SlideShare ist ein Scribd-Unternehmen logo

DevSecOps - Security in DevOps

Aarno Aukia
Aarno Aukia

Talk held October 5th 2020 at the WeAreDevelopers.com Live week Recording: https://youtu.be/_4rXBsp6K1I?t=7527

Software
1 von 43
Downloaden Sie, um offline zu lesen
VSHN - The DevOps Company DevSecOps Security in DevOps Aarno Aukia, CTO @ VSHN - The DevOps Company 05.10.2020 WeAreDevelopers Live Week
VSHN - The DevOps Company ● About Aarno & VSHN.ch ● Why? From Dev to DevOps to DevSecOps ● What? DevSecOps principles ● How? Concrete measures ● Who? Customer Example: Finnova AG Bankware ● Because? Resulting IT Governance & security benefits 22 Agenda
VSHN - The DevOps Company @aarnoaukia a@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company @vshn_ch Since 2014, currently 45 VSHNeers in Zürich, Switzerland Helping developers run online businesses without having to worry about operations 33 About Aarno & VSHN.ch
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Testing Release Biz
VSHN - The DevOps Company Software Project Management: Dev vs. Ops Requirements Design Implementation Testing Release Ops Biz
VSHN - The DevOps Company 9 OPS = Firefighting-as-a-Service ? 9
VSHN - The DevOps Company Collaboration between software developers and operations: ● Teamwork ● Continuous improvement ● Efficient and lean ● Agile: being able to react to new requirements ● Automate as much as possible (“Infrastructure as code”) 1212 DevOps: People, Processes & Tools
VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor
VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor SECURITY
VSHN - The DevOps Company Software Project Management: DevSecOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor Todo-List Data & Risks Secure Practices Validation traceabilityauditabilityAnomalies Availability
VSHN - The DevOps Company ● Developer education, requirements engineering, design review -> AppSec/DevSec ● Software Build/Deployment/Operations -> DevSecOps ● Incident detection & management -> SecOps 1616 Areas of security improvement
VSHN - The DevOps Company DevSecOps principles 1717
VSHN - The DevOps Company ● static code analysis automatically for each commit (DevSecOps principle 4) ● Dependency Management (DevSecOps principle 5) ● (base) container image scanning (DevSecOps principle 5) 1818 Build
VSHN - The DevOps Company Code analysis: sonarqube 1919
VSHN - The DevOps Company 2020 Dependency updates: https://dependabot.com
VSHN - The DevOps Company Container scanning: aquasec 2121
VSHN - The DevOps Company ● smoke tests (DevSecOps principle 4) ● As many test environments as necessary (DevSecOps principle 4) ● atomic container deployment (DevSecOps principle 6) ● every deployment (and rollback) is a “normal deployment” (DevSecOps principle 6) ● deployment automation removes need for (all) devs root prod access and/or waiting for ops to deploy new dev version (DevSecOps principle 6) 2222 Test & Deployment
VSHN - The DevOps Company ● standardization on (minimal, hardened) OS and container orchestrator ● immutable (application) infrastructure using containers ● process/storage/network separation of applications/environments ● detect/prevent configuration drift between dev/test/stage/prod envs ● documentation & automatic backup of all volumes ● documentation & monitoring of routes/loadbalancers/ingresspoints with enforcing SSL/TLS ● AAI for admin & application ● key & secrets management ● audit logging of control & application planes 2323 Ops (DevSecOps principle 1)
VSHN - The DevOps Company Container isolation 2424 ● Kernel namespacing (process & network) ● Control groups (resource quota to prevent DoS) ● SELinux (additional syscall filter) ● prevent running as root inside container, no user-provided privileged containers (enforce best practice) ● readonly container filesystem (harder to persist exploit at runtime)
