Deploying Security at ScaleChris Swan, VP CTO GIS@cpswan
2June 9, 2016
Why Me?
3June 9, 2016
Disclaimer… Presently checked out
4June 9, 2016
Agenda
Build in or bolt on – the audit paradox
API enabled – Let’s Encrypt
We’re not done yet
5June 9, 2016 5June 9, 2016
The Audit Paradox
6June 9, 2016
Building in
CC photo by WorldSkills
7June 9, 2016
What building in looks like
8June 9, 2016
Bolting on
CC photo by arbyreed
9June 9, 2016
What bolting on looks like
10June 9, 2016
PaaS gives us a chance to bolt in
11June 9, 2016
But Docker adoption shows a movement against opinionated platforms
12June 9, 2016 12June 9, 2016
Certificates
13June 9, 2016
Who remembers this company?
14June 9, 2016
Things worked out better for this chap
15June 9, 2016
Because he got to go to space
16June 9, 2016
The sticker cost
17June 9, 2016
Alternatively
18June 9, 2016
But
19June 9, 2016
Sidebar… we should really be using
20June 9, 2016
But now certificates are free
21June 9, 2016
Well, actually they have been for ages
22June 9, 2016
But there’s a difference now
CC BY-SA 2.0 image by Aaron Fulkerson https://flic.kr/p/9F3a2b
23June 9, 2016
It’s as much about ease of consuming APIs
24June 9, 2016 24June 9, 2016
Not so fast…
25June 9, 2016
If a security events happens and it isn’t monitored
26June 9, 2016
ToDo: SecDevOps
APIs are necessary but not sufficient:
Need to have them integrated into the
overall system
Control metadata (and its mutability):
Must be visible and understandable
Security events need to be captured:
Then turned into something humans can
action
27June 9, 2016 27June 9, 2016
Summing up
28June 9, 2016
You have been watching
Build in or bolt on – the audit paradox
API enabled – Let’s Encrypt
We’re not done yet
29June 9, 2016 29June 9, 2016
Thank you for listening
30June 9, 2016 30June 9, 2016
Questions?