SlideShare ist ein Scribd-Unternehmen logo

2017-07-12 GovLoop: New Era of Digital Security

S
Shawn Wells

What is DevOpsSec, the Red Hat way?

Regierungs- und gemeinnützige Organisationen
1 von 49
Downloaden Sie, um offline zu lesen
NEW ERA OF DIGITAL SECURITY Shawn Wells Chief Security Strategist U.S. Public Sector shawn@redhat.com || 443-534-0130
Technology for the Digital World 2
When New Technologies are adopted, the Security team gets involved SECURITY 3
Securing the Enterprise is Harder Than Ever 4 Applications & devices outside of IT control Cloud computing Software-defined infrastructure Dissolving security perimeter The way we develop, deploy and manage IT is changing dramatically TRADITIONAL NETWORK-BASED DEFENSES ARE NO LONGER ENOUGH Menacing threat landscape
THE COST OF SECURITY BREACHES 5 2016 Cost of Data Breach Study: Global, June, 2016. Ponemon Institute LLC© Research Report Total average costs are increasing: 2016 $4.0 million 2015 $3.8 million 2014 $3.5 million While “soft” costs are impacting your business ● Business disruption ● Lost employee and customer trust ● Brand erosion ● Shareholder anger ● etc
6 2016 Cost of Data Breach Study: Global, June, 2016. Ponemon Institute LLC© Research Report Malicious or criminal attack System glitch Human error 48% 27% 25% MULTIPLE SOURCES OF RISKS
7 Source: TechValidate. https://www.techvalidate.com/tvid/885-BC3-190 TRYING TO INNOVATE AND REMAIN SECURE AT THE SAME TIME Funding for cloud infrastructure is taking a clear priority in 2017, with security and management still mandatory investments to keep it all under control. What are you organization’s top IT funding priorities for 2017?* 70% 49% 48% 42% 36% 31% 29% 28% 23% Cloud infrastructure (private, public or hybrid) Security and compliance IT Management, automation, orchestration Big data, analytics Optimizing or modernizing existing IT Integration of applications, data or processes Containers Cloud-native or mobile applications Storage *Select all that apply
IMPLEMENT BOTH AGILE & IMPROVED GOVERNANCE PROCESSES 8 Source: TechValidate. https://www.techvalidate.com/tvid/7A6-663-C71 Compliance and governance remain a top priority, but agile and DevOps processes have shot to the top of our customers list this year. This is the only way they will achieve innovation at the speed they need to compete and win. 64% 54% 41% 26% 23% 11% Agile development DevOps processes or methodologies Compliance or governance processes User experience Digital strategies Using more open source IT staff training IT staff retention IT staff recruitment 23% 10% 6% 3%Stopping shadow IT What are you organization’s top priorities around IT cultural or process changes?* *Select all that apply
9 Security policy, process & procedures DESIGN BUILD RUN MANAGE ADAPT SECURITY CHECKLIST SECURITY MUST EVOLVE
Security policy, process & procedures DESIGN BUILD RUN MANAGE ADAPT 10 Identify security requirements & governance models Built-in from the start; not bolted-on Deploy to trusted platforms with enhanced security capabilities Automate systems for security & compliance Revise, update, remediate as the landscape changes SECURITY MUST BE CONTINUOUS And integrated throughout the IT lifecycle
DESIGN BUILD RUN MANAGE ADAPT 11 Define security requirements based on NIST 800-53 Build required protections like web SSO into your applications Run on platforms with embedded protective technology like SELinux Automate compliance with DISA STIG; use automated detection & remediation technologies Continuously evaluate effectiveness and revise as needed CONTINUOUS SECURITY WITH NIST Protect Identify Detect Recover Respond COMMUNICATE
Risk Management 12 Identify Analyse Plan Track Control Communicate The objectives of risk management are to identify, address, and eliminate software risk items before they become either threats to successful software operation or major sources of software rework. Barry W Boehm Approaches to dealing with risk: Reduction - reduce likelihood Protection - bottom-up prevention Transfer - let someone else share or hold Pecuniary - set aside contingency fund of resources
WHY OPEN SOURCE?
OPEN SOURCE DEVELOPMENT DRIVES RAPID INNOVATION
