the devops opportunity balancing security and velocity
play

THE DEVOPS OPPORTUNITY: BALANCING SECURITY AND VELOCITY INSIGHTS - PowerPoint PPT Presentation

Jul 26, 2023 •479 likes •565 views

THE DEVOPS OPPORTUNITY: BALANCING SECURITY AND VELOCITY INSIGHTS FROM RED HAT/CYBERARK DEPLOYMENTS AT SCALE Joe Garcia, CISSP - Principal Engineer, DevOps Security joe.garcia@cyberark.com @Joe_Garcia David Federlein Joe Garcia Likes Coffee

  1. THE DEVOPS OPPORTUNITY: BALANCING SECURITY AND VELOCITY INSIGHTS FROM RED HAT/CYBERARK DEPLOYMENTS AT SCALE Joe Garcia, CISSP - Principal Engineer, DevOps Security joe.garcia@cyberark.com @Joe_Garcia

  2. David Federlein Joe Garcia Likes Coffee & Ansible Guru Likes Golfing & CyberArk Guru 2

  3. APPLICATION IDENTITY MANAGER: HIGH LEVEL PERSPECTIVE Application Identity Manager Applications Application Servers (WebSphere, Weblogic, etc.) Secure Storage Security Databases Appliances ***** Applications Unix CyberArk Vault Password and SSH Servers Key Rotation Network Servers Devices Applications Windows “app” Username = GetUserName() Username = Servers “y7qeF$1” Password = GetPassword() Password = Host = GetHost() “10.10.3.56” Host = ConnectDatabase(Host, Username, Password) ConnectDatabase(Host, Username, Password) Cloud Websites/ Infrastructure Web Apps Applications Mainframe Servers Applications Desktops

  4. https 1858 EXAMPLE: AUTOMATIC SECURE CREDENTIAL RETRIEVAL Centralized When Ansible Requires Privileged Vault Credential Provider Control Node Credentials: 1. Include the cyberark.modules role from Ansible Galaxy in the playbook. 2. Provide Application ID , Client 1 Certificate , Safe , and Username to cyberark_credential function imported from the cyberark.modules 2 role. Making sure to delegate_to: localhost if the Client Certificate is stored in Ansible Tower. 3 Ansible Playbook 3. Credential is register ed in the variable name provided and can be used throughout the playbook to access assets, APIs, configure systems, install applications, etc. Managed Nodes

  5. LET’S DO IT LIVE! 5

  6. WHERE TO LEARN MORE – www.cyberark.com/conjur ▪ Use CyberArk – Ansible plugin to secure your Ansible playbook Key ▪ Checkout CyberArk solutions for Ansible: Takeaways https://www.ansible.com/integrations/devops-tools/cyberark ▪ Visit www.cyberark.com/conjur Ansible ▪ Visit https://galaxy.ansible.com/cyberark/ Integrations: ▪ Download CyberArk AIM Module role from Where to https://galaxy.ansible.com/cyberark/modules/ Start ▪ CyberArk Conjur Ansible Role & Lookup Plug-in are available on GitHub and Ansible Galaxy. ▪ CyberArk Conjur Open Source – free and available at conjur.org or http://bit.ly/2HTyp2j (hosted trial), Slack channel for questions Other Useful ▪ CyberArk OpenShift/Kubernetes Integration Resources ▪ eBook – 6 Core Principles For Establishing DevOps Security at Scale ▪ Security Report - Unaware and Unprepared DevOps Security at Risk

  7. Thank you! Joe Garcia, CISSP – Principal Engineer, DevOps Security joe.garcia@cyberark.com @Joe_Garcia 7

Recommend

Help, my Security Officer is allergic to DevOps! DevOps and Security, a match made in heaven

Help, my Security Officer is allergic to DevOps! DevOps and Security, a match made in heaven

Help, my Security Officer is allergic to DevOps! DevOps and Security, a match made in heaven or a forced marriage from hell? Pop quiz: What is the acronym for... Hyper Text H T Transfer T Protocol P Pop quiz: What is the acronym for...

