►
From YouTube: Keynote: Cloud Native Security: Rotate, Repair, Repave - Justin Smith, Director, Pivotal
Description
Justin Smith of Pivotal discusses enterprise software security, outlines best practices and how Cloud Foundry can be part of your strategy to increase velocity and security.
Vulnerability is a function that changes with time. The probability of being exploited increases with the accumulation of long lived credentials and unpatched code. The question that must be asked is: how can a security strategy which resists change keep up with the pace of the modern threat landscape? This asymmetry in speed and adaptiveness only creates advantages for the attacker. What if the only what to increase security is to move as fast as possible? Continuously rotating credentials, patching systems, and rebuilding clusters to minimize windows of vulnerability decreases the threat profile in time and severity.
Justin has been a key influencer and product owner at both Microsoft and Google. At Microsoft he was the program manager for the first incarnation of Azure Active Directory, which has since become the largest enterprise directory in the world. At Google he was the product manager for one of the largest OAuth2 services in the world. Today he focuses all this time and energy on Cloud Foundry security.
Visit https://www.cloudfoundry.org/ to learn more about the industry standard cloud application platform.
A
A
Some
days
are
frustrating
right,
but
I
actually
love
what
I
do
I
feel
like
what
I
do
is
important.
I
feel
like
it
matters,
there's
a
lot
of
technical
challenge
and
what
I
hope
to
do
today
is
actually
described
to
you.
What
I
think
could
challenge
convention
and
enterprise
security
right
typically,
enterprise
security
talks
are
not
that
interesting.
I
think
this
is
actually
really
interesting,
I
hope
to
present
and
motivate
why
security
is
important.
A
At
least
it's
my
perspective
and
there's
lots
of
other
people
that
share
their
perspective
and
then
I
really
think
it's
important
to
talk
about
how
Cloud
Foundry
fits
into
that
future
and
I'd
like
to
start
with
a
little
factoid.
How
often
is
the
Golden
Gate
Bridge
painted
I'm
sure
several
of
you
know
this
answer.
The
answer
is
it's
painted
every
day,
so
there's
like
20-ish
people
that
wake
up
every
day
and
they
think
about
their
day
and
they
say:
I'm
gonna
paint
the
bridge
orange
every
day.
They
go
to
work
and
paint
the
bridge.
A
Orange
I,
don't
know
if
that
strikes
a
chord
with
any
of
you
you
in
the
audience.
There
are
days
when
it
strikes
a
chord
with
me
on
the
surface.
It
looks
like
a
very
mundane
task.
It
looks
like
something
that
would
just
drone
on
and
on
there's
actually
no
end
State
whatsoever,
I
think
if
you
were
to
talk
to
those
people,
some
might
have
that
perspective,
but
like
life,
if
you
change
your
perspective
a
little
bit,
it's
actually
a
pretty
empowering
thing
to
do.
You
could
look
at
it
as
they're.
A
Protecting
a
national
treasure
right
very
much.
The
Golden
Gate
Bridge
is
the
national
treasure
and
they're.
Actually,
it's
almost
an
act
of
love
right.
When
we
look
at
enterprise
security,
we
tend
to
think
about
it
as
the
mundane
sort
of
endless
task,
I
actually
view
it
as
a
labor
of
love
and
I.
Think
that
kind
of
shift
in
thinking
is
really
important
for
us
to
embrace
and
there's
another
aspect
of
this.
That's
really
important.
The
bridge
is
always
changing.
I
would
imagine
that
to
some
extent
there
would
be
flare-ups
around
corrosion.
A
Maybe
something
new
has
been
done
to
the
bridge
and
it
needs
to
be
protected
immediately,
so
they
go
in
and
paint
it,
but
I
would
also
assume
that
there's
an
act
of
maintenance
where
it's
just
sort
of
continual
painting,
I
actually
don't
know
anything
about
bridge
maintenance,
I'm,
making
that
up
I'm.
Just
assuming
that's
the
case,
but
the
bridge
is
changing.
Continual
change
is
a
concept.
I
think
we
have
to
embrace
an
enterprise
security
and
it's
still
not
the
case.
I
want
to
make
it
the
case.
A
Any
talk
about
security
is
gonna
have
to
include
descriptions
of
features,
features,
features,
features,
I
want
to
run
around
on
stage
and
just
scream
features.
