SlideShare una empresa de Scribd logo

DevSecOps Security in DevOps Automation

Aarno Aukia
Aarno Aukia

This document discusses security in DevOps (DevSecOps). It describes how DevSecOps automates security measures like code scanning, dependency management and container scanning into the development pipeline. It also discusses how DevSecOps standardizes infrastructure components, implements security controls once across environments for efficiency, and prevents configuration drift and manual errors through immutable infrastructure and deployment automation. Finally, it explains how DevSecOps improves IT governance through these methods.

Software
1 de 30
Descargar para leer sin conexión
VSHN - The DevOps Company DevSecOps Security in DevOps Aarno Aukia, CTO @ VSHN - The DevOps Company 4.6.2019 Swiss Association for Quality
VSHN - The DevOps Company ● About Aarno & VSHN.ch ● From Dev to DevOps to DevSecOps ● DevOps/AppSec/DevSecOps/SecOps? ● Automating Operations to include security ○ Build ○ Test ○ Deployment ○ Ops ■ Software containers & container orchestration: Docker & Kubernetes ■ Cloud Native Computing ● IT Governance improvements 22 Agenda
VSHN - The DevOps Company @aarnoaukia http://about.me/aarno aarno.aukia@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company Since 2014, currently 37 VSHNeers in Zürich, Switzerland Helping Developers run applications on any infrastructure making both visitors happy with stability and developers happy with agility 33 About Aarno & VSHN.ch
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Testing Release Biz
VSHN - The DevOps Company Software Project Management: Dev vs. Ops Requirements Design Implementation Testing Release Ops Biz
VSHN - The DevOps Company 9 OPS = Firefighting-as-a-Service ? 9
VSHN - The DevOps Company Capability Maturity Model Integration (CMMI) 1010 Operations 2014 How to get to this level?
VSHN - The DevOps Company DevOps: People, Processes & Tools 1111
VSHN - The DevOps Company Collaboration between software developers and operations: ● Teamwork ● Continuous improvement ● Efficient and lean ● Agile: being able to react to new requirements ● Automate as much as possible (“Infrastructure as code”) 1212 DevOps: People, Processes & Tools
VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor
VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor SECURITY
VSHN - The DevOps Company Software Project Management: DevSecOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor Todo-List Data & Risks Secure Practices Validation traceabilityauditabilityAnomalies Availability
VSHN - The DevOps Company ● Developer education, requirements engineering, design review -> AppSec ● Software Build/Deployment/Operations -> DevSecOps ● Incident detection & management -> SecOps 1616 Areas of security improvement
VSHN - The DevOps Company DevSecOps principles 1717
VSHN - The DevOps Company ● static code analysis automatically for each commit ● Dependency Management ● (base) container image scanning 1818 Build
VSHN - The DevOps Company Code analysis: sonarqube 1919
VSHN - The DevOps Company 2020 Dependency updates: https://dependabot.com
VSHN - The DevOps Company Container scanning: aquasec 2121
VSHN - The DevOps Company ● smoke tests ● test envs “à discretion” 2222 Test
VSHN - The DevOps Company ● atomic container deployment ● every deployment (and rollback) is a “normal deployment” ● deployment automation removes need for (all) devs root prod access and/or waiting for ops to deploy new dev version 2323 Deployment
VSHN - The DevOps Company ● standardization on (minimal, hardened) OS and container orchestrator ● immutable (application) infrastructure using containers ● process/storage/network separation of applications/environments ● detect/prevent configuration drift between dev/test/stage/prod envs ● documentation & automatic backup of all volumes ● documentation & monitoring of routes/loadbalancers/ingresspoints with enforcing SSL/TLS ● AAI for admin & application ● key & secrets management ● audit logging of control & application planes 2424 Ops
VSHN - The DevOps Company Container isolation 2525 ● Kernel namespacing (process & network) ● Control groups (resource quota to prevent DoS) ● SELinux (additional syscall filter) ● prevent running as root inside container, no user-provided privileged containers (enforce best practice) ● readonly container filesystem (harder to persist exploit at runtime)
VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 4747 Traditional IT governance
VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 4848 Cloud native IT governance
VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 4949 IT governance controls in container platforms
VSHN - The DevOps Company ● Please get in touch with feedback ● Twitter: @aarnoaukia ● Linkedin: https://www.linkedin.com/in/aukia/ ● Email: aarno.aukia@vshn.ch DevSecOps Forum: https://www.sig-switzerland.ch/devsecops_forum/ 5050 Thank you
Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 51

