SlideShare ist ein Scribd-Unternehmen logo

KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"

‱Als PPTX, PDF herunterladen‱
‱
Daniel Bryant
Daniel Bryant

Everyone building or operating cloud native applications must understand the fundamentals of security issues and modern threat models. Although this topic is vast, in this talk Nic and Daniel will focus on the end-to-end communication and higher-level networking threats, and explore how the combination of an edge proxy and service mesh using TLS and mTLS can be used to mitigate many man-in-the-middle attacks. Key takeaways include: - An understanding of the "three pillars" of service mesh functionality: observability, reliability, and security. A service mesh is in a unique place to enforce security features like mTLS - Learn how to ensure that there are no exploitable "gaps" within the end-to-end/user-to-service communication path. - Explore the differences in ingress/mesh control planes, with brief demonstrations using Ambassador and Consul Connect

Technologie
1 von 38
Copyright © 2019 HashiCorp Securing Cloud Native Communication: From End User to Service Daniel Bryant Product Architect, Datawire Nic Jackson Developer Advocate, HashiCorp
tl;dr â–Ș We’re seeing an increase in application modernisation/hybrid platforms â–Ș Decoupling apps and infrastructure is key: incrementally and securely â–Ș All security must have good UX / DevEx â–Ș Defence in depth is vital -- network / service security is one part of this â–Ș Mind the gap(s)!
Who are we? Nic Jackson Developer Advocate, HashiCorp @sheriffjackson Daniel Bryant Product Architect, Datawire @danielbryantuk
So, we don’t want to scare you, but...
So, we don’t want to scare you, but... 214 Records containing personal data are exploited every second
So, we don’t want to scare you, but... 2.2% Of compromised records are protected by encryption
So, we don’t want to scare you, but... 65% Of cases are linked to identity theft
So, we don’t want to scare you, but... $3,860,000 Is the average cost of a data breach
So, we don’t want to scare you, but... $350,00,000 Is the cost of a breach containing over 50 million records
So, we don’t want to scare you, but... 72% Increase in attacks between 2017 and 2018 Gemalto Breach Level Index: https://breachlevelindex.com/ IBM Cost of a Data Breach Study: https://www.ibm.com/security/data-breach
We’re assuming that you have secured your data at rest
 ...and hardened compute
But what about data in motion? Are your comms vulnerable?
And what about during application modernisation? Network heterogeneity typically increases: - Private DC, cloud, k8s...
https://www.rgoarchitects.com/Files/fallacies.pdf
Exploring end-to-end communication
API Gateway: Edge proxy, ingress, ADC... â–Ș Exposes internal services to end-users (via multiple domains) â–Ș Encapsulates backends (k8s, VMs, bare metal etc) â–Ș TLS termination (enforcing minimum TLS version) â–Ș End-user authentication/authorization â–Ș Rate limiting (DDoS protection, etc)
Service Mesh: Proxy mesh, Fabric model... â–Ș Exposes internal services to internal consumers â–Ș Encapsulates service infra (across k8s, VMs, bare metal etc) â–Ș mTLS: service identity and traffic encryption â–Ș ACLs and intentions: who can do what, and to whom â–Ș Implements cross-functional concerns (out-of-process)
Service Mesh: Three Pillars â–Ș Observability – “Golden signals”: latency, errors, traffic, saturation (USE, RED) – Both global and service-to-service â–Ș Reliability – Abstracting health checks, retries, circuit breakers etc. – Providing sane default to protect system â–Ș Security – Authn/z propagation, mTLS, network segmentation
Exploring end-to-end communication
© 2019 HashiCorp 24 Bypass the perimeter by attacking services
© 2019 HashiCorp 25 We need internal network isolation
© 2019 HashiCorp 26 Network segmentation
© 2019 HashiCorp 27 Service segmentation
© 2019 HashiCorp 28 Problem: Dynamic environments...
© 2019 HashiCorp 29 Network / Service segmentation with intention-based security
Exploring end-to-end communication
https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control planes and data planes Data plane Control plane
Control planes: Differing use cases â–Ș North-south – Unknown / untrusted clients – Limited exposure of services (Mapping) – Centralised ops ingress defaults + decentralised product team cfg â–Ș East-west – Dynamic service information update required (multiple sources) – Identity required for all services (mTLS + ACLs) – “Sane” internal defaults + decentralised dev cfg
Ambassador + Consul
Copyright © 2019 HashiCorp Demo
Conclusion â–Ș We’re seeing an increase in application modernisation/hybrid platforms â–Ș Decoupling apps and infrastructure is key: incrementally and securely â–Ș All security must have good UX / DevEx â–Ș Defence in depth is vital -- network / service security is one part of this â–Ș Mind the gap(s)!
References â–Ș Context: – https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/ â–Ș Reference: – https://www.getambassador.io/user-guide/consul-connect-ambassador/ – https://www.getambassador.io/user-guide/consul/ – https://www.consul.io/docs/platform/k8s/ambassador.html Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial Code examples: https://github.com/emojify-app
Copyright © 2019 HashiCorp Questions?
Copyright © 2019 HashiCorp Thanks! @sheriffjackson | @danielbryantuk