There's
lots
of
cool
stuff
that
we
have
done
in
the
community
Cloud
Foundry
in
the
last
year.
There's
lots
of
stuff.
That's
right
on
the
cusp
of
shipping.
To
that
I
think
is
absolutely
important.
I,
don't
want
to
talk
about
it
right.
You
can
read
about
this
stuff.
You
can
look
at
it
online.
You
can
engage
the
community
about
it.
A
I
want
to
talk
about
something
a
little
bit
bigger
right,
I
want
to
talk
about
what
I
think
is
a
bigger
concept,
and
that
is
how
do
we
make
Cloud
Foundry
V
secure
runtime?
What
does
that
mean?
Anybody
know
by
the
way,
I,
don't
see
a
single
hand,
alright,
one
thing
that
we
tend
to
do
in
computer
science,
particularly
in
cloud
infrastructure
and
I.
Don't
know
why
this
is.
We
think
about
features.
Show
me
the
feature
matrix.
That
is
what
I
want
show
it
to
me.
A
I
can
go
to
10
different
banks
and
they
can
all
have
a
completely
different
view
of
a
feature
matrix
kind
of
interesting
right
mm-hmm.
So
we
gotta
ask
ourselves:
what
does
it
mean
to
look
at
the
atomic
features
and
try
to
assess
the
security
of
a
platform?
Security
is
pretty
difficult,
complex
topic.
Let's
do
a
little
bit
of
a
mental
exercise
and
think
about
something,
much
more
everyday.
Think
about
a
car.
A
What
are
the
features
that
actually
do
buying
a
car?
Let's
think
about
number
a
wheel,
some
wheel,
some
cars
have
four
wheels.
Cars
have
had
three
wheels,
they
tend
to
be
a
little
bit
unstable,
but
technically
it's
happened.
Trucks
can
have
six
wheels
or
more
some
vehicles,
actually
don't
even
have
wheels
like
a
half-track.
It
has
tracks.
Oh
my
gosh
where's,
the
commonality
there
think
about
engines,
the
blue
flame.
It's
a
rocket
car.
There
are
cars
that
have
jet
engines.
There
are
cars
that
run
off
of
solar
energy.
A
There
are
cars
you
can
plug
in
the
wall
and
then
there's
of
course,
the
internal
combustion
engine.
Cars
have
a
really
wide
spectrum,
but
if
we
want
to
define
them
as
a
set
of
features
that
actually
becomes
pretty
difficult,
if
we
were
to
see
a
pallet
of
all
the
raw
materials
that
go
up
to
comprise
a
car,
we
would
not
look
at
that
and
say
that's
a
car,
it's
a
pile
of
stuff,
so
part
of
a
car
means
it
has
to
be
ready
to
use.
A
If
we
were
to
look
at
two
parts
to
a
car,
a
brake
component
in
the
steering
wheel,
we
wouldn't
call
that
a
car-
those
are
car
parts
if
we
were
to
see
a
whole
car
that
was
missing
a
brake
assembly
and
a
steering
wheel,
we'd,
probably
still
call
it
a
car.
This
is
really
hard
to
define
and
it's
in
our
everyday
lives.
If
we
look
at
it
as
a
set
of
atomic
features,
we
will
never
get
anywhere.
Instead,
we
know
that
we
take
a
holistic
viewpoint
to
something
as
everyday
as
a
car.
A
We
assess
its
value
based
off.
Does
it
add
value
in
our
life?
Does
it
actually
do
what
we
expect
it
to
do?
Can
we
go
from
point
A
to
point
B
right,
I
think
we
need
to
adopt
that
same
kind
of
viewpoint
in
cloud
infrastructure,
particularly
with
security.
I
know
it's
a
way
that
we
look
at
things
that
pivotal.
We
look
at
technology
with
a
very
holistic
lens
right.
We
have
opinions
about
how
technology
should
be
put
together
about
how
you
should
build
software.
A
What
works
best
and
I
think
it's
time
to
take
that
concept
and
apply
it
to
security.
So
what
is
it
that
we're
actually
trying
to
attain
with
security
in
the
data
center
go
talk
to
a
big
enterprise?
Their
threat
surface
area
is
enormous.