708 views • 41 slides
CONTINUOUS SECURITY CONTINUOUS SECURITY IN THE DEVOPS WORLD IN THE DEVOPS WORLD JULIEN VEHENT

CONTINUOUS SECURITY CONTINUOUS SECURITY IN THE DEVOPS WORLD IN THE DEVOPS WORLD JULIEN VEHENT

Continuous Security in DevOps https://jvehent.github.io/continuous-security-talk/?print-pdf#/ CONTINUOUS SECURITY CONTINUOUS SECURITY IN THE DEVOPS WORLD IN THE DEVOPS WORLD JULIEN VEHENT JULIEN VEHENT MOZILLA SECURITY MOZILLA SECURITY

724 views • 49 slides
When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to

When devops meets security Michael Brunton-Spall I'm from the Government and I'm here to help I'm from security and I'm here to help Government Digital Service Simpler, Clearer, Faster The state of information security in 2015

844 views • 70 slides
A Continuation of Devops Policy as Code March 2019 Gareth Rushgrove @garethr Docker This talk

A Continuation of Devops Policy as Code March 2019 Gareth Rushgrove @garethr Docker This talk

A Continuation of Devops Policy as Code March 2019 Gareth Rushgrove @garethr Docker This talk What to expect - A little history Infrastructure, APIs and devops - Parallels with security Security as policy management - Security tool

837 views • 60 slides
PACKER. TO BE OR NOT TO BE? 1 1 CONFIDENTIAL CONFIDENTIAL About me Devops lead with more

PACKER. TO BE OR NOT TO BE? 1 1 CONFIDENTIAL CONFIDENTIAL About me Devops lead with more

PACKER. TO BE OR NOT TO BE? 1 1 CONFIDENTIAL CONFIDENTIAL About me Devops lead with more than 8 years of experience in system administration which includes Media servers Load balancing technologies and cloud technologies-

588 views • 27 slides
DevOps A History in Configuration Management About me Senior Information Security Architect @

DevOps A History in Configuration Management About me Senior Information Security Architect @

DevOps A History in Configuration Management About me Senior Information Security Architect @ Epigen Technology Security nerd & avid lock picker Auditor, Analyst, Engineer Organizer / Volunteer various conferences Tech policy & tech

352 views • 24 slides
v v cr = E B to pass through. F E v < v cr Lec27-2 Velocity selector-2 fig 27 . 1 y v x q

v v cr = E B to pass through. F E v < v cr Lec27-2 Velocity selector-2 fig 27 . 1 y v x q

Lecture 29: Velocity Selector, Generators; Revisit Gauss Law Velocity Selectors B Setup: F B = qvB up qv F E = qE down E v cr = E Cri;cal velocity: F B = qv cr B = qE, B v > v cr

314 views • 16 slides
What is Rugged all about? Matt Konda He would want me to tell you Software is eating

What is Rugged all about? Matt Konda He would want me to tell you Software is eating

What is Rugged all about? Matt Konda He would want me to tell you Software is eating the world. DevOps and Security is a rare opportunity. Makes security positive, cultural+ Show the Rugged Manifesto Honey Badger =

1.74k views • 124 slides
Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

1.34k views • 112 slides
Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across multiple processes to maximize efficiency for a parallel program. Static load-balancing: the algorithm decides a priori how to divide the workload.

444 views • 27 slides
DevOps & AWS Chris Econn Head of DevOps CorpInfo | AWS Premier Partner DevOps Bill of Rights

DevOps & AWS Chris Econn Head of DevOps CorpInfo | AWS Premier Partner DevOps Bill of Rights

DevOps & AWS Chris Econn Head of DevOps CorpInfo | AWS Premier Partner DevOps Bill of Rights How to use CI/CD to safeguard personal liberties within your organization LA AWS Users Meetup Group

614 views • 30 slides
Enabling Security Smarter Harnessing the Power of DevOps - Herding Cats for Beginners Cloud

Enabling Security Smarter Harnessing the Power of DevOps - Herding Cats for Beginners Cloud

Enabling Security Smarter Harnessing the Power of DevOps - Herding Cats for Beginners Cloud Security Alliance Congress - Madrid 2016 Richard Morrell, Principal Security Strategist - Fall 2016 Who Am I ? Richard Morrell Security Strategist /