OPEN SOURCE ADOPTION...SOARING 78% 65% of enterprises run open source. of companies are contributing to open software. [1] Black Duck Software, 9th Annual Future of Open Source survey, 2015. www.blackducksoftware.com/2015-future-of-open-source [2] Black Duck Software, 10th Annual Future of Open Source survey, 2016. www.blackducksoftware.com/2016-future-of-open-source [2] [1]
16 OPEN SOURCE CULTURE Collaboration Transparency (both access and the ability to act) Shared problems are solved faster Working together creates standardization *
AGILITY, WITH SECURITY
The Problem Applications require complicated installation and integration every time they are deployed 18
THE PROBLEM I.T. OPERATIONSDEVELOPERS 19
DEVOPS Everything as code Automate everything Application is always “releaseable” Continuous Integration/Delivery Application monitoring Rapid feedback Delivery pipeline Rebuild vs. Repair 20
A Solution Adopting a container strategy will allow applications to be easily shared and deployed. 21
22 WHAT ARE CONTAINERS? It Depends Who You Ask ● Sandboxed application processes on a shared Linux OS kernel ● Simpler, lighter, and denser than virtual machines ● Portable across different environments ● Package my application and all of its dependencies ● Deploy to any environment in seconds and enable CI/CD ● Easily access and share containerized components INFRASTRUCTURE APPLICATIONS
A SOLUTION Hardware Virtual Machine Operating System Container App Controlled by Developers Controlled by IT Operations 23
A SOLUTION I.T. OPERATIONSDEVELOPERS 24
$ docker build -t app:v1 . 25
$ docker build -t app:v1 . $ docker run app:v1 26
physical virtual private cloud public cloud 27
28 DEVOPS WITH CONTAINERS source repository CI/CD engine dev container physical virtual private cloud public cloud 28
? 29
? 30
Scheduling Decide where to deploy containers 31 WE NEED MORE THAN JUST CONTAINERS Lifecycle and health Keep containers running despite failures Discovery Find other containers on the network Monitoring Visibility into running containers Security Control who can do what Scaling Scale containers up and down Persistence Survive data beyond container lifecycle Aggregation Compose apps from multiple containers 31
Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes 32
kubernetes 33
DEVOPS WITH CONTAINERS AND KUBERNETES 34
INDUSTRY CONVERGING ON KUBERNETES 35
INDUSTRY CONVERGING ON KUBERNETES 36
DEVOPS WITH CONTAINERS AND KUBERNETES NETWORK Not enough! Need networking 37
DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY NETWORK Not enough! Need an image registry 38
DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY METRICS AND LOGGING NETWORK heapster Not enough! Need metrics and logging 39
DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application lifecycle management APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 40
DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application services e.g. database and messaging APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 41
DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need self-service portal SELF-SERVICE APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 42
NOT ENOUGH, THERE IS MORE! Routing & Load Balancing Multi-tenancy CI/CD Pipelines Role-based Authorization Capacity Management Chargeback Vulnerability Scanning Container Isolation Image Build Automation Quota Management Teams and Collaboration Infrastructure Visibility 43
Container application platform based on Docker and Kubernetes for building, distributing and running containers at scale 44
45 Security policy, process & procedures DESIGN BUILD RUN MANAGE ADAPT SECURITY CHECKLIST REMEMBER THIS?
46 OpenShift for Government Accreditations & Standards RHEL7 COMMON CRITERIA - EAL4+ - Container Framework - Secure Multi-tenancy RHEL7 FIPS 140-2 CERTIFIED - Data at Rest - Data in Transport OPENSHIFT BLUEPRINT FOR AZURE (FedRAMP MODERATE) OCTOBER 2016 DECEMBER 2016 JUNE 2017 INDUSTRY FIRST: NIST CERTIFIED CONFIGURATION AND VULNERABILITY SCANNER FOR CONTAINER MARCH 2017
47 WANT TO HEAR MORE?
plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews THANK YOU