VSHN - The DevOps Company ● “Docker” ○ Kernel-based process isolation based on lxc/libcontainer/runc (CNCF open standard) ○ Open Source Tools for container image creation and management (“Docker CE”) ○ Company based in San Francisco (“Docker inc”) ○ Enterprise software product (“Docker EE”) ○ Online portal for public docker containers (“Dockerhub” hub.docker.com) ● “Dockerfile” ○ Text file containing all the instructions to build and assemble the application into a container including application code, appserver, plugins, modules, libraries down to libc ○ Goal: document & automate the build process ○ Usually in the application GIT repository ○ References a base image to incrementally add the application to 3030 Container technology: Docker
VSHN - The DevOps Company ● Use declarative formats for setup automation ● Have a clean, portable contract with the underlying operating system ● Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration; ● Minimize divergence between development and production, enabling continuous deployment for maximum agility; ● And can scale up without significant changes to tooling, architecture, or development practices. 3131 12 Factor App Patterns: https://12factor.net/
VSHN - The DevOps Company From container to production? 3232
VSHN - The DevOps Company ● How many container instances should be running per service? ● On which IP/port/server are they running on? ● Service discovery ● What happens if a container/server goes away? ● scaling, load balancing, rolling deployments, persistent storage, networking 3333 Container orchestration: Kubernetes
VSHN - The DevOps Company Docker Kubernetes 3939 Layers of abstraction Hardware Operating System Service discovery & Load balancing Application Server Application Cloud/Onprem
VSHN - The DevOps Company Zooming in...
VSHN - The DevOps Company ● Logging: EFK ● Metrics: Prometheus ● SSL-Certificates: cert-manager (letsencrypt.org) ● Source-to-image builder, Dockerfile builder, Docker-Image-Registry ● Load-balancing: Ingress, NGINX ● horizontal (auto) scaling, rolling deployments ● Scanning: image scanning (repo & runtime) 4141 Kubernetes Ecosystem
VSHN - The DevOps Company AAI: Keycloak 4242 ● Identity & Access Management ● Single sign in/out ● Identity brokering: ○ OpenID Connect (OAuth2, FB/Twitter/Github etc.) ○ SAML2.0 ○ Kerberos ● User federation: LDAP, AD, etc ● 2FA: TOTP/HOTP ● Managing the Authorization groups
VSHN - The DevOps Company Logs: ELK/EFK/Greylog 4343 ● Logging all access and changes through the control plane ● Logging all access to the application and correlate with application logs ● Index, view, filter, aggregate KPI → monitoring ● Store outside of application scope
VSHN - The DevOps Company ● Prometheus ○ time series database ○ open source / CNCF-project ○ well-integrated in docker/kubernetes stats ● NewRelic APM ○ application-level profiling ○ performance tracking ○ exception tracking (backend & frontend) ○ available as SaaS 4444 Metrics: Prometheus / NewRelic
VSHN - The DevOps Company ● Developer and Operator of Banking Software used by ~100 Banks ● Based in Lenzburg, Switzerland ● Founded 1974 ● ~400 Employees Example: Finnova AG Bankware
Hier steht der Präsentationstitel I 47
VSHN - The DevOps Company 48 Deployment Process & Security DEV (Repository) Files (Pods) Docker Images Container (OpenShift) Betrieb AM Seewen (PRD) GitHub Code Image-Scan (Security & Compliance Policies) » Code Analyse » Image Scanning » Container Hardening Runtime » Network Security » Monitoring » Logging & Reporting » Code Security » Access » Security & Auditing SecurityDeployment
VSHN - The DevOps Company 49 Architecture and Security
VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 5050 Traditional IT governance
VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 5151 Cloud native IT governance
VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 5252 IT governance controls in container platforms
VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 5353 IT governance financial/compliance controlling
VSHN - The DevOps Company DevSecOps principles 5454
VSHN - The DevOps Company ● Please get in touch with feedback ● Twitter: @aarnoaukia ● Linkedin: https://www.linkedin.com/in/aukia/ ● Email: aarno.aukia@vshn.ch 5555 Thank you
Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 56

