Securing Cloud-Native Workloads, an Introduction

Presented at Kernelcon 2022, April 2, 2022, 1 p.m. (60 minutes).

So, you've finished your (rushed by lockdown) lift-and-shift to the cloud, and now your developers are adopting cloud-native workloads such as containers, serverless functions, storage buckets, and databases as a service. These new technologies introduce new attack vectors, and must be defended in unique ways. You're not "just running on someone else's servers" when workloads come and go in seconds. How do you secure a function when the communication layer is opaque to you? Can you govern container use well enough to protect it, but without slowing down developers and the business? Heck, do you even know what's out there? This session will provide you with enough knowledge to begin securing the your most important assets in the cloud. Sure, cloud-native workloads can seem mysterious, but once you know the differences (and hidden pitfalls) of cloud-native workloads, you'll be in good shape to start defending them.

Presenters:

• Gabe Schuyler
  Gabe is a seasoned cloud security practitioner with years of experience in all of the major clouds. He works as a solutions engineer at wiz.io, and prior worked as a web application specialist at Palo Alto Networks. Seven years at PuppetLabs gave him an appreciation for devops, which is clear in his automated approach to cloud security. Off the clock, he enjoys wireless hacking, lockpicking (poorly), and encouraging the use of technology for positive social change.

Links:

• https://www.youtube.com/watch?v=CETR66AugIg

Similar Presentations:

• ToorCon: Seattle (Beta) (2007) / Anycast Cloud Bursting
• Black Hat Europe 2017 / Detecting Threats In The Cloud With The Cloud
• RVAsec 2021 / Three Worlds of Application / Cloud Security