SlideShare une entreprise Scribd logo

KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"

Télécharger en tant que PPTX, PDF
Daniel Bryant
Daniel Bryant

Everyone building or operating cloud native applications must understand the fundamentals of security issues and modern threat models. Although this topic is vast, in this talk Nic and Daniel will focus on the end-to-end communication and higher-level networking threats, and explore how the combination of an edge proxy and service mesh using TLS and mTLS can be used to mitigate many man-in-the-middle attacks. Key takeaways include: - An understanding of the "three pillars" of service mesh functionality: observability, reliability, and security. A service mesh is in a unique place to enforce security features like mTLS - Learn how to ensure that there are no exploitable "gaps" within the end-to-end/user-to-service communication path. - Explore the differences in ingress/mesh control planes, with brief demonstrations using Ambassador and Consul Connect

Technologie
1  sur  38
Copyright © 2019 HashiCorp Securing Cloud Native Communication: From End User to Service Daniel Bryant Product Architect, Datawire Nic Jackson Developer Advocate, HashiCorp
tl;dr ▪ We’re seeing an increase in application modernisation/hybrid platforms ▪ Decoupling apps and infrastructure is key: incrementally and securely ▪ All security must have good UX / DevEx ▪ Defence in depth is vital -- network / service security is one part of this ▪ Mind the gap(s)!
Who are we? Nic Jackson Developer Advocate, HashiCorp @sheriffjackson Daniel Bryant Product Architect, Datawire @danielbryantuk
So, we don’t want to scare you, but...
So, we don’t want to scare you, but... 214 Records containing personal data are exploited every second
So, we don’t want to scare you, but... 2.2% Of compromised records are protected by encryption
So, we don’t want to scare you, but... 65% Of cases are linked to identity theft
So, we don’t want to scare you, but... $3,860,000 Is the average cost of a data breach
So, we don’t want to scare you, but... $350,00,000 Is the cost of a breach containing over 50 million records
So, we don’t want to scare you, but... 72% Increase in attacks between 2017 and 2018 Gemalto Breach Level Index: https://breachlevelindex.com/ IBM Cost of a Data Breach Study: https://www.ibm.com/security/data-breach
We’re assuming that you have secured your data at rest… ...and hardened compute
But what about data in motion? Are your comms vulnerable?
And what about during application modernisation? Network heterogeneity typically increases: - Private DC, cloud, k8s...
https://www.rgoarchitects.com/Files/fallacies.pdf
Exploring end-to-end communication
API Gateway: Edge proxy, ingress, ADC... ▪ Exposes internal services to end-users (via multiple domains) ▪ Encapsulates backends (k8s, VMs, bare metal etc) ▪ TLS termination (enforcing minimum TLS version) ▪ End-user authentication/authorization ▪ Rate limiting (DDoS protection, etc)
Service Mesh: Proxy mesh, Fabric model... ▪ Exposes internal services to internal consumers ▪ Encapsulates service infra (across k8s, VMs, bare metal etc) ▪ mTLS: service identity and traffic encryption ▪ ACLs and intentions: who can do what, and to whom ▪ Implements cross-functional concerns (out-of-process)
Service Mesh: Three Pillars ▪ Observability – “Golden signals”: latency, errors, traffic, saturation (USE, RED) – Both global and service-to-service ▪ Reliability – Abstracting health checks, retries, circuit breakers etc. – Providing sane default to protect system ▪ Security – Authn/z propagation, mTLS, network segmentation
Exploring end-to-end communication
© 2019 HashiCorp 24 Bypass the perimeter by attacking services
© 2019 HashiCorp 25 We need internal network isolation
© 2019 HashiCorp 26 Network segmentation
© 2019 HashiCorp 27 Service segmentation
© 2019 HashiCorp 28 Problem: Dynamic environments...
© 2019 HashiCorp 29 Network / Service segmentation with intention-based security
Exploring end-to-end communication
https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control planes and data planes Data plane Control plane
Control planes: Differing use cases ▪ North-south – Unknown / untrusted clients – Limited exposure of services (Mapping) – Centralised ops ingress defaults + decentralised product team cfg ▪ East-west – Dynamic service information update required (multiple sources) – Identity required for all services (mTLS + ACLs) – “Sane” internal defaults + decentralised dev cfg
Ambassador + Consul
Copyright © 2019 HashiCorp Demo
Conclusion ▪ We’re seeing an increase in application modernisation/hybrid platforms ▪ Decoupling apps and infrastructure is key: incrementally and securely ▪ All security must have good UX / DevEx ▪ Defence in depth is vital -- network / service security is one part of this ▪ Mind the gap(s)!
References ▪ Context: – https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/ ▪ Reference: – https://www.getambassador.io/user-guide/consul-connect-ambassador/ – https://www.getambassador.io/user-guide/consul/ – https://www.consul.io/docs/platform/k8s/ambassador.html Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial Code examples: https://github.com/emojify-app
Copyright © 2019 HashiCorp Questions?
Copyright © 2019 HashiCorp Thanks! @sheriffjackson | @danielbryantuk