Cloud
Foundry
is
obviously
about
the
data
center.
So,
let's
hone
in
on
the
gate
data
center.
Let's
scope
it
way
down.
What
is
it
that
we're
trying
to
do
inside
the
data
center?
A
My
team
and
people
that
I
work
with
or
like
you
know,
please
stop
scaring
us
right
when
I
when
I
go
talk
about
stuff,
but
you
can
look
on
the
news
or
look
at
Norse
Corp
and
see
basically
active
attacks
that
are
happening
all
over
the
world
right
and,
if
you
think
about
it
too
much
you
can
actually
get
paralyzed
by
it.
So
for
us
to
understand
what
we
mean
by
security
in
the
data
center
I
think
it's
really
important
to
understand
how
and
how
big
it
is.
How
big
is
this
problem?
A
I'm
jaded
right
I
work
for
a
software
vendor
at
some
point,
I'm
trying
to
sell
you
software,
don't
take
my
word
for
it.
Look
at
somebody
else.
Look
at
a
very
serious
professional
whose
job
it
is
to
protect
the
US
every
year.
Has
anybody
heard
of
the
worldwide
threat
assessment?
It's
a
pretty
interesting
document.
You
can
go
find
it
online.
A
The
intelligence
community
every
year
puts
together
a
worldwide
threat
assessment
and
they
publish
it
and
they
actually
present
it
to
the
Senate
and
the
Director
of
National
Intelligence
aggregates
all
this
information
and
presents
it
to
the
Senate.
It's
a
very
us
centric
document,
but
I
think
the
concepts
in
there
apply
globally
right.
This
is
really
interesting.
Look
at
the
2007
report.
What
happens?
There's
a
bunch
of
stuff
in
there
that
we
would
expect
just
from
watching
the
news.
There's
not
really
a
mention
of
cyber
attacks
or
cyber
warfare.
Something
has
changed.
A
A
Look
at
this
list:
mass
destruction.
Proliferation.
Are
you
serious?
We
all
we
all
identify
with
that,
but
cyberattacks
they're
number
one.
How
does
that
work?
And
if
you
read
that
first
section,
if
you
look
at
it
really
carefully
they're,
not
talking
about
massive
attacks
on
infrastructure
right,
they
actually
call
out
we're
less
worried
about
an
Armageddon
style
attack,
we're
more
about
a
bunch
of
low-to-moderate
attacks
against
a
bunch
of
companies
and
it
just
devastates
the
economy.
A
A
This
is
serious.
So
in
the
2015
report,
there's
basically
four
companies
that
are
listed
there,
maybe
a
couple
more
two
of
them
are
on
the
first
page,
interesting
metric
for
Cloud
Foundry.
Both
of
the
companies
that
are
listed
on
the
first
page
have
suffered
a
terrible
breach
or
breaches
post
breach,
both
of
them
use.
Cloud,
Foundry,
I,
don't
think
that's
an
accident,
there's
a
reason
there.
It's
not
about
individual
features,
it's
about
something
bigger
than
that.
What
we
want
out
of
Cloud
Foundry
is
for
it
to
be
resilient
against
attacks.
A
It's
not
that
attacks
won't
happen.
You
want
to
be
able
to
survive,
attacks,
give
a
little
bit
and
then
go
back
to
normal
state.
That's
the
concept,
that's
the
that's!
What
you
want
from
a
security
point
of
view
in
your
cloud
software
and
so
to
understand
how
to
be
resilient.
You
have
to
think
about
what
the
threat
is.
What's
the
shape
of
the
threat
that
we're
trying
to
resist
right?
A
If
you
go
to
an
enterprise
security
team-
and
you
say
what
are
you
most
worried
about
inside
the
data
center
I'll
say
a
lot
of
stuff,
but
there
is
one
type
of
threat
that
will
apps
lutely
terrify
them
bunch
of
names,
for
it
sometimes
called
a
worm,
sometimes
called
a
malware
of
late.
It's
been
sort
of
sensationalized
with
this
label
of
advanced
persistent
threat
or
apt.
This
is
a
really
funky
thing,
it's
usually
initiated
by
nation-states,
but
it
doesn't
have
to
be.
It
finds
its
way
into
its
data
into
a
data
center.
A
It
worms
around
two
different
servers.