Recomendados

Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 RecapAarno Aukia
 
Docker in Production, die Mobiliar
Docker in Production, die MobiliarDocker in Production, die Mobiliar
Docker in Production, die MobiliarPhilipp Grossenbacher
 
11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group Meetup11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group MeetupPhilipp Grossenbacher
 
Quick workflow of a nodejs api
Quick workflow of a nodejs apiQuick workflow of a nodejs api
Quick workflow of a nodejs apiPaolo Carrasco Mori
 
2015 05-06-karsten gaebert-akademie-etrainings
2015 05-06-karsten gaebert-akademie-etrainings2015 05-06-karsten gaebert-akademie-etrainings
2015 05-06-karsten gaebert-akademie-etrainingsHaufe-Lexware GmbH & Co KG
 
Jenkins x gitops
Jenkins x gitopsJenkins x gitops
Jenkins x gitopsJose Luis Sánchez Rebollo
 
Enabling Devops using Jenkins
Enabling Devops using JenkinsEnabling Devops using Jenkins
Enabling Devops using JenkinsPatrick Hynes
 
Architecting the Future: Abstractions and Metadata - GlueCon
Architecting the Future: Abstractions and Metadata - GlueConArchitecting the Future: Abstractions and Metadata - GlueCon
Architecting the Future: Abstractions and Metadata - GlueConDaniel Barker
 

Recomendados

Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 RecapAarno Aukia
 
Docker in Production, die Mobiliar
Docker in Production, die MobiliarDocker in Production, die Mobiliar
Docker in Production, die MobiliarPhilipp Grossenbacher
 
11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group Meetup11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group MeetupPhilipp Grossenbacher
 
Quick workflow of a nodejs api
Quick workflow of a nodejs apiQuick workflow of a nodejs api
Quick workflow of a nodejs apiPaolo Carrasco Mori
 
2015 05-06-karsten gaebert-akademie-etrainings
2015 05-06-karsten gaebert-akademie-etrainings2015 05-06-karsten gaebert-akademie-etrainings
2015 05-06-karsten gaebert-akademie-etrainingsHaufe-Lexware GmbH & Co KG
 
Jenkins x gitops
Jenkins x gitopsJenkins x gitops
Jenkins x gitopsJose Luis Sánchez Rebollo
 
Enabling Devops using Jenkins
Enabling Devops using JenkinsEnabling Devops using Jenkins
Enabling Devops using JenkinsPatrick Hynes
 
Architecting the Future: Abstractions and Metadata - GlueCon
Architecting the Future: Abstractions and Metadata - GlueConArchitecting the Future: Abstractions and Metadata - GlueCon
Architecting the Future: Abstractions and Metadata - GlueConDaniel Barker
 
GitLab for CI/CD process
GitLab for CI/CD processGitLab for CI/CD process
GitLab for CI/CD processHYS Enterprise
 
Gitlab ci-cd
Gitlab ci-cdGitlab ci-cd
Gitlab ci-cdDan MAGIER
 
dotnetsheff: Continuous delivery with Team City and Octopus Deploy
dotnetsheff: Continuous delivery with Team City and Octopus Deploydotnetsheff: Continuous delivery with Team City and Octopus Deploy
dotnetsheff: Continuous delivery with Team City and Octopus DeployKevin Kuszyk
 
