This month will be a joint meetup with the OWASP Pittsburgh group!
Primary Speaker: Jack Manino
Title: Flying Above the Clouds: Securing Kubernetes
Abstract: Cloud-native architectures built using Kubernetes are composed of containerized microservices managed by an orchestration system. They are distributed systems that run on top of cloud (or sometimes physical) infrastructure and abstract away details of platform integrations in order to promote portability. Automation, scalability, and resiliency are all important properties of cloud-native systems and all factor into design choices. Security touches every aspect of the architecture, at the application, container, orchestration, and cloud infrastructure layers.
In this presentation, we will explore the Kubernetes attack surface and present methods to keep your cloud-native systems resilient to attack. Building a secure architecture requires carefully considering authentication, authorization, network segmentation, storage, and logging/auditing. There are some no-brainer security controls to take advantage of for quick wins, while others require careful consideration and design-level choices. We will demonstrate how container runtime security factors into the equation as well as what we need to consider in our underlying cloud infrastructure. Microservice security will be discussed along with steps we can take to deploy secure services and meshes.
Our goal is to keep our engineers moving fast, but securely. At the end of the presentation, you’ll understand the cloud-native attack surface and how to approach building a hardened infrastructure and deploy secure services with Kubernetes.