Empfohlen

Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applicationsalexbe
 
Check point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationCheck point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationNattira Panbun
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOsQualys
 

Empfohlen

Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applicationsalexbe
 
Check point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationCheck point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationNattira Panbun
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOsQualys
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityMighty Guides, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureKaspersky
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecopsVeritis Group, Inc
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedMoti Sagey מוטי שגיא
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonStefan Streichsbier
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityMighty Guides, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureKaspersky
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecopsVeritis Group, Inc
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonStefan Streichsbier
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 

Was ist angesagt? (20)

Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native Security
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products Secure
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
 

Ähnlich wie 2017-07-12 GovLoop: New Era of Digital Security

Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...
ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...
ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...Kenny Buntinx
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofRUDDER
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation finalAlgoSec
 
Keeping Security In-Step with Your Application Demand Curve
Keeping Security In-Step with Your Application Demand CurveKeeping Security In-Step with Your Application Demand Curve
Keeping Security In-Step with Your Application Demand CurveAmazon Web Services
 
Keeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveKeeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveAmazon Web Services
 

Ähnlich wie 2017-07-12 GovLoop: New Era of Digital Security (20)

Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Check Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure WebinarCheck Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure Webinar
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
 
ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...
ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...
ECMDay2015 - Kent Agerlund - Secunia - 10 minutes is all it takes – Managing ...
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proof
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final2018 11-19 improving business agility with security policy automation final
2018 11-19 improving business agility with security policy automation final
 
Keeping Security In-Step with Your Application Demand Curve
Keeping Security In-Step with Your Application Demand CurveKeeping Security In-Step with Your Application Demand Curve
Keeping Security In-Step with Your Application Demand Curve
 
Keeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveKeeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand Curve
 

Mehr von Shawn Wells

2017-10-10 AUSA 2017: Repeatable DCO Platforms
2017-10-10 AUSA 2017: Repeatable DCO Platforms2017-10-10 AUSA 2017: Repeatable DCO Platforms
2017-10-10 AUSA 2017: Repeatable DCO PlatformsShawn Wells
 
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...Shawn Wells
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02Shawn Wells
 
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...Shawn Wells
 
2016 -11-18 OpenSCAP Workshop Coursebook
2016 -11-18 OpenSCAP Workshop Coursebook2016 -11-18 OpenSCAP Workshop Coursebook
2016 -11-18 OpenSCAP Workshop CoursebookShawn Wells
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security AutomationShawn Wells
 
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...Shawn Wells
 
2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security UpdateShawn Wells
 
2015-11-15 - Supercomputing 2015 - Applied Cross Domain
2015-11-15 - Supercomputing 2015 - Applied Cross Domain2015-11-15 - Supercomputing 2015 - Applied Cross Domain
2015-11-15 - Supercomputing 2015 - Applied Cross DomainShawn Wells
 
2015-10-05 Fermilabs DevOps Alone in the Dark
2015-10-05 Fermilabs DevOps Alone in the Dark2015-10-05 Fermilabs DevOps Alone in the Dark
2015-10-05 Fermilabs DevOps Alone in the DarkShawn Wells
 
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
2015-06-25 Red Hat Summit 2015 - Security Compliance Made EasyShawn Wells
 
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
2015 06-12 DevOpsDC 2015 - Consumer to CollaboratorShawn Wells
 
2015-01-27 ssa opening remarks
2015-01-27 ssa opening remarks2015-01-27 ssa opening remarks
2015-01-27 ssa opening remarksShawn Wells
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackersShawn Wells
 
2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scapShawn Wells
 
2014-07-30 defense in depth scap workbook
2014-07-30 defense in depth scap workbook2014-07-30 defense in depth scap workbook
2014-07-30 defense in depth scap workbookShawn Wells
 