Empfohlen

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookAarno Aukia
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Cloud Native Rosenheim Meetup
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive LibbySchulze
 
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...Red Hat Developers
 
Mastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckMastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckRundeck
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.
 
DevSecOps with Confidence
DevSecOps with ConfidenceDevSecOps with Confidence
DevSecOps with ConfidenceVMware Tanzu
 

Empfohlen

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookAarno Aukia
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Cloud Native Rosenheim Meetup
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive LibbySchulze
 
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...Red Hat Developers
 
Mastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckMastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckRundeck
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.
 
DevSecOps with Confidence
DevSecOps with ConfidenceDevSecOps with Confidence
DevSecOps with ConfidenceVMware Tanzu
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...Nico Meisenzahl
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorialGuo Albert
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesDeploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesAll Things Open
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINXGeoffrey Filippi
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4Tikal Knowledge
 
DevSecOps on Azure
DevSecOps on AzureDevSecOps on Azure
DevSecOps on AzureSeven Peaks Speaks
 
Webinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformWebinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformKiratech
 
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014FalafelSoftware
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffnklmish
 
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...MarcelLanz
 
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesTaming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesKarl Ots
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...Icinga
 
What we do with Go
What we do with GoWhat we do with Go
What we do with GoMarcelLanz
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)Red Hat Developers
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabMatan Keidar
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Giovanni Coppa
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Concurrency in Swift
Concurrency in SwiftConcurrency in Swift
Concurrency in SwiftSeven Peaks Speaks
 
OSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndOSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndNETWAYS
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 

Weitere ähnliche Inhalte

Was ist angesagt?

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...Nico Meisenzahl
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorialGuo Albert
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesDeploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesAll Things Open
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINXGeoffrey Filippi
 
Webinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformWebinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformKiratech
 
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014FalafelSoftware
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffnklmish
 
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...MarcelLanz
 
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesTaming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesKarl Ots
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...Icinga
 
What we do with Go
What we do with GoWhat we do with Go
What we do with GoMarcelLanz
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)Red Hat Developers
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabMatan Keidar
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Giovanni Coppa
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
OSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndOSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndNETWAYS
 

Was ist angesagt? (20)

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorial
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesDeploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4
 
DevSecOps on Azure
DevSecOps on AzureDevSecOps on Azure
DevSecOps on Azure
 
Webinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformWebinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins Platform
 
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
 
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
 
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesTaming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team Services
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
 
What we do with Go
What we do with GoWhat we do with Go
What we do with Go
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLab
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
Concurrency in Swift
Concurrency in SwiftConcurrency in Swift
Concurrency in Swift
 
OSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndOSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk Bernd
 

Ähnlich wie DevSecOps - Security in DevOps

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps processAarno Aukia
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesAarno Aukia
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloudAarno Aukia
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftAarno Aukia
 
A guide to modern software development 2018
A guide to modern software development 2018A guide to modern software development 2018
A guide to modern software development 2018Peter Bittner
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021William Caban
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudAarno Aukia
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Microsoft
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementSergii Kryshtop
 
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with ConcourseContinuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with ConcourseVMware Tanzu
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016Docker, Inc.
 
CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018Krishna-Kumar
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudCloudify Community
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 

Ähnlich wie DevSecOps - Security in DevOps (20)

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps process
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, Kubernetes
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
 
A guide to modern software development 2018
A guide to modern software development 2018A guide to modern software development 2018
A guide to modern software development 2018
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der Cloud
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release Management
 
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with ConcourseContinuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018
 
Plataforma DevOps en OpenShift
Plataforma DevOps en OpenShiftPlataforma DevOps en OpenShift
Plataforma DevOps en OpenShift
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 

Mehr von Aarno Aukia

Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudAarno Aukia
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Aarno Aukia
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Aarno Aukia
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 RecapAarno Aukia
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsAarno Aukia
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAarno Aukia
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Aarno Aukia
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloudAarno Aukia
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die CloudAarno Aukia
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container PlattformsAarno Aukia
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOpsAarno Aukia
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native ComputingAarno Aukia
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Aarno Aukia
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chAarno Aukia
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceAarno Aukia
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichAarno Aukia
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-CommerceAarno Aukia
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftAarno Aukia
 
Docker Containers in Azure
Docker Containers in AzureDocker Containers in Azure
Docker Containers in AzureAarno Aukia
 

Mehr von Aarno Aukia (20)

Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 Recap
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platforms
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloud
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die Cloud
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container Plattforms
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOps
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native Computing
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open source
 
