Don’t be a fail whale, secure your containers - Sarah Young (Versent)

In the talk, Sarah will look at the different layers of security that can be applied to a container ecosystem and the different team's responsibility in the ecosystem to deliver security. From the sysadmin's point of view, how do I make sure the container orchestrator is secured, what official hardening guides are out there to follow. From an application developers point of view, how does secomp/appapparmor work? To make sure that only the process from the application has access to the host machine. Now that we have the local container secured, how do we make sure our deployments follow the same structure and security profiles. Lastly with our developer's hat on we will look at least privileged or zero test API calls with Istio. Can we add security checks to our container CD pipeline like we would quality gates? Lastly, we will look at this from the point of the security team. How can they have input to all the steps we have taken from the beginning of the process and not the end, and how can we use our security teams’ skills to enhance the security posture of the container ecosystem e.g. with threat modelling. Allowing all the teams to work together breaking down silos to deliver a secure solution.

Sarah is a security architect currently based in Melbourne, Australia. She has previously worked in New Zealand, the UK and Europe across a range of industry sectors. Sarah comes from an infrastructure engineering background and deployed enterprise-grade WAN, LAN and VoIP solutions before moving into the security space and providing independent security consulting to a range of businesses and organisations. In her current role at Versent, Sarah helps enterprises move into the cloud securely, design their secure pipeline and adopt automated security processes.

@containercamp