Recommandé

Securing Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultSecuring Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultMitchell Pronschinske
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsMykyta Protsenko
 
How ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureHow ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureMSDEVMTL
 
CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?Cloudflare
 
Meetup Microservices Commandments
Meetup Microservices CommandmentsMeetup Microservices Commandments
Meetup Microservices CommandmentsBill Zajac
 
Introduction to Virtual Kubelet
Introduction to Virtual KubeletIntroduction to Virtual Kubelet
Introduction to Virtual KubeletMitchell Pronschinske
 
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...Cisco DevNet
 

Recommandé

Securing Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultSecuring Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultMitchell Pronschinske
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsMykyta Protsenko
 
How ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureHow ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureMSDEVMTL
 
CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?Cloudflare
 
Meetup Microservices Commandments
Meetup Microservices CommandmentsMeetup Microservices Commandments
Meetup Microservices CommandmentsBill Zajac
 
Introduction to Virtual Kubelet
Introduction to Virtual KubeletIntroduction to Virtual Kubelet
Introduction to Virtual KubeletMitchell Pronschinske
 
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...Cisco DevNet
 
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
初探 OpenTelemetry - 蒐集遙測數據的新標準
初探 OpenTelemetry - 蒐集遙測數據的新標準初探 OpenTelemetry - 蒐集遙測數據的新標準
初探 OpenTelemetry - 蒐集遙測數據的新標準Marcus Tung
 
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB
 
DDS tutorial with connector
DDS tutorial with connectorDDS tutorial with connector
DDS tutorial with connectorJavier Povedano
 
Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3WhaTap Labs
 
MongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Jeffrey Holden
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTLinuxCon ContainerCon CloudOpen China
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826Apcera
 
Introduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSIntroduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSKeith Basil
 
Openstack 101
Openstack 101Openstack 101
Openstack 101Kamesh Pemmaraju
 
Google Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGoogle Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGokhan Boranalp
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sinaHui Cheng
 
IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016Kasper Nissen
 
Ci/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsCi/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsJerry Jalava
 
Deploying .NET services with Disnix
Deploying .NET services with DisnixDeploying .NET services with Disnix
Deploying .NET services with DisnixSander van der Burg
 
DevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionDevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionJessica Deen
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioningbuildacloud
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it allMichelle Brush
 
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...Daniel Bryant
 

Contenu connexe

Tendances

Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
初探 OpenTelemetry - 蒐集遙測數據的新標準
初探 OpenTelemetry - 蒐集遙測數據的新標準初探 OpenTelemetry - 蒐集遙測數據的新標準
初探 OpenTelemetry - 蒐集遙測數據的新標準Marcus Tung
 
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB
 
DDS tutorial with connector
DDS tutorial with connectorDDS tutorial with connector
DDS tutorial with connectorJavier Povedano
 
Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3WhaTap Labs
 
MongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Jeffrey Holden
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826Apcera
 
Introduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSIntroduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSKeith Basil
 
Google Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGoogle Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGokhan Boranalp
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sinaHui Cheng
 
IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016Kasper Nissen
 
Ci/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsCi/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsJerry Jalava
 
Deploying .NET services with Disnix
Deploying .NET services with DisnixDeploying .NET services with Disnix
Deploying .NET services with DisnixSander van der Burg
 
DevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionDevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionJessica Deen
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioningbuildacloud
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it allMichelle Brush
 

Tendances (20)

Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov
 
初探 OpenTelemetry - 蒐集遙測數據的新標準
初探 OpenTelemetry - 蒐集遙測數據的新標準初探 OpenTelemetry - 蒐集遙測數據的新標準
初探 OpenTelemetry - 蒐集遙測數據的新標準
 
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
 
DDS tutorial with connector
DDS tutorial with connectorDDS tutorial with connector
DDS tutorial with connector
 
Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3
 
MongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional Model
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826
 
Introduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSIntroduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaS
 
Openstack 101
Openstack 101Openstack 101
Openstack 101
 
Google Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGoogle Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTE
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sina
 
IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016
 
Ci/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsCi/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deployments
 
Deploying .NET services with Disnix
Deploying .NET services with DisnixDeploying .NET services with Disnix
Deploying .NET services with Disnix
 
DevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionDevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World Edition
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioning
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it all
 

Similaire à KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"

[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...Daniel Bryant
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...Daniel Bryant
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunalKashyap Kunal
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud securityIAEME Publication
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanKen Chan
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfNK Carpenter
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationTejaswi Agarwal
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET Journal
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 

Similaire à KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service" (20)

[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
 
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud security
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y Chan
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdf
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 

