►
Description
Don't miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from 18 - 21 April, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
B
Much
has
been
said
on
the
topic
in
many
forums,
but
this
conference
is
different,
cios
and
csos.
They
worry
about
security
in
the
shift
left
phenomenon
necessitated
by
containers
and
microservices,
which
are
our
Jam
here
in
Cloud
native
developers
mitigate
those
worries.
This
conference
is
for
those
Developers.
B
B
Yes,
I
agree
with
you:
everyone
is
becoming
a
cloud
native
developer.
According
to
Independent
research,
by
slash
data,
there
are
over
7.1
million
Cloud
native
devs
and
Counting,
given
the
changes
that
our
Paradigm
brings,
it's
going
to
need
a
paradigm
shift
to
level
up
the
cloud
native
security,
posture
and
level
up.
We
really
must
security
within
the
cloud
native
ecosystem
is
deeply
complex.
You
know
this
better
than
anyone.
B
That's
why
you
showed
up
here
all
of
us
to
be
focused
on
rapid
development
and
deployment,
and
that
is
why
Cloud
native
is
fast
becoming
ubiquitous,
we're
essential
to
organizations
and
businesses
everywhere,
but
that
also
means
more
exposed,
edges
and
nodes,
greater
attack,
surfaces
and,
ultimately,
less
control,
I
mean
who
here
lost
countless
evenings
and
weekends
fixing
the
log
for
J
vulnerabilities
over
the
past
year.
Anyone
and
when
involved
in
lock
4J
raise
your
hand
yep
yep.
Exactly
some
of
us
are
still
dealing
with
that
today.
B
The
Experience,
we're
having
with
we've
had,
should
remind
us
that
security
is
not
a
one
and
done
task
and
no
person
is
an
island
when
it
comes
to
Security
in
modern
times
at
cncf.
The
focus
on
security
is
beyond
directives.
Reports
this
community,
realizes
that
it's
an
ongoing
conversation
and
a
conversation
is
a
must,
because
things
are
looking
pretty
dire
right
now.
The
cost
of
us
not
doing
anything
is
very
high.
B
Sport
79
of
organizations
are
not
deploying
a
zero
trust
environment
that
is
really
not
good,
because,
ultimately,
what
that's
leading
to,
if
you
see
here
is
almost
20
percent
of
breaches
are
occurring
because
the
compromise
at
a
business
partner
and
keep
in
mind
by
the
way
that
almost
half
the
breaches
that
occur
are
cloud-based.
That's
our
world.
In
Cloud
native,
the
same
study
broke
out
the
costs
for
breaches.
When
you
look
at
hybrid
Cloud
environment,
the
average
cost
of
a
breach
on
an
organization
is
3.8
million
dollars.
B
B
Proof
is
when
you
in
the
state
of
the
cloud
security,
2002
entity
report
from
sneak
77
of
organizations,
said
that
poor,
trainings
and
lack
of
collaboration
were
their
major
challenges.
There
are
Silo
teams,
often
working
in
separate
countries,
time
zones
using
different
tools,
policy
Frameworks-
and
this
is
just
within
one
organization
in
the
cloud
native
environment.
We
are
interacting
with
so
many
other
entities,
throw
in
a
lack
security
policy
and
there's
the
recipe
for
your
security
breach
right
there.
B
B
Folks,
like
you,
gather
here
and
share
their
development
and
deployment
expertise
and
that's
why
we're
in
a
position
to
teach
each
other
we're
all
a
global
team
of
doers
and
when
we
work
together,
we
cover
far
more
ground
than
any
single
organization
alone,
going
back
to
the
conversations
that
we
need
to
continually
have
they
cannot
happen
without
each
and
every
one
of
you,
the
humans
behind
Cloud
native
who
here
has
heard
of
tag
security
yep.
Most
of
many
of
you
raise
your
hand
higher
I,
like
can't
see
it.
I
have
these
lights.
B
This
is
really
hard.
Okay,
awesome!
Most
of
you
do
this
wonderful
165
person,
strong
group
of
contributors
develops
and
evolves.
This,
Cloud
native
security
through
education,
partnership
and
engaging
projects
and
communities.
I
have
directly
heard
from
projects
the
game
changing
impact
they've
had
on
their
security
project
posture
with
the
super
useful
feedback.
Given
an
example
of
that
is
their
security
Pals
program,
where
someone
from
tax
Security
will
work
hand
in
hand
with
the
cncf
project
to
integrate
security
from
the
get-go,
keep
in
mind
for
any
project
applying
to
be
an
incubated
cncf
project.
B
They
have
to
go
through
a
tag:
security
audit,
this
organization.
This
group
is
also
famous
for
their
numerous
well
researched
pieces
of
content
such
as
the
cloud
native
security
white
paper
that
I
quote
over
here,
I
suggested
as
a
must
read.
As
they
say
in
this
paper,
the
cloud
native
Paradigm
dictates
the
need
for
new
security
mechanisms.
B
B
This
helps
users
easily
verify
the
distribution
that
they
are
using
and
is.
It
is
exactly
what
it
claims
to
be.
Six
store
has
been
a
collaboration
between
multiple
organizations,
starting
with
red
hat
and
Google,
open
source
security,
and
it
has
now
developed
with
the
open
ssf
other
organizations
such
as
Academia
for-profit
entities
Etc
as
one
of
the
founders
of
the
project
says.