SecDevOps 2017
SecDevOps 2017SecDevOps 2017
SecDevOps 2017
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup Zürich
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-Commerce
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShift
 
Docker Containers in Azure
Docker Containers in AzureDocker Containers in Azure
Docker Containers in Azure
 

Kürzlich hochgeladen

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 

Kürzlich hochgeladen (20)

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 

DevSecOps - Security in DevOps

  • 1. VSHN - The DevOps Company DevSecOps Security in DevOps Aarno Aukia, CTO @ VSHN - The DevOps Company 05.10.2020 WeAreDevelopers Live Week
  • 2. VSHN - The DevOps Company ● About Aarno & VSHN.ch ● Why? From Dev to DevOps to DevSecOps ● What? DevSecOps principles ● How? Concrete measures ● Who? Customer Example: Finnova AG Bankware ● Because? Resulting IT Governance & security benefits 22 Agenda
  • 3. VSHN - The DevOps Company @aarnoaukia a@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company @vshn_ch Since 2014, currently 45 VSHNeers in Zürich, Switzerland Helping developers run online businesses without having to worry about operations 33 About Aarno & VSHN.ch
  • 4. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 5. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 6. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 7. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Testing Release Biz
  • 8. VSHN - The DevOps Company Software Project Management: Dev vs. Ops Requirements Design Implementation Testing Release Ops Biz
  • 9. VSHN - The DevOps Company 9 OPS = Firefighting-as-a-Service ? 9
  • 10. VSHN - The DevOps Company Collaboration between software developers and operations: ● Teamwork ● Continuous improvement ● Efficient and lean ● Agile: being able to react to new requirements ● Automate as much as possible (“Infrastructure as code”) 1212 DevOps: People, Processes & Tools
  • 11. VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor
  • 12. VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor SECURITY
  • 13. VSHN - The DevOps Company Software Project Management: DevSecOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor Todo-List Data & Risks Secure Practices Validation traceabilityauditabilityAnomalies Availability
  • 14. VSHN - The DevOps Company ● Developer education, requirements engineering, design review -> AppSec/DevSec ● Software Build/Deployment/Operations -> DevSecOps ● Incident detection & management -> SecOps 1616 Areas of security improvement
  • 15. VSHN - The DevOps Company DevSecOps principles 1717
  • 16. VSHN - The DevOps Company ● static code analysis automatically for each commit (DevSecOps principle 4) ● Dependency Management (DevSecOps principle 5) ● (base) container image scanning (DevSecOps principle 5) 1818 Build
  • 17. VSHN - The DevOps Company Code analysis: sonarqube 1919
  • 18. VSHN - The DevOps Company 2020 Dependency updates: https://dependabot.com
  • 19. VSHN - The DevOps Company Container scanning: aquasec 2121
  • 20. VSHN - The DevOps Company ● smoke tests (DevSecOps principle 4) ● As many test environments as necessary (DevSecOps principle 4) ● atomic container deployment (DevSecOps principle 6) ● every deployment (and rollback) is a “normal deployment” (DevSecOps principle 6) ● deployment automation removes need for (all) devs root prod access and/or waiting for ops to deploy new dev version (DevSecOps principle 6) 2222 Test & Deployment
  • 21. VSHN - The DevOps Company ● standardization on (minimal, hardened) OS and container orchestrator ● immutable (application) infrastructure using containers ● process/storage/network separation of applications/environments ● detect/prevent configuration drift between dev/test/stage/prod envs ● documentation & automatic backup of all volumes ● documentation & monitoring of routes/loadbalancers/ingresspoints with enforcing SSL/TLS ● AAI for admin & application ● key & secrets management ● audit logging of control & application planes 2323 Ops (DevSecOps principle 1)
  • 22. VSHN - The DevOps Company Container isolation 2424 ● Kernel namespacing (process & network) ● Control groups (resource quota to prevent DoS) ● SELinux (additional syscall filter) ● prevent running as root inside container, no user-provided privileged containers (enforce best practice) ● readonly container filesystem (harder to persist exploit at runtime)