Empfohlen

Securing Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultSecuring Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultMitchell Pronschinske
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsMykyta Protsenko
 
How ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureHow ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureMSDEVMTL
 
CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?Cloudflare
 
Meetup Microservices Commandments
Meetup Microservices CommandmentsMeetup Microservices Commandments
Meetup Microservices CommandmentsBill Zajac
 
Introduction to Virtual Kubelet
Introduction to Virtual KubeletIntroduction to Virtual Kubelet
Introduction to Virtual KubeletMitchell Pronschinske
 
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...Cisco DevNet
 

Empfohlen

Securing Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultSecuring Databases with Dynamic Credentials and HashiCorp Vault
Securing Databases with Dynamic Credentials and HashiCorp VaultMitchell Pronschinske
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsMykyta Protsenko
 
How ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureHow ddd, cqrs and event sourcing constitute the architecture of the future
How ddd, cqrs and event sourcing constitute the architecture of the futureMSDEVMTL
 
CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?Cloudflare
 
Meetup Microservices Commandments
Meetup Microservices CommandmentsMeetup Microservices Commandments
Meetup Microservices CommandmentsBill Zajac
 
Introduction to Virtual Kubelet
Introduction to Virtual KubeletIntroduction to Virtual Kubelet
Introduction to Virtual KubeletMitchell Pronschinske
 
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...
DEVNET-1140 InterCloud Mapreduce and Spark Workload Migration and Sharing: Fi...Cisco DevNet
 
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–Marcus Tung
 
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB
 
DDS tutorial with connector
DDS tutorial with connectorDDS tutorial with connector
DDS tutorial with connectorJavier Povedano
 
Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3WhaTap Labs
 
MongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Jeffrey Holden
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTLinuxCon ContainerCon CloudOpen China
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826Apcera
 
Introduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSIntroduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSKeith Basil
 
Openstack 101
Openstack 101Openstack 101
Openstack 101Kamesh Pemmaraju
 
Google Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGoogle Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGokhan Boranalp
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sinaHui Cheng
 
IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016Kasper Nissen
 
Ci/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsCi/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsJerry Jalava
 
Deploying .NET services with Disnix
Deploying .NET services with DisnixDeploying .NET services with Disnix
Deploying .NET services with DisnixSander van der Burg
 
DevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionDevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionJessica Deen
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioningbuildacloud
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it allMichelle Brush
 
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...Daniel Bryant
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–Marcus Tung
 
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB
 
DDS tutorial with connector
DDS tutorial with connectorDDS tutorial with connector
DDS tutorial with connectorJavier Povedano
 
Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3WhaTap Labs
 
MongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Jeffrey Holden
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826Apcera
 
Introduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSIntroduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSKeith Basil
 
Google Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGoogle Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGokhan Boranalp
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sinaHui Cheng
 
IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016Kasper Nissen
 
Ci/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsCi/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsJerry Jalava
 