2014-05-08 IT Craftsmanship to IT Manufacturing
2014-05-08 IT Craftsmanship to IT Manufacturing2014-05-08 IT Craftsmanship to IT Manufacturing
2014-05-08 IT Craftsmanship to IT ManufacturingShawn Wells
 
2014-04-28 cloud security frameworks and enforcement
2014-04-28 cloud security frameworks and enforcement2014-04-28 cloud security frameworks and enforcement
2014-04-28 cloud security frameworks and enforcementShawn Wells
 
2014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 20142014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 2014Shawn Wells
 
2014 04-03 xyratex event
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex eventShawn Wells
 

Mehr von Shawn Wells (20)

2017-10-10 AUSA 2017: Repeatable DCO Platforms
2017-10-10 AUSA 2017: Repeatable DCO Platforms2017-10-10 AUSA 2017: Repeatable DCO Platforms
2017-10-10 AUSA 2017: Repeatable DCO Platforms
 
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
 
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
2017-02-21 AFCEA West Building Continuous Integration & Deployment (CI/CD) Pi...
 
2016 -11-18 OpenSCAP Workshop Coursebook
2016 -11-18 OpenSCAP Workshop Coursebook2016 -11-18 OpenSCAP Workshop Coursebook
2016 -11-18 OpenSCAP Workshop Coursebook
 
2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation2016-08-29 AFITC Security Automation
2016-08-29 AFITC Security Automation
 
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...
 
2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update2016-08-18 Red Hat Partner Security Update
2016-08-18 Red Hat Partner Security Update
 
2015-11-15 - Supercomputing 2015 - Applied Cross Domain
2015-11-15 - Supercomputing 2015 - Applied Cross Domain2015-11-15 - Supercomputing 2015 - Applied Cross Domain
2015-11-15 - Supercomputing 2015 - Applied Cross Domain
 
2015-10-05 Fermilabs DevOps Alone in the Dark
2015-10-05 Fermilabs DevOps Alone in the Dark2015-10-05 Fermilabs DevOps Alone in the Dark
2015-10-05 Fermilabs DevOps Alone in the Dark
 
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
2015-06-25 Red Hat Summit 2015 - Security Compliance Made Easy
 
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
 
2015-01-27 ssa opening remarks
2015-01-27 ssa opening remarks2015-01-27 ssa opening remarks
2015-01-27 ssa opening remarks
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers
 
2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap2014-07-31 customer convergence applied scap
2014-07-31 customer convergence applied scap
 
2014-07-30 defense in depth scap workbook
2014-07-30 defense in depth scap workbook2014-07-30 defense in depth scap workbook
2014-07-30 defense in depth scap workbook
 
2014-05-08 IT Craftsmanship to IT Manufacturing
2014-05-08 IT Craftsmanship to IT Manufacturing2014-05-08 IT Craftsmanship to IT Manufacturing
2014-05-08 IT Craftsmanship to IT Manufacturing
 
2014-04-28 cloud security frameworks and enforcement
2014-04-28 cloud security frameworks and enforcement2014-04-28 cloud security frameworks and enforcement
2014-04-28 cloud security frameworks and enforcement
 
2014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 20142014 04-17 Applied SCAP, Red Hat Summit 2014
2014 04-17 Applied SCAP, Red Hat Summit 2014
 
2014 04-03 xyratex event
2014 04-03 xyratex event2014 04-03 xyratex event
2014 04-03 xyratex event
 

Kürzlich hochgeladen

The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...nservice241
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...CedZabala
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlEdouardHusson
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.Christina Parmionova
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginningsinfo695895
 
The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)Congressional Budget Office
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Dipal Arora
 
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30JSchaus & Associates
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...SUHANI PANDEY
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...ranjana rawat
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)ahcitycouncil
 

Kürzlich hochgeladen (20)

The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
 
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
WORLD DEVELOPMENT REPORT 2024 - Economic Growth in Middle-Income Countries.
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
 
