground on cloud native platforms.
“There’s not really too many applications out there that are 100% containers or 100% serverless — and so as you move towards this very heterogeneous cloud environment, the topic of conversation is what is the most effective security model,” Badhwar said. “Traditionally, security was looked at in multiple verticals: You had network security, vulnerability management and endpoint security, all being managed by different practitioners. And I think what we’re going to really cover in this session or set of topics is what does the shift left mean in securing the cloud mean and why it’s relevant.”
Security practices for cloud native security also must take into account the human factor. This involves a “classic sort of socio-technical system,” Rushgrove said. “It’s as if you have software that’s perfect and humans are not and when combining humans as users and humans as operators, you’ve got a larger system,” Rushgrove said. “I like to think of security as a facet of quality. And, I guess, the overall quality is something that just hasn’t been the thing we’ve always talked about in software.”
The Google Cloud approach to the security involved in the shift to the left is bringing security directly into the CI/CD platform, Mattern said. “This is essentially building the security into the release cycle and a deployment cycle of Kubernetes-based software so, essentially, ensuring that each checkpoint that goes into the release of your software, you also include security checks.
“You then also put checkpoints and metadata into your image to ensure that once you release it and deploy it, those checkpoints have actually been completed and passed,” Mattern said. “So, that when you actually go to deploy, you can feel comfortable that your software is secure and has passed the checks.”
Indeed, Google has been “pushing software testing, security testing, closer to developers,” Wang said. “I think Google is one of the first companies that has been doing unit testing — unit testing… as opposed to waiting until application security folks take over” during the CI/CD process.
Watch the full conversation with these security thought leaders at the Cloud Native Security Live, 2020 Virtual Summit. Engage and interact with other developers, DevOps pros and IT leaders who all have so much at stake in container technologies and DevSecOps. Hosted by Prisma in partnership with The New Stack, join us Feb. 11, 2020, for a full day of discussions about cloud native security — brought to you live online wherever you may be.
Amazon Web Services is a sponsor of The New Stack.