Scaling Security With Kubernetes

Presented at SOURCE Seattle 2017, Oct. 5, 2017, 9 a.m. (45 minutes)

Kubernetes allows you to build highly scalable containerized services, scale them and deploy them wherever you want. Using Kubernetes for datacenter orchestration allows you to move to a software-defined model for managing your infrastructure and software. It provides many things you need to deploy and scale your stack using containers, from networking, to storage APIs, and rich APIs for managing deployments and monitoring your infrastructure. Your services scale horizontally, they heal themselves, and magic happens. But someone has to keep it all secure. In this presentation, I will share some security do’s and don’ts from experience with building a microservice architecture with Kubernetes. There are many layers to examine, including the usual suspects like authentication and authorization. We also need to think about secrets management, segmentation, and running containers as securely as possible. We’ll look at how to securely deploy, design, and configure your environment and how to properly segment and isolate your services. We will examine how to reduce the attack surface through built-in security features and by implementing least-privilege access across your user and service accounts. I will also demonstrate an open-source tool called kubemate that automates analysis across your Kubernetes clusters and allows you to ask them complex questions about security architecture. At the end of this presentation, you’ll be prepared to make good secure architectural decisions from the beginning while using Kubernetes.

Presenters:

  • Jack Mannino - CEO at nVisium
    Jack Mannino is the CEO of nVisium, a technology company focused on making secure development scale. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world's largest software teams enhance security across their software portfolios. He has spoken at conferences globally on topics such as secure design, mobile application security, and container orchestration.