Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Cloud Native Computing Foundation / Cloud Native Security Conference North America 2021 / 30 Oct 2021
Cloud Native Computing Foundation / Cloud Native Security Conference North America 2021 / 30 Oct 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Keynote: Modern Least Privilege and DevSecOps - James Watters, CTO, VMware

Description

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Keynote: Modern Least Privilege and DevSecOps - James Watters, CTO, VMware

Modern apps are more complicated than traditional apps—they have greater scale, change faster, and are more distributed (i.e., don’t have a traditional security perimeter). Although it may seem like this would make it more difficult to keep them secure in the long run, innovations in the cloud native space—such as automation—simplifies many aspects of security.

As the industry has increased the adoption of cloud native applications over the past decade, a clear set of best practices has emerged predicated on “least privilege.” Now, it’s time to dramatically improve enterprise application security by embracing a modern set of principles.

A

You want to hear 20 minutes uh on uh modern least privilege. Does that sound interesting?

A

Okay, that's not too old school of a term to bring up awesome. I don't like spamming people, so I always do for a lot of like thumbs up thumbs down uh to make sure that people want to hear more words before I say them. So hopefully that will go well.

A

So I'm james and you know basically I've been rattling around the the cloud native community or the modern application community for the better part of a decade and going on more now- and you know the the experiences I want to share and where I'm helping drive this set of products at vmware called tanzu.

A

It really orients around the idea that we have a new paradigm around modern applications that introduces new ways of doing security in addition to new ways of doing development operations. So I'm pretty excited about the overall term of devsecops. In some ways it you know it's not a perfect term, but it galvanizes.

A

This unification of uh you know these these roles in a way that I think, is important and you know I've been with leaders of large organizations the days or weeks after major security breaches happen, and a lot of my thinking was heavily influenced um sitting with the head of a bank with about an eight billion dollar technology budget.

A

You know, maybe, a month after the equifax breach happened, and you know he looked up at me at dinner. He's like you know. If that happens to us, I have to sit in front of congress and he basically said like. Could we come up with a plan so that that would not be the default in my organization because it's not fun to run around tasking people constantly to turn the wheels like?

A

How can we make modern security more of an affordance of an overall platform or system that I run as an organization and less of a potential and a lot of what my passion in the space is around? Is that, like some of these modern security principles need not only be possible within the cncf community?

A

They need to become affordances and I think that's sort of the distinction that I'm going to push on, and maybe some of my thoughts will be interesting, and so my ask- and my call to action is like if you agree with any of this help, make me smarter about it or help push it, uh because I think it can. Just you know, help us all in our day-to-day jobs. Does that sound interesting as a topic?

A

Oh, I got more than one thumb. I'm gonna keep talking cool, so I use the term devsecops, I'm not really here to get in a big semantic debate. If it's the cool thing, if we think of another way of making affordances security, first class performance of a platform, I'll use it. But that's what I got today and I think part of the observation of modern applications was that they weren't quite as static.

A

So I think, if you think about the evolution of a platform like instagram, it was sort of a failed startup that discovered this human interaction of applying a filter gave people the audacity to post their filters, their photos, maybe 100x more often, and that wasn't something you could sit down in a room with accenture and write a spec out for an app.

A

It was sort of an experimental, emergent process and I think that's my mental model when I think of modern applications is that they have emergent properties that require iteration, and so, as all of these large organizations are going agile and discovering the business impact of emergent properties of applications they're becoming more iterative, and that speed of iteration really to me is the big change from like.

A

Maybe the old model, I'm old enough that I was alive in the 90s and some people today were not um and in the 90s I started working at a big iron. You know tech, company called sun, and every year we would deploy a server anywhere in that very old school mode. In fact, my first day there was like watching a customer.

A

Do a six week consulting agreement to size, a server six weeks to size the server, so I've really lived this evolution from large static process, driven it to more of this iterative emergent cloud pattern, but I do think that iterative emergent pattern is super interesting and so I think, just the same way the applications change. We can change security in this new world and I'm going to push on a couple dimensions of that, but I do like to study history a bit and so as we're you know, kind of suddenly there's this craze around.