Deploying .NET services with Disnix
Deploying .NET services with DisnixDeploying .NET services with Disnix
Deploying .NET services with DisnixSander van der Burg
 
DevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionDevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionJessica Deen
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioningbuildacloud
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it allMichelle Brush
 

Was ist angesagt? (20)

Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov
 
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
ćˆæŽą OpenTelemetry - è’é›†é™æžŹæ•žæ“šçš„æ–°æš™æș–
 
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data StreamsMongoDB World 2018: MongoDB for High Volume Time Series Data Streams
MongoDB World 2018: MongoDB for High Volume Time Series Data Streams
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
 
DDS tutorial with connector
DDS tutorial with connectorDDS tutorial with connector
DDS tutorial with connector
 
Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3Cloud for Kubernetes : Session3
Cloud for Kubernetes : Session3
 
MongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional ModelMongoDB World 2018: Building a New Transactional Model
MongoDB World 2018: Building a New Transactional Model
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826
 
Introduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaSIntroduction and Overview of OpenStack for IaaS
Introduction and Overview of OpenStack for IaaS
 
Openstack 101
Openstack 101Openstack 101
Openstack 101
 
Google Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTEGoogle Cloud Platform Kubernetes Workshop IYTE
Google Cloud Platform Kubernetes Workshop IYTE
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sina
 
IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016IT Minds Mindblown Networking Event 2016
IT Minds Mindblown Networking Event 2016
 
Ci/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deploymentsCi/CD - Stop wasting time, Automate your deployments
Ci/CD - Stop wasting time, Automate your deployments
 
Deploying .NET services with Disnix
Deploying .NET services with DisnixDeploying .NET services with Disnix
Deploying .NET services with Disnix
 
DevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World EditionDevOps with Kubernetes and Helm - Jenkins World Edition
DevOps with Kubernetes and Helm - Jenkins World Edition
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioning
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it all
 

Ähnlich wie KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"

[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...Daniel Bryant
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...Daniel Bryant
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunalKashyap Kunal
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGIRJET Journal
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud securityIAEME Publication
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanKen Chan
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfNK Carpenter
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationTejaswi Agarwal
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET Journal
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesKresimir Popovic
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 

Ähnlich wie KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service" (20)

[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
 
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
[London HashiCorp] Securing Cloud Native Communication: From end user to serv...
 
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
[CNCF Webinar] Securing Cloud Native Communication, From End User to Service
 
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
HashiCorp 2019: "Secure Routing and Traffic Management with Ambassador and Co...
 
Security in cloud computing kashyap kunal
Security in cloud computing kashyap kunalSecurity in cloud computing kashyap kunal
Security in cloud computing kashyap kunal
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTINGSECURE DATA TRANSFER BASED ON CLOUD COMPUTING
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Introduction to cloud security
Introduction to cloud securityIntroduction to cloud security
Introduction to cloud security
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y Chan
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Secure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdfSecure Your Sky_ Mastering Cloud Web Security.pdf
Secure Your Sky_ Mastering Cloud Web Security.pdf
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference PublicationICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 

Mehr von Daniel Bryant

ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysDaniel Bryant
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...Daniel Bryant
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"Daniel Bryant
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Daniel Bryant
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"Daniel Bryant
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Daniel Bryant
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Daniel Bryant
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...Daniel Bryant
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Daniel Bryant
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"Daniel Bryant
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...Daniel Bryant
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Daniel Bryant
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Daniel Bryant
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"Daniel Bryant
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...Daniel Bryant
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...Daniel Bryant
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 

Mehr von Daniel Bryant (20)

ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
 

KĂŒrzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

KĂŒrzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

KubeCon EU 2019 "Securing Cloud Native Communication: From End User to Service"