  • 23. VSHN - The DevOps Company ● “Docker” ○ Kernel-based process isolation based on lxc/libcontainer/runc (CNCF open standard) ○ Open Source Tools for container image creation and management (“Docker CE”) ○ Company based in San Francisco (“Docker inc”) ○ Enterprise software product (“Docker EE”) ○ Online portal for public docker containers (“Dockerhub” hub.docker.com) ● “Dockerfile” ○ Text file containing all the instructions to build and assemble the application into a container including application code, appserver, plugins, modules, libraries down to libc ○ Goal: document & automate the build process ○ Usually in the application GIT repository ○ References a base image to incrementally add the application to 3030 Container technology: Docker
  • 24. VSHN - The DevOps Company ● Use declarative formats for setup automation ● Have a clean, portable contract with the underlying operating system ● Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration; ● Minimize divergence between development and production, enabling continuous deployment for maximum agility; ● And can scale up without significant changes to tooling, architecture, or development practices. 3131 12 Factor App Patterns: https://12factor.net/
  • 25. VSHN - The DevOps Company From container to production? 3232
  • 26. VSHN - The DevOps Company ● How many container instances should be running per service? ● On which IP/port/server are they running on? ● Service discovery ● What happens if a container/server goes away? ● scaling, load balancing, rolling deployments, persistent storage, networking 3333 Container orchestration: Kubernetes
  • 27. VSHN - The DevOps Company Docker Kubernetes 3939 Layers of abstraction Hardware Operating System Service discovery & Load balancing Application Server Application Cloud/Onprem
  • 28. VSHN - The DevOps Company Zooming in...
  • 29. VSHN - The DevOps Company ● Logging: EFK ● Metrics: Prometheus ● SSL-Certificates: cert-manager (letsencrypt.org) ● Source-to-image builder, Dockerfile builder, Docker-Image-Registry ● Load-balancing: Ingress, NGINX ● horizontal (auto) scaling, rolling deployments ● Scanning: image scanning (repo & runtime) 4141 Kubernetes Ecosystem
  • 30. VSHN - The DevOps Company AAI: Keycloak 4242 ● Identity & Access Management ● Single sign in/out ● Identity brokering: ○ OpenID Connect (OAuth2, FB/Twitter/Github etc.) ○ SAML2.0 ○ Kerberos ● User federation: LDAP, AD, etc ● 2FA: TOTP/HOTP ● Managing the Authorization groups
  • 31. VSHN - The DevOps Company Logs: ELK/EFK/Greylog 4343 ● Logging all access and changes through the control plane ● Logging all access to the application and correlate with application logs ● Index, view, filter, aggregate KPI → monitoring ● Store outside of application scope
  • 32. VSHN - The DevOps Company ● Prometheus ○ time series database ○ open source / CNCF-project ○ well-integrated in docker/kubernetes stats ● NewRelic APM ○ application-level profiling ○ performance tracking ○ exception tracking (backend & frontend) ○ available as SaaS 4444 Metrics: Prometheus / NewRelic
  • 33. VSHN - The DevOps Company ● Developer and Operator of Banking Software used by ~100 Banks ● Based in Lenzburg, Switzerland ● Founded 1974 ● ~400 Employees Example: Finnova AG Bankware
  • 34. Hier steht der Präsentationstitel I 47
  • 35. VSHN - The DevOps Company 48 Deployment Process & Security DEV (Repository) Files (Pods) Docker Images Container (OpenShift) Betrieb AM Seewen (PRD) GitHub Code Image-Scan (Security & Compliance Policies) » Code Analyse » Image Scanning » Container Hardening Runtime » Network Security » Monitoring » Logging & Reporting » Code Security » Access » Security & Auditing SecurityDeployment
  • 36. VSHN - The DevOps Company 49 Architecture and Security
  • 37. VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 5050 Traditional IT governance
  • 38. VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 5151 Cloud native IT governance
  • 39. VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 5252 IT governance controls in container platforms
  • 40. VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 5353 IT governance financial/compliance controlling
  • 41. VSHN - The DevOps Company DevSecOps principles 5454
  • 42. VSHN - The DevOps Company ● Please get in touch with feedback ● Twitter: @aarnoaukia ● Linkedin: https://www.linkedin.com/in/aukia/ ● Email: aarno.aukia@vshn.ch 5555 Thank you
  • 43. Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 56