Security
truly
is
a
multi-dimensional
problem
today
and
six
stores
success
is
a
direct
result
of
open,
multi-vendor
collaboration
because,
ultimately,
today
you
need
modular,
interoperable
Solutions,
that's
only
possible.
B
When
you
bring
in
diverse
perspectives,
the
cncf
itself
is
supporting
the
community
efforts
and
Industry
collaboration
by
maintaining
a
very
careful
security
posture
for
our
projects.
We've
partnered
up
with
the
open
source
technology,
Improvement
fund,
ostiff,
to
conduct
audits,
a
security
audits
for
our
projects.
We
also
do
fuzzing,
Audits
and,
ultimately,
that's
resulted
in
hundreds
of
bugs
being
found
we're
also
adopting
s-bombs
or
software
bill
of
materials
all
over.
If
you
want
to
learn
more
about
how
we
did
it,
I
highly
recommend
catching
up
with
our
CTO
Chris
anischeck.
A
B
We
will
tackle
issues
of
security
together
here
and
further
on
we'll
share
our
experiences
successes,
perhaps
more
importantly,
failures
and
help
with
the
collecting
of
understanding
will
create
Solutions.
That's
right.
The
practitioners
are
leading
the
way.
Having
conversations
that
you
need
to
have.
That's
all
of
you.
B
B
First,
up
Emily
Fox.
She
is
a
cloud
Security
Services
and
compliance
engineer
at
Apple
and
has
spent
more
than
12
years
working
on
insecurity.
She
also
has
an
academic
background
in
cyber
security
she's,
a
member
of
the
TOC
cncf
technical
oversight
committee,
and
you
should
definitely
catch
her
keynote
tomorrow
at
9.
25
a.m,
which
talks
which
is
it
takes
the
community
to
raise
a
conference.
It'll.
Tell
you
more
about
how
Cloud
native
security
con
this
place.
Your
act
came
to
be
second
Liz
rice
I
mean
who
doesn't
know
Liz
rice.
B
She
also
chaired
the
cncf
TOC
and
has
vast
experiences
within
Cloud
native,
and
thirdly,
we
have
Brandon
Lum,
who
is
the
open
source
security
software
engineer
at
Google
and
a
co-chair
of
our
beloved
cncf
tag
security
and
he
works
to
improve
the
security
of
the
open
source
ecosystem
day
in
Day
Out.
B
First
was
an
end
user
journey
by
Yahoo
about
how
to
secure
your
supply
chain
at
scale.
That's
happening
today,
11
to
11
35.
and
then
the
other.
Going
back
to
that
stat.
We
looked
at
about
how
over
70
percent
organizations
are
not
deploying
a
zero
trust.
Architecture
is
a
talk
by
Frederick
cots
on
establishing
a
production,
zero
trust
architecture.
Highly
recommend
you
attended
because
we
got
to
fix
that
stat.
That's
also
happening
today
at
11,
50
and
room
is
listed
on
the
slides.
B
Learning
and
developing
our
security
posture
is
it's
a
multi-track
activity.
There
are
so
many
things
we
can
do
and
if
you
want
to
get
your
hands
dirty,
I
highly
recommend
joining
the
capture
the
flag
experience
today
it's
about
tomorrow,
you
go
to
room
615
R16
or
you
can
also
send
a
message
on
slack
to
the
channel.
That's
listed
on
the
slides
I'm
going
to
let
you
take
a
picture.
If
you
want
it,
participants
can
play
three
increasingly
treacherous
and
demanding
scenarios
to
bushwhack
their
way
through
the
dense
Jungle
of
cloud
native
security.
B
Other
activities
that
I
encourage
I'm
hosting
and
Empower
us
lunch
for
women
and
non-binary
folks,
today
from
12
25
to
155
in
the
lunch
Hall
we'll
have
some
tables,
it'll
be
obvious,
you'll
see
us
come
join
in
and
let's
have
a
good
time
tomorrow.
Tag
security
is
hosting
a
similar
lunch.
So
if
you
want
to
spend
time
with
them,
ask
questions
share
your
insights.
That's
the
place
to
go
same
time.
Lunch
place
as,
as
today
with
me.
B
And
in
the
spirit
of
learning,
together
we're
going
to
start
here
today
at
Cloud
native
security
con
and
then
continue
Way
Beyond
this
conference
at
cncf.
We
are
developing
a
new
certification
called
kubernetes
and
Cloud
native
security
associate,
which
is
an
entry-level
exam
and
gathered
towards
people
who
want
to
learn
about
Cloud
native
security
and
get
started.
B
So
if
you
have
team
members
who
you
wish
would
come
along
for
the
security
right,
whether
it's
product
teams,
other
Edge
teams,
marketing
teams,
strategy,
folks,
this
is
a
great
exam
for
them,
and
right
now
we're
looking
for
beta
testers.
So
if
you
can
help
out,
please
use
this
QR
code
or
go
to
cncf.io
kcsa-beta
testing
to
support
bringing
this
exam
out
to
the
public,
which
should
happen
sometime
later
this
year.
B
With
that
said,
attendees
you
are
here
because
you
recognize
that
security
is
a
cross-organizational
team.
Sport
kudos
to
you,
I
hope
you
will
learn
from
each
other,
find
interesting,
Solutions
and
have
a
wonderful
time.
I'd
also
like
to
thank
our
sponsors,
who
have
invested
in
bringing
all
of
us
together.