  • 1. Copyright © 2019 HashiCorp Securing Cloud Native Communication: From End User to Service Daniel Bryant Product Architect, Datawire Nic Jackson Developer Advocate, HashiCorp
  • 2. tl;dr â–Ș We’re seeing an increase in application modernisation/hybrid platforms â–Ș Decoupling apps and infrastructure is key: incrementally and securely â–Ș All security must have good UX / DevEx â–Ș Defence in depth is vital -- network / service security is one part of this â–Ș Mind the gap(s)!
  • 3. Who are we? Nic Jackson Developer Advocate, HashiCorp @sheriffjackson Daniel Bryant Product Architect, Datawire @danielbryantuk
  • 4. So, we don’t want to scare you, but...
  • 5. So, we don’t want to scare you, but... 214 Records containing personal data are exploited every second
  • 6. So, we don’t want to scare you, but... 2.2% Of compromised records are protected by encryption
  • 7. So, we don’t want to scare you, but... 65% Of cases are linked to identity theft
  • 8. So, we don’t want to scare you, but... $3,860,000 Is the average cost of a data breach
  • 9. So, we don’t want to scare you, but... $350,00,000 Is the cost of a breach containing over 50 million records
  • 10. So, we don’t want to scare you, but... 72% Increase in attacks between 2017 and 2018 Gemalto Breach Level Index: https://breachlevelindex.com/ IBM Cost of a Data Breach Study: https://www.ibm.com/security/data-breach
  • 11.
  • 12. We’re assuming that you have secured your data at rest
 ...and hardened compute
  • 13. But what about data in motion? Are your comms vulnerable?
  • 14. And what about during application modernisation? Network heterogeneity typically increases: - Private DC, cloud, k8s...
  • 17.
  • 18. API Gateway: Edge proxy, ingress, ADC... â–Ș Exposes internal services to end-users (via multiple domains) â–Ș Encapsulates backends (k8s, VMs, bare metal etc) â–Ș TLS termination (enforcing minimum TLS version) â–Ș End-user authentication/authorization â–Ș Rate limiting (DDoS protection, etc)
  • 19.
  • 20. Service Mesh: Proxy mesh, Fabric model... â–Ș Exposes internal services to internal consumers â–Ș Encapsulates service infra (across k8s, VMs, bare metal etc) â–Ș mTLS: service identity and traffic encryption â–Ș ACLs and intentions: who can do what, and to whom â–Ș Implements cross-functional concerns (out-of-process)
  • 21. Service Mesh: Three Pillars â–Ș Observability – “Golden signals”: latency, errors, traffic, saturation (USE, RED) – Both global and service-to-service â–Ș Reliability – Abstracting health checks, retries, circuit breakers etc. – Providing sane default to protect system â–Ș Security – Authn/z propagation, mTLS, network segmentation
  • 23.
  • 24. © 2019 HashiCorp 24 Bypass the perimeter by attacking services
  • 25. © 2019 HashiCorp 25 We need internal network isolation
  • 26. © 2019 HashiCorp 26 Network segmentation
  • 27. © 2019 HashiCorp 27 Service segmentation
  • 28. © 2019 HashiCorp 28 Problem: Dynamic environments...
  • 29. © 2019 HashiCorp 29 Network / Service segmentation with intention-based security
  • 32. Control planes: Differing use cases â–Ș North-south – Unknown / untrusted clients – Limited exposure of services (Mapping) – Centralised ops ingress defaults + decentralised product team cfg â–Ș East-west – Dynamic service information update required (multiple sources) – Identity required for all services (mTLS + ACLs) – “Sane” internal defaults + decentralised dev cfg
  • 34. Copyright © 2019 HashiCorp Demo
  • 35. Conclusion â–Ș We’re seeing an increase in application modernisation/hybrid platforms â–Ș Decoupling apps and infrastructure is key: incrementally and securely â–Ș All security must have good UX / DevEx â–Ș Defence in depth is vital -- network / service security is one part of this â–Ș Mind the gap(s)!
  • 36. References â–Ș Context: – https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/ â–Ș Reference: – https://www.getambassador.io/user-guide/consul-connect-ambassador/ – https://www.getambassador.io/user-guide/consul/ – https://www.consul.io/docs/platform/k8s/ambassador.html Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial Code examples: https://github.com/emojify-app
  • 37. Copyright © 2019 HashiCorp Questions?
  • 38. Copyright © 2019 HashiCorp Thanks! @sheriffjackson | @danielbryantuk