Automated Testing Environments With Kubernetes & GitLab
Automated Testing Environments With Kubernetes & GitLabAutomated Testing Environments With Kubernetes & GitLab
Automated Testing Environments With Kubernetes & GitLabVladislav Supalov
 
Migrating Java JBoss EAP Applications to Kubernetes With S2I
Migrating Java JBoss EAP Applications to Kubernetes With S2IMigrating Java JBoss EAP Applications to Kubernetes With S2I
Migrating Java JBoss EAP Applications to Kubernetes With S2IKonveyor Community
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOpsJuraj Hantak
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceNico Meisenzahl
 
GitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyGitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyWeaveworks
 
Elasticsearch Monitoring in Openshift
Elasticsearch Monitoring in OpenshiftElasticsearch Monitoring in Openshift
Elasticsearch Monitoring in OpenshiftLukas Vlcek
 
Continuous Delivery with Docker, Kubernetes and GoCD
Continuous Delivery with Docker, Kubernetes and GoCDContinuous Delivery with Docker, Kubernetes and GoCD
Continuous Delivery with Docker, Kubernetes and GoCDThoughtworks
 
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26Vulk Coop
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftAarno Aukia
 
XP Days Ukraine 2016 Building CD Pipeline in Azure
XP Days Ukraine 2016 Building CD Pipeline in AzureXP Days Ukraine 2016 Building CD Pipeline in Azure
XP Days Ukraine 2016 Building CD Pipeline in AzureSergii Kryshtop
 
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...Amir Moghimi
 
Docker
DockerDocker
DockerJoel Pinheiro
 
Thriving in the cloud: Going beyond the 12 factors
Thriving in the cloud: Going beyond the 12 factorsThriving in the cloud: Going beyond the 12 factors
Thriving in the cloud: Going beyond the 12 factorsGrace Jansen
 
GitOps and Kubernetes: a radical idea
GitOps and Kubernetes: a radical ideaGitOps and Kubernetes: a radical idea
GitOps and Kubernetes: a radical ideaManning Publications
 
Docker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshDocker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshCodefresh
 
Helm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionHelm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionGregory Taylor
 
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...Amazon Web Services
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOpsAarno Aukia
 

Más contenido relacionado

La actualidad más candente

GitLab for CI/CD process
GitLab for CI/CD processGitLab for CI/CD process
GitLab for CI/CD processHYS Enterprise
 
dotnetsheff: Continuous delivery with Team City and Octopus Deploy
dotnetsheff: Continuous delivery with Team City and Octopus Deploydotnetsheff: Continuous delivery with Team City and Octopus Deploy
dotnetsheff: Continuous delivery with Team City and Octopus DeployKevin Kuszyk
 
Automated Testing Environments With Kubernetes & GitLab
Automated Testing Environments With Kubernetes & GitLabAutomated Testing Environments With Kubernetes & GitLab
Automated Testing Environments With Kubernetes & GitLabVladislav Supalov
 
Migrating Java JBoss EAP Applications to Kubernetes With S2I
Migrating Java JBoss EAP Applications to Kubernetes With S2IMigrating Java JBoss EAP Applications to Kubernetes With S2I
Migrating Java JBoss EAP Applications to Kubernetes With S2IKonveyor Community
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceNico Meisenzahl
 
GitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyGitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyWeaveworks
 
Elasticsearch Monitoring in Openshift
Elasticsearch Monitoring in OpenshiftElasticsearch Monitoring in Openshift
Elasticsearch Monitoring in OpenshiftLukas Vlcek
 
Continuous Delivery with Docker, Kubernetes and GoCD
Continuous Delivery with Docker, Kubernetes and GoCDContinuous Delivery with Docker, Kubernetes and GoCD
Continuous Delivery with Docker, Kubernetes and GoCDThoughtworks
 
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26Vulk Coop
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftAarno Aukia
 
XP Days Ukraine 2016 Building CD Pipeline in Azure
XP Days Ukraine 2016 Building CD Pipeline in AzureXP Days Ukraine 2016 Building CD Pipeline in Azure
XP Days Ukraine 2016 Building CD Pipeline in AzureSergii Kryshtop
 