It
observes
either
stuff
that's
happening
on
a
server
or
stuff,
that's
happening
locally
or
locally
or
on
the
network.
It
collects
information
bounces
around
and
then
does
an
X
filtration.
It's
a
big
deal.
Anybody
heard
of
this
kind
of
thing
before
yeah
a
little
bit
now.
The
latest
vogue
is
for
these
types
of
attacks
to
ransom
data
right,
so
I'll
actually
take
a
key
and
just
encrypt
a
bunch
of
data
if
it
hasn't
been
backed
up
and
then
you
gotta
pay
him
to
get
the
decrypting
key.
A
A
So
what
are
these
things?
Look
like?
What
are
they
require
to
thrive
and
survive?
Well,
you
can
look
at
lots
of
data.
That's
out
on
the
internet,
about
how
these
things
work
right.
There's
lots
of
breach
reports,
2015,
there's
a
Verizon
data
breach
report.
That's
really
fascinating!
Reading,
if
you're
a
person
like
me
right,
I've,
read
a
bunch
of
these
things
and
I.
Think
there's
some
common
denominators,
I
think
there's
really
three
things
that
are
sort
of
consistent
across
a
bunch
of
different
types
of
breaches.
One
of
them
is
vulnerable
or
misconfigured
software.
A
This
is
almost
a
must-have
all
right
patched.
Software
is
rare
in
the
enterprise.
It
seems
like
it
should
be
basic.
It
seems
like
it
should
be
done,
it's
actually
not
vulnerable
or
misconfigured.
Software
is
an
absolutely
essential
component
to
these
types
of
attacks.
Another
one
is
time.
These
types
of
attacks
require
a
non-trivial
amount
of
time.
A
They
require
time
to
gather
the
information
that
they
need
or
that
they
want
right
to
Pogo,
stick
around
and
do
damage
it's
sort
of
essential,
it's
sort
of
obvious,
but
it's
a
really
important
dimension
and
then
the
third
one
is
leaked
credentials.
Now,
at
times
in
my
career,
I
have
gone
on
this
warpath
to
try
to
get
rid
of
usernames
and
passwords
and
I
failed,
miserably.
I
think
they're
kind
of
just
here
to
stay
right
so
credentials
in
this
sense
are
not
so
much
about
usernames
and
passwords
for
human
beings
like
carbon-based
life-forms.
A
There
are
actually
credentials
for
silicon-based
life-forms,
so
I'm
kind
of
such
a
loser
about
computer
science,
I
anthropomorphize
processes.
Sorry
right,
but
process
identity.
Things
like
how
what's
my
username
and
password
to
connect
to
a
database
or
a
Redis
service
right
when
those
things
leak,
really
bad
things
happen
right.
A
It
is
like
this
pastoral
setting,
where
there's
abundant
sunshine,
there's
abundant
soil
and
there's
very
clearly
water
somewhere
right,
and
so,
if
you're,
a
malware
author
you're,
like
a
malware
farmer,
a
weed
farmer,
you
can
just
sprinkle
your
stuff
around
and
it's
gonna
take
root,
not
hard.
The
barrier
to
entry
can
be
fairly
low
right,
it's
kind
of
a
problem.
This
is
literally
what
data
centers
look
like
to
an
attacker,
and
this
is
not
symmetric
conflict.
This
is
very
asymmetric.
It's
not
fair.
This
is
not
a
fair
fight.
A
So
what's
the
software
industry
done
to
try
to
deal
with
this?
Well
we're
the
ones
the
software
people,
the
professionals,
I,
am
partly
to
blame
for
this
have
built
such
sucky
software
that
it
resists
change
at
all
costs.
Right.
Look
at
router,
you
know
firewall
configurations,
go
to
a
big
company
and
say
how
many
firewall
rules
do
you
have
there?
Well,
we've
got
a
lot
and
nobody
wants
to
touch
it
right.
A
How
often
do
you
rotate
your
TLS
credentials?
Oh
god,
no!
No
uh-uh,
not
not
gonna.
Do
it
right!
These
are
things
that
we
just
tend
to
avoid.
We've
built
software
like
that,
and
we've
created
this
pastoral
scene.
It's
a
real
problem.