A

I was super excited to see all the secure supply chain work yesterday that whole it has its own conference now. uh Devstech ops is the hot term everywhere I go and it's sort of like wait a minute. You know.

A

If I read my computer history journals, it was 1974 that we were pretty clear that everything on a system should have, as least privilege possible, to execute its task and in some ways a lot of the systems we have today are much more wide open than that, and I think I traced that history back to the innovations of the web took a different turn than the early system designs, which were largely backend systems for processes.

A

They were much more collaboration systems, and so, while the 70s, we were clear on lease privilege so anyway, I'm going to go really fast. The the founder of yubikey basically said think about the web as a different paradigm, the least privilege it was a sharing. First, you know set of tech. Everything is about sharing fast, and I see devsecops as this really exciting new synthesis, between least privileged system design of the early era and these collaboration technologies that we built like http, which are originally just like here's, my document, everyone have it like.

A

How do we bring those two together as a modern ethos?

A

That's really what drives me um an example of those two forces at play is the cncf through some of the work andreas has done, has endorsed the cloud native, build packs and in the early days it was sort of like hey, everyone, grab a docker file and push it to prod, pull it from docker hub and go, and I do think that things like build packs are a really nice engineering design of reducing the privilege of the system, because by default now everything is secure by default.

A

So, as opposed to saying to that developer, you need to always scan and do all these things. With your app by hand now you're saying, there's a set of automations that introduce mechanistic least privilege to the pipeline, and I do think paying attention to things like build packs is the first step so here's some stuff I did in my previous generation of technology, it's more of a closed system called cloud foundry, but I worked with a lot of banks. One bank runs about 500 000 containers on this platform and here's what they love about.

A

It is that there are affordances of the system which bake compliance into the dev developer. Experience I.e. The developer has the surface area, they need to get their job done and everything that they do by default is more secure, there's an ability to constantly repave the platform.

A

So in the aftermath of equifax, it was really a question of like we can't wait, 90 days to re-enter, to rotate credentials, to repair things running in production and for frankly, for machines to expire, and so we introduced all these things into this platform and banks by and large love it, and my passion right now is introducing that to the broader full kubernetes community, um we're baking into our developer experience.

A

We have something called the tonzo application platform which will do uh security, scans, signing, etc by default and come talk to me more about this, but we're baking. Some of these security processes right into the developer experience- and I think, what's really interesting- is that we're introducing, I think, more of a decomposed set of templates that allow you to express the semantics. A developer should see what the app operations team should see and what core cluster admins should see in a way that allows you to decompose what alders call a monolithic set of pipelines.

A

Some people run into more like a microservice, so that that developer can reason about their surface area and a lot more things are secure, signed by default. I think asking developers to reason about a 2000 function. Monolith is as unreasonable as asking them to reason about, like a giant monolithic pipeline with no abstraction for them.

A

That's my observation, and then we can bake security into these things, um and the final note I'll leave you with is that an increasingly secure software supply chain doesn't eliminate runtime variants, and so you, like, I know exactly when it went into prod and now it's running so now. What has it done since? And I think this is where the repaving modality is so important- is that the ability now that you trust your software supply chain and you have git ops functionality to constantly recreate it? Why not use that?

A

So why not make that a first class part of the system? And so what I want to do with tanzu and we're increasingly doing with technologies like cluster api is introduce programmatic, affordances to constantly repave the system, to constantly repair the system, as vulnerabilities come out and to constantly- and this will take some time- rotate shared secrets, credentials, etc, and therefore I think we can. Let me just close on this.

A

We can really bring together um the two big trends that are happening now, once you have a secure software supply chain and you have git ops, why not reduce runtime variants and why not reduce bureaucratic overhead of getting patching done by constantly rebuilding that once you have systems like k-native, which are excellent at doing first-class routing, between versions of applications and instances of applications?

A

Why not use that system? So that's my passion, that's what I'm working on and my call to action is please help. Thank you all right.