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...Amir Moghimi
 
Thriving in the cloud: Going beyond the 12 factors
Thriving in the cloud: Going beyond the 12 factorsThriving in the cloud: Going beyond the 12 factors
Thriving in the cloud: Going beyond the 12 factorsGrace Jansen
 
GitOps and Kubernetes: a radical idea
GitOps and Kubernetes: a radical ideaGitOps and Kubernetes: a radical idea
GitOps and Kubernetes: a radical ideaManning Publications
 
Docker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshDocker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshCodefresh
 
Helm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionHelm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionGregory Taylor
 
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...Amazon Web Services
 

La actualidad más candente (20)

GitLab for CI/CD process
GitLab for CI/CD processGitLab for CI/CD process
GitLab for CI/CD process
 
Gitlab ci-cd
Gitlab ci-cdGitlab ci-cd
Gitlab ci-cd
 
dotnetsheff: Continuous delivery with Team City and Octopus Deploy
dotnetsheff: Continuous delivery with Team City and Octopus Deploydotnetsheff: Continuous delivery with Team City and Octopus Deploy
dotnetsheff: Continuous delivery with Team City and Octopus Deploy
 
Automated Testing Environments With Kubernetes & GitLab
Automated Testing Environments With Kubernetes & GitLabAutomated Testing Environments With Kubernetes & GitLab
Automated Testing Environments With Kubernetes & GitLab
 
Migrating Java JBoss EAP Applications to Kubernetes With S2I
Migrating Java JBoss EAP Applications to Kubernetes With S2IMigrating Java JBoss EAP Applications to Kubernetes With S2I
Migrating Java JBoss EAP Applications to Kubernetes With S2I
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
 
GitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott RigbyGitOps for Helm Users by Scott Rigby
GitOps for Helm Users by Scott Rigby
 
Elasticsearch Monitoring in Openshift
Elasticsearch Monitoring in OpenshiftElasticsearch Monitoring in Openshift
Elasticsearch Monitoring in Openshift
 
Continuous Delivery with Docker, Kubernetes and GoCD
Continuous Delivery with Docker, Kubernetes and GoCDContinuous Delivery with Docker, Kubernetes and GoCD
Continuous Delivery with Docker, Kubernetes and GoCD
 
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
CNCF: Cross-cloud CI v1.0.0 Dashboard Release 2018-01-26
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShift
 
XP Days Ukraine 2016 Building CD Pipeline in Azure
XP Days Ukraine 2016 Building CD Pipeline in AzureXP Days Ukraine 2016 Building CD Pipeline in Azure
XP Days Ukraine 2016 Building CD Pipeline in Azure
 
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
Dr. Strangeconfig or: How I Learned to Stop Using Chef and Puppet and Love th...
 
Docker
DockerDocker
Docker
 
Thriving in the cloud: Going beyond the 12 factors
Thriving in the cloud: Going beyond the 12 factorsThriving in the cloud: Going beyond the 12 factors
Thriving in the cloud: Going beyond the 12 factors
 
GitOps and Kubernetes: a radical idea
GitOps and Kubernetes: a radical ideaGitOps and Kubernetes: a radical idea
GitOps and Kubernetes: a radical idea
 
Docker based-Pipelines with Codefresh
Docker based-Pipelines with CodefreshDocker based-Pipelines with Codefresh
Docker based-Pipelines with Codefresh
 
Helm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionHelm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to production
 
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
Multi-container Applications on OpenShift with the Ansible Service Broker Mul...
 