Plus de Daniel Bryant

ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysDaniel Bryant
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...Daniel Bryant
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"Daniel Bryant
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Daniel Bryant
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"Daniel Bryant
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Daniel Bryant
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Daniel Bryant
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...Daniel Bryant
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Daniel Bryant
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"Daniel Bryant
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...Daniel Bryant
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Daniel Bryant
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Daniel Bryant
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"Daniel Bryant
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...Daniel Bryant
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...Daniel Bryant
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 

Plus de Daniel Bryant (20)

ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
 

Dernier

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Dernier (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"

  • 1. Copyright © 2019 HashiCorp Securing Cloud Native Communication: From End User to Service Daniel Bryant Product Architect, Datawire Nic Jackson Developer Advocate, HashiCorp
  • 2. tl;dr ▪ We’re seeing an increase in application modernisation/hybrid platforms ▪ Decoupling apps and infrastructure is key: incrementally and securely ▪ All security must have good UX / DevEx ▪ Defence in depth is vital -- network / service security is one part of this ▪ Mind the gap(s)!
  • 3. Who are we? Nic Jackson Developer Advocate, HashiCorp @sheriffjackson Daniel Bryant Product Architect, Datawire @danielbryantuk
  • 4. So, we don’t want to scare you, but...
  • 5. So, we don’t want to scare you, but... 214 Records containing personal data are exploited every second
  • 6. So, we don’t want to scare you, but... 2.2% Of compromised records are protected by encryption
  • 7. So, we don’t want to scare you, but... 65% Of cases are linked to identity theft
  • 8. So, we don’t want to scare you, but... $3,860,000 Is the average cost of a data breach
  • 9. So, we don’t want to scare you, but... $350,00,000 Is the cost of a breach containing over 50 million records
  • 10. So, we don’t want to scare you, but... 72% Increase in attacks between 2017 and 2018 Gemalto Breach Level Index: https://breachlevelindex.com/ IBM Cost of a Data Breach Study: https://www.ibm.com/security/data-breach
  • 11.
  • 12. We’re assuming that you have secured your data at rest… ...and hardened compute
  • 13. But what about data in motion? Are your comms vulnerable?
  • 14. And what about during application modernisation? Network heterogeneity typically increases: - Private DC, cloud, k8s...
  • 17.
  • 18. API Gateway: Edge proxy, ingress, ADC... ▪ Exposes internal services to end-users (via multiple domains) ▪ Encapsulates backends (k8s, VMs, bare metal etc) ▪ TLS termination (enforcing minimum TLS version) ▪ End-user authentication/authorization ▪ Rate limiting (DDoS protection, etc)
  • 19.
  • 20. Service Mesh: Proxy mesh, Fabric model... ▪ Exposes internal services to internal consumers ▪ Encapsulates service infra (across k8s, VMs, bare metal etc) ▪ mTLS: service identity and traffic encryption ▪ ACLs and intentions: who can do what, and to whom ▪ Implements cross-functional concerns (out-of-process)
  • 21. Service Mesh: Three Pillars ▪ Observability – “Golden signals”: latency, errors, traffic, saturation (USE, RED) – Both global and service-to-service ▪ Reliability – Abstracting health checks, retries, circuit breakers etc. – Providing sane default to protect system ▪ Security – Authn/z propagation, mTLS, network segmentation
  • 23.
  • 24. © 2019 HashiCorp 24 Bypass the perimeter by attacking services
  • 25. © 2019 HashiCorp 25 We need internal network isolation
  • 26. © 2019 HashiCorp 26 Network segmentation
  • 27. © 2019 HashiCorp 27 Service segmentation
  • 28. © 2019 HashiCorp 28 Problem: Dynamic environments...
  • 29. © 2019 HashiCorp 29 Network / Service segmentation with intention-based security
  • 32. Control planes: Differing use cases ▪ North-south – Unknown / untrusted clients – Limited exposure of services (Mapping) – Centralised ops ingress defaults + decentralised product team cfg ▪ East-west – Dynamic service information update required (multiple sources) – Identity required for all services (mTLS + ACLs) – “Sane” internal defaults + decentralised dev cfg
  • 34. Copyright © 2019 HashiCorp Demo
  • 35. Conclusion ▪ We’re seeing an increase in application modernisation/hybrid platforms ▪ Decoupling apps and infrastructure is key: incrementally and securely ▪ All security must have good UX / DevEx ▪ Defence in depth is vital -- network / service security is one part of this ▪ Mind the gap(s)!
  • 36. References ▪ Context: – https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/ ▪ Reference: – https://www.getambassador.io/user-guide/consul-connect-ambassador/ – https://www.getambassador.io/user-guide/consul/ – https://www.consul.io/docs/platform/k8s/ambassador.html Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial Code examples: https://github.com/emojify-app
  • 37. Copyright © 2019 HashiCorp Questions?
  • 38. Copyright © 2019 HashiCorp Thanks! @sheriffjackson | @danielbryantuk