So
what's
the
software
vendors
answer
more
software,
we
created
the
problem
and
we're
going
to
solve
the
problem
with
what
I
believe
is
a
very
flawed
set
of
assumptions,
and
this
is
what
we
do.
A
A
Kind
of
bothers
me
actually
I
get
pretty
wound
up
about
this
kind
of
stuff,
but
look
we
just
appeared
Bing
and
one
of
the
one
of
the
flags
went
up
by
a
monitor
notice.
The
monitor
didn't
fix
the
problem.
It
didn't
go,
pull
the
weed,
I
just
set
up
a
flag.
So
if
you're
in
the
enterprise-
and
you
have
a
you've-
got
to
deal
with
a
massive
number
of
notifications,
so
you
buy
more
software
to
figure
out
how
to
deal
with
the
notifications.
This
is
a
never-ending
cycle.
A
There's
a
reason.
Security
teams
inside
of
enterprises
are
grumpy
right.
They
really
are
they've
not
had
good
tools
and
they've
been
in
a
losing
battle.
If
you
go
back
to
the
bridge
painting
metaphor,
it's
like
waking
up
every
day
and
what
do
you
know?
I'm
gonna
paint
the
bridge
orange
that's
kind
of
what
it
feels
like
to
be
in
an
enterprise
security
team
right
software,
resist
change
that
we
sell
to
enterprises,
so
the
culture
naturally
resists
change.
A
A
A
A
That's
a
big
part
of
Cloud
Foundry.
We
can
do
this,
we're
opinionated.
We
have
the
operating
system.
We
also
have
the
web
server.
We
have
the
application
container.
We
have
the
whole
stack.
We
monitor
that
thing
at
pivotal.
Right
and
other
people
do
as
well
patch
it
when
you
get
a
patch,
please
deploy
it
inside
your
data
center.
A
One
of
the
first
things
I
did
when
I
when
I
joined,
pivotal,
was
absolutely
focus
on
the
patch
cycle,
I
believe
it's
just
absolutely
critical
and
since
May
pivotal,
Cloud
Foundry
has
had
30
ish
releases,
a
pivotal
Cloud
Foundry
that
are
mostly
driven
by
vulnerabilities
in
dependencies.
Pretty
interesting
right.
That's
a
lot
right!
It's
week,
20
week,
20,
ish,
30,
releases,
non-trivial,
right,
I,
believe
we're
quite
good
at
this
and
I
think
the
community
benefits
from
it.
Quite
frankly,
without
without
the
question
the
other
one
is
really
funny.
A
Repave
all
right,
so
repair
your
software
repave.
When
I
entered
enterprise
software,
it
used
to
be
bragging
rights.
How
long
could
my
server
live
without
rebooting
right?
Never,
people
that
would
have
I
guess
they
had
like
counters,
like
you
know
days
since
an
injury
in
a
factory,
and
they
were
like
flipped
that
they
I
don't
know,
but
it
was
a
badge
of
honor
to
have
something.
It's
lasting
for
years,
I
mean
some
people.
It's
been
18
years
since
I've
had
to
reboot
that
know.
That
is
broken.
A
No,
no!
No!
What
if
we
were
to
say
inside
of
our
data
center
them,
we
were
to
play
a
different
game.
What's
the
minimum
amount
a
lifetime
my
VM
can
live,
my
server
can
live
what
if
every
server
inside
my
in
my
data
center
had
a
maximum
lifetime
of
two
hours,
all
right
think
about
it
from
the
malware
author.
That
means
you
have
to
play
a
video
game
and
get
to
level
100,
but
you
can
never
get
past
level
five,
because
there's
not
enough
time
frustrating
as
all
get-out
right.
A
A
A
You
go
faster,
that's
the
exact
opposite
of
how
organizations
think
today
it
will
turn
this
pastoral
landscape
and
is
something
that
looks
like
this,
the
Mars
surface
and
unless
you're
Matt
Damon
you're
not
going
to
grow
a
plant
here
right,
and
so
what
I
want
and
my
time
at
pivotal
and
my
time
as
part
of
the
the
Cloud
Foundry
community
is
to
build
the
system
that
gives
no
quarter
for
malware
in
the
data
center.
This
is
not
a.
This
is
not
a
place
where
it
will
survive,
repair,
repave
and
rotate
anyway
guys.