The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)The U.S. Budget and Economic Outlook (Presentation)
The U.S. Budget and Economic Outlook (Presentation)
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
 
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
↑VVIP celebrity ( Pune ) Serampore Call Girls 8250192130 unlimited shot and a...
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)
 

2017-07-12 GovLoop: New Era of Digital Security

  • 1. NEW ERA OF DIGITAL SECURITY Shawn Wells Chief Security Strategist U.S. Public Sector shawn@redhat.com || 443-534-0130
  • 2. Technology for the Digital World 2
  • 3. When New Technologies are adopted, the Security team gets involved SECURITY 3
  • 4. Securing the Enterprise is Harder Than Ever 4 Applications & devices outside of IT control Cloud computing Software-defined infrastructure Dissolving security perimeter The way we develop, deploy and manage IT is changing dramatically TRADITIONAL NETWORK-BASED DEFENSES ARE NO LONGER ENOUGH Menacing threat landscape
  • 5. THE COST OF SECURITY BREACHES 5 2016 Cost of Data Breach Study: Global, June, 2016. Ponemon Institute LLC© Research Report Total average costs are increasing: 2016 $4.0 million 2015 $3.8 million 2014 $3.5 million While “soft” costs are impacting your business ● Business disruption ● Lost employee and customer trust ● Brand erosion ● Shareholder anger ● etc
  • 6. 6 2016 Cost of Data Breach Study: Global, June, 2016. Ponemon Institute LLC© Research Report Malicious or criminal attack System glitch Human error 48% 27% 25% MULTIPLE SOURCES OF RISKS
  • 7. 7 Source: TechValidate. https://www.techvalidate.com/tvid/885-BC3-190 TRYING TO INNOVATE AND REMAIN SECURE AT THE SAME TIME Funding for cloud infrastructure is taking a clear priority in 2017, with security and management still mandatory investments to keep it all under control. What are you organization’s top IT funding priorities for 2017?* 70% 49% 48% 42% 36% 31% 29% 28% 23% Cloud infrastructure (private, public or hybrid) Security and compliance IT Management, automation, orchestration Big data, analytics Optimizing or modernizing existing IT Integration of applications, data or processes Containers Cloud-native or mobile applications Storage *Select all that apply
  • 8. IMPLEMENT BOTH AGILE & IMPROVED GOVERNANCE PROCESSES 8 Source: TechValidate. https://www.techvalidate.com/tvid/7A6-663-C71 Compliance and governance remain a top priority, but agile and DevOps processes have shot to the top of our customers list this year. This is the only way they will achieve innovation at the speed they need to compete and win. 64% 54% 41% 26% 23% 11% Agile development DevOps processes or methodologies Compliance or governance processes User experience Digital strategies Using more open source IT staff training IT staff retention IT staff recruitment 23% 10% 6% 3%Stopping shadow IT What are you organization’s top priorities around IT cultural or process changes?* *Select all that apply
  • 10. Security policy, process & procedures DESIGN BUILD RUN MANAGE ADAPT 10 Identify security requirements & governance models Built-in from the start; not bolted-on Deploy to trusted platforms with enhanced security capabilities Automate systems for security & compliance Revise, update, remediate as the landscape changes SECURITY MUST BE CONTINUOUS And integrated throughout the IT lifecycle
  • 11. DESIGN BUILD RUN MANAGE ADAPT 11 Define security requirements based on NIST 800-53 Build required protections like web SSO into your applications Run on platforms with embedded protective technology like SELinux Automate compliance with DISA STIG; use automated detection & remediation technologies Continuously evaluate effectiveness and revise as needed CONTINUOUS SECURITY WITH NIST Protect Identify Detect Recover Respond COMMUNICATE
  • 12. Risk Management 12 Identify Analyse Plan Track Control Communicate The objectives of risk management are to identify, address, and eliminate software risk items before they become either threats to successful software operation or major sources of software rework. Barry W Boehm Approaches to dealing with risk: Reduction - reduce likelihood Protection - bottom-up prevention Transfer - let someone else share or hold Pecuniary - set aside contingency fund of resources