392 views • 25 slides
Whos me? Zequi V azquez DevOps & Backend PhD student Hacking & Security

Whos me? Zequi V azquez DevOps & Backend PhD student Hacking & Security

Whos me? Zequi V azquez DevOps & Backend PhD student Hacking & Security RocknRoll (electric guitarist) Videogames Books Zequi V azquez @RabbitLair Drupal #ExtremeScaling Introduction 1 The Project 2 Problems and

465 views • 30 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
About me Trevor Bryant Security minded DevOps nerd Knight of NIST Auditor,

About me Trevor Bryant Security minded DevOps nerd Knight of NIST Auditor,

About me Trevor Bryant Security minded DevOps nerd Knight of NIST Auditor, Analyst, Engineer, Architect Tech policy Instructor @DC_TOOOL Conference Organizer / Volunteer apporima.com @apporima api_security I

204 views • 17 slides
Dev "Programming" Ops for DevOps Success Damon Edwards @damonedwards dev2ops.org

Dev "Programming" Ops for DevOps Success Damon Edwards @damonedwards dev2ops.org

Dev "Programming" Ops for DevOps Success Damon Edwards @damonedwards dev2ops.org DevOps Cafe Disclosure: DevOps (to me) Disclosure: DevOps (to me) DevOps is not a specific methodology or prescriptive steps only achievable

1.94k views • 154 slides
Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi Google, Inc. Rochester Institute of Technology kak@google.com rlaz@cs.rit.edu Symposium on Usable Privacy and Security (SOUPS) 2009 July 15th-17th,

272 views • 26 slides
We Inflicted DevOps on Our Business- Now What? Presented

We Inflicted DevOps on Our Business- Now What? Presented

AT24 Collaborative Agile & DevOps Sessions Thursday, November 7th, 2019 3:30 PM We Inflicted DevOps on Our Business- Now What?

112 views • 8 slides
The intersection between SECURITY & INNOVATION Leila Fourie BALANCING RISK AND REWARD

The intersection between SECURITY & INNOVATION Leila Fourie BALANCING RISK AND REWARD

The intersection between SECURITY & INNOVATION Leila Fourie BALANCING RISK AND REWARD RAPID DIG IGITIZATION IN IN AUSTRALIA B2C eCommerce Growth Rate by Country Leading indicators L a p t o p o r T o t a l I n t e r n e t W e a r a

647 views • 27 slides
Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@

Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@

Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@ www. `whoami` Christian-Schneider.net Software Developer, Whitehat Hacker & Trainer Freelancer since 1997 Focus on JavaEE &

773 views • 59 slides
Copyleft for the Rest of Us Linuxwochen Linz 2016 About me DevOps Engineer Security

Copyleft for the Rest of Us Linuxwochen Linz 2016 About me DevOps Engineer Security

Copyleft for the Rest of Us Linuxwochen Linz 2016 About me DevOps Engineer Security Engineer FLOSS Enthusiast FSFE Group Linz coordinator since 2013 FSFE Austrian team (only recently) 28.04.2016 Linuxwochen Wien Outline

728 views • 37 slides
The New Era of Integrated Software Delivery with DevOps Plan and Measure DevOps Sujatha (Suj)

The New Era of Integrated Software Delivery with DevOps Plan and Measure DevOps Sujatha (Suj)

The New Era of Integrated Software Delivery with DevOps Plan and Measure DevOps Sujatha (Suj) Perepa Monitor Continuous Develop innovation, and Optimize and Test feedback and Software IT Architect improvements Release and Deploy IBM

309 views • 19 slides
Balancing Gas system information provision 12 June 2018 GRTgaz balancing in a nutshell -> 2

Balancing Gas system information provision 12 June 2018 GRTgaz balancing in a nutshell -> 2

Balancing Gas system information provision 12 June 2018 GRTgaz balancing in a nutshell -> 2 balancing zones including 3 balancing areas North zone (= GRTgaz North balancing area + PEG nord VTP) TRS zone (= GRTgaz South balancing

111 views • 10 slides

More recommend