Similar a DevSecOps Security in DevOps Automation

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOpsAarno Aukia
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps processAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloudAarno Aukia
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftAarno Aukia
 
A guide to modern software development 2018
A guide to modern software development 2018A guide to modern software development 2018
A guide to modern software development 2018Peter Bittner
 
Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016Matt Tesauro
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesAarno Aukia
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementSergii Kryshtop
 
Avoid the Vendor Lock-in Trap (with App Deployment)
Avoid the Vendor Lock-in Trap (with App Deployment)Avoid the Vendor Lock-in Trap (with App Deployment)
Avoid the Vendor Lock-in Trap (with App Deployment)Peter Bittner
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterMatt Tesauro
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021William Caban
 
DevOps Foundations
DevOps FoundationsDevOps Foundations
DevOps FoundationsAmr Fawzy
 
Exercising and Scaling Up Mobile DevOps in the Enterprise
Exercising and Scaling Up Mobile DevOps in the EnterpriseExercising and Scaling Up Mobile DevOps in the Enterprise
Exercising and Scaling Up Mobile DevOps in the EnterpriseBitbar
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Aarno Aukia
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudAarno Aukia
 
Delivery Pipelines as a First Class Citizen @deliverAgile2019
Delivery Pipelines as a First Class Citizen @deliverAgile2019Delivery Pipelines as a First Class Citizen @deliverAgile2019
Delivery Pipelines as a First Class Citizen @deliverAgile2019ciberkleid
 

Similar a DevSecOps Security in DevOps Automation (20)

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps process
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
 
A guide to modern software development 2018
A guide to modern software development 2018A guide to modern software development 2018
A guide to modern software development 2018
 
Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016Taking AppSec to 11 - BSides Austin 2016
Taking AppSec to 11 - BSides Austin 2016
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, Kubernetes
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release Management
 
Avoid the Vendor Lock-in Trap (with App Deployment)
Avoid the Vendor Lock-in Trap (with App Deployment)Avoid the Vendor Lock-in Trap (with App Deployment)
Avoid the Vendor Lock-in Trap (with App Deployment)
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
 
DevOps Foundations
DevOps FoundationsDevOps Foundations
DevOps Foundations
 
Exercising and Scaling Up Mobile DevOps in the Enterprise
Exercising and Scaling Up Mobile DevOps in the EnterpriseExercising and Scaling Up Mobile DevOps in the Enterprise
Exercising and Scaling Up Mobile DevOps in the Enterprise
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der Cloud
 
Delivery Pipelines as a First Class Citizen @deliverAgile2019
Delivery Pipelines as a First Class Citizen @deliverAgile2019Delivery Pipelines as a First Class Citizen @deliverAgile2019
Delivery Pipelines as a First Class Citizen @deliverAgile2019
 
Dev ops
Dev opsDev ops
Dev ops
 

Más de Aarno Aukia

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookAarno Aukia
 
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudAarno Aukia
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Aarno Aukia
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsAarno Aukia
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAarno Aukia
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Aarno Aukia
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloudAarno Aukia
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die CloudAarno Aukia
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container PlattformsAarno Aukia
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOpsAarno Aukia
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native ComputingAarno Aukia
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Aarno Aukia
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chAarno Aukia
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceAarno Aukia
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichAarno Aukia
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-CommerceAarno Aukia
 
Docker Containers in Azure
Docker Containers in AzureDocker Containers in Azure
Docker Containers in AzureAarno Aukia
 

Más de Aarno Aukia (18)

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
 
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platforms
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloud
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die Cloud
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container Plattforms
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOps
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native Computing
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open source
 
SecDevOps 2017
SecDevOps 2017SecDevOps 2017
SecDevOps 2017
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup Zürich
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-Commerce
 
Docker Containers in Azure
Docker Containers in AzureDocker Containers in Azure
Docker Containers in Azure
 

Último

Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 

Último (20)

Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 

DevSecOps Security in DevOps Automation

  • 1. VSHN - The DevOps Company DevSecOps Security in DevOps Aarno Aukia, CTO @ VSHN - The DevOps Company 4.6.2019 Swiss Association for Quality
  • 2. VSHN - The DevOps Company ● About Aarno & VSHN.ch ● From Dev to DevOps to DevSecOps ● DevOps/AppSec/DevSecOps/SecOps? ● Automating Operations to include security ○ Build ○ Test ○ Deployment ○ Ops ■ Software containers & container orchestration: Docker & Kubernetes ■ Cloud Native Computing ● IT Governance improvements 22 Agenda
  • 3. VSHN - The DevOps Company @aarnoaukia http://about.me/aarno aarno.aukia@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company Since 2014, currently 37 VSHNeers in Zürich, Switzerland Helping Developers run applications on any infrastructure making both visitors happy with stability and developers happy with agility 33 About Aarno & VSHN.ch
  • 4. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 5. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 6. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 7. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Testing Release Biz
  • 8. VSHN - The DevOps Company Software Project Management: Dev vs. Ops Requirements Design Implementation Testing Release Ops Biz
  • 9. VSHN - The DevOps Company 9 OPS = Firefighting-as-a-Service ? 9
  • 10. VSHN - The DevOps Company Capability Maturity Model Integration (CMMI) 1010 Operations 2014 How to get to this level?
  • 11. VSHN - The DevOps Company DevOps: People, Processes & Tools 1111
  • 12. VSHN - The DevOps Company Collaboration between software developers and operations: ● Teamwork ● Continuous improvement ● Efficient and lean ● Agile: being able to react to new requirements ● Automate as much as possible (“Infrastructure as code”) 1212 DevOps: People, Processes & Tools
  • 13. VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor
  • 14. VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor SECURITY
  • 15. VSHN - The DevOps Company Software Project Management: DevSecOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor Todo-List Data & Risks Secure Practices Validation traceabilityauditabilityAnomalies Availability
  • 16. VSHN - The DevOps Company ● Developer education, requirements engineering, design review -> AppSec ● Software Build/Deployment/Operations -> DevSecOps ● Incident detection & management -> SecOps 1616 Areas of security improvement
  • 17. VSHN - The DevOps Company DevSecOps principles 1717
  • 18. VSHN - The DevOps Company ● static code analysis automatically for each commit ● Dependency Management ● (base) container image scanning 1818 Build
  • 19. VSHN - The DevOps Company Code analysis: sonarqube 1919
  • 20. VSHN - The DevOps Company 2020 Dependency updates: https://dependabot.com
  • 21. VSHN - The DevOps Company Container scanning: aquasec 2121
  • 22. VSHN - The DevOps Company ● smoke tests ● test envs “à discretion” 2222 Test
  • 23. VSHN - The DevOps Company ● atomic container deployment ● every deployment (and rollback) is a “normal deployment” ● deployment automation removes need for (all) devs root prod access and/or waiting for ops to deploy new dev version 2323 Deployment
  • 24. VSHN - The DevOps Company ● standardization on (minimal, hardened) OS and container orchestrator ● immutable (application) infrastructure using containers ● process/storage/network separation of applications/environments ● detect/prevent configuration drift between dev/test/stage/prod envs ● documentation & automatic backup of all volumes ● documentation & monitoring of routes/loadbalancers/ingresspoints with enforcing SSL/TLS ● AAI for admin & application ● key & secrets management ● audit logging of control & application planes 2424 Ops
  • 25. VSHN - The DevOps Company Container isolation 2525 ● Kernel namespacing (process & network) ● Control groups (resource quota to prevent DoS) ● SELinux (additional syscall filter) ● prevent running as root inside container, no user-provided privileged containers (enforce best practice) ● readonly container filesystem (harder to persist exploit at runtime)
  • 26. VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 4747 Traditional IT governance
  • 27. VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 4848 Cloud native IT governance
  • 28. VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 4949 IT governance controls in container platforms
  • 29. VSHN - The DevOps Company ● Please get in touch with feedback ● Twitter: @aarnoaukia ● Linkedin: https://www.linkedin.com/in/aukia/ ● Email: aarno.aukia@vshn.ch DevSecOps Forum: https://www.sig-switzerland.ch/devsecops_forum/ 5050 Thank you
  • 30. Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 51