  • 14. OPEN SOURCE DEVELOPMENT DRIVES RAPID INNOVATION
  • 15. OPEN SOURCE ADOPTION...SOARING 78% 65% of enterprises run open source. of companies are contributing to open software. [1] Black Duck Software, 9th Annual Future of Open Source survey, 2015. www.blackducksoftware.com/2015-future-of-open-source [2] Black Duck Software, 10th Annual Future of Open Source survey, 2016. www.blackducksoftware.com/2016-future-of-open-source [2] [1]
  • 16. 16 OPEN SOURCE CULTURE Collaboration Transparency (both access and the ability to act) Shared problems are solved faster Working together creates standardization *
  • 18. The Problem Applications require complicated installation and integration every time they are deployed 18
  • 20. DEVOPS Everything as code Automate everything Application is always “releaseable” Continuous Integration/Delivery Application monitoring Rapid feedback Delivery pipeline Rebuild vs. Repair 20
  • 21. A Solution Adopting a container strategy will allow applications to be easily shared and deployed. 21
  • 22. 22 WHAT ARE CONTAINERS? It Depends Who You Ask ● Sandboxed application processes on a shared Linux OS kernel ● Simpler, lighter, and denser than virtual machines ● Portable across different environments ● Package my application and all of its dependencies ● Deploy to any environment in seconds and enable CI/CD ● Easily access and share containerized components INFRASTRUCTURE APPLICATIONS
  • 23. A SOLUTION Hardware Virtual Machine Operating System Container App Controlled by Developers Controlled by IT Operations 23
  • 25. $ docker build -t app:v1 . 25
  • 26. $ docker build -t app:v1 . $ docker run app:v1 26
  • 28. 28 DEVOPS WITH CONTAINERS source repository CI/CD engine dev container physical virtual private cloud public cloud 28
  • 29. ? 29
  • 30. ? 30
  • 31. Scheduling Decide where to deploy containers 31 WE NEED MORE THAN JUST CONTAINERS Lifecycle and health Keep containers running despite failures Discovery Find other containers on the network Monitoring Visibility into running containers Security Control who can do what Scaling Scale containers up and down Persistence Survive data beyond container lifecycle Aggregation Compose apps from multiple containers 31
  • 32. Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes 32
  • 34. DEVOPS WITH CONTAINERS AND KUBERNETES 34
  • 35. INDUSTRY CONVERGING ON KUBERNETES 35
  • 36. INDUSTRY CONVERGING ON KUBERNETES 36
  • 37. DEVOPS WITH CONTAINERS AND KUBERNETES NETWORK Not enough! Need networking 37
  • 38. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY NETWORK Not enough! Need an image registry 38
  • 39. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY METRICS AND LOGGING NETWORK heapster Not enough! Need metrics and logging 39
  • 40. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application lifecycle management APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 40
  • 41. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application services e.g. database and messaging APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 41
  • 42. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need self-service portal SELF-SERVICE APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK 42
  • 43. NOT ENOUGH, THERE IS MORE! Routing & Load Balancing Multi-tenancy CI/CD Pipelines Role-based Authorization Capacity Management Chargeback Vulnerability Scanning Container Isolation Image Build Automation Quota Management Teams and Collaboration Infrastructure Visibility 43
  • 44. Container application platform based on Docker and Kubernetes for building, distributing and running containers at scale 44
  • 46. 46 OpenShift for Government Accreditations & Standards RHEL7 COMMON CRITERIA - EAL4+ - Container Framework - Secure Multi-tenancy RHEL7 FIPS 140-2 CERTIFIED - Data at Rest - Data in Transport OPENSHIFT BLUEPRINT FOR AZURE (FedRAMP MODERATE) OCTOBER 2016 DECEMBER 2016 JUNE 2017 INDUSTRY FIRST: NIST CERTIFIED CONFIGURATION AND VULNERABILITY SCANNER FOR CONTAINER MARCH 2017
  • 48.