►
From YouTube: Fast Trusted Development with Thales HSMs Alexander Hanway (Thales)OpenShift Commons Gathering 2021
Description
OpenShift Commons Gathering 2021
Lightning Talk: Fast, Trusted Development with Thales HSMs
Speaker: Alexander Hanway (Thales)
https://commons.openshift.org/index.html#join
A
So
starting
off,
I
know,
there's
an
entire
day
today
around
cloud
native
security
development,
but
just
sharing.
So
why
are
we
talking
about
security?
Everyone
kind
of
comes
to
this
from
from
a
different
vantage
point
for
us
at
dallas
tell
us
we
focus
purely
on
the
data
right.
What
does
that
mean
to
keep
your
data
safe
and
secure,
and
for
us,
the
measure
by
which
we
see
someone
secure
or
not
is
whether
they're
breached
and
what
are
the
impacts
of
those
breaches?
A
We
collect
data
on
this
year
over
year
we
publish
a
report
annually
and
for
the
last
eight
years,
we've
seen
that
the
number
of
breaches
are
increasing
year
over
year
and
correspondingly
the
severity
of
those
breaches
have
also
increased.
So
this
is
a
prevalent
problem.
That's
really
here
to
stay
right,
so
this
is
the
the
first
reason
why
we
talk
about
security,
and
the
second
is
that
this
is
intimately
tied
with
compliance.
A
I
earlier
today,
kirsten
newcomer
gave
a
presentation
where
she
shared
some
of
the
survey
results
from
red
hat,
whereby
67
of
enterprises
that
respond
to
their
survey
said
that
compliance
is
a
must-have
for
their
organization.
It
doesn't
really
matter
what
industry
you
work
in.
What
your
geography
is,
there's
some
rule
or
regulation
out
there
that
governs
how
you
secure
your
data
right.
It
can
be
as
prescriptive
as
pci
that
says
encryption
key
management
is
mandatory
or
it
can
be
something
as
generic
as
gdpr.
A
That
says,
you
must
demonstrate
control
of
your
data,
but
either
way
that's
there
right.
It's
a
requirement
is
something
that
organizations,
especially
large
enterprises,
which
I'm
sure
most
of
the
people
here
in
the
or
the
audience
today
is,
is
tied
to
right
and
with
the
the
greater
adoption
of
devops
methodologies.
No
longer
is
security,
just
that
last
step
before
the
application
goes
to
production
right.
It's
now
included
in
every
single
step
along
the
development
pipeline.
A
So
it's
all
of
our
jobs
and
we
at
talus
want
to
help
instill
that
early
in
the
application
development
process
and
to
help
you
bring
trust
to
those
conversations.
A
So
that's
why
we're
intimately
partnering
with
red
hat
as
strategic
security
partners
to
help
in
the
address
those
challenges,
and
we
do
this
through
application.
Encryption,
tokenization
file
encryption,
but
what
I'm
going
to
focus
on
today
are
hardware
security
modules
or
what
we
lovingly
call
hsms.
A
A
Okay,
all
right
about
about
40
of
the
the
audience
for
those
of
you
that
don't
know
an
hsm
is
a
physical
appliance,
whose
sole
purpose
is
the
logical
and
physical
security
of
your
cryptographic
material.
Your
encryption
keys,
your
certificates,
so
you
can
think
of
it.
Like
a
bank
vault
with
the
guard
in
front,
once
you
put
a
key
in
the
hsm,
it's
never
coming
out,
it's
designed,
so
you
can't
extract
it.
A
Why
this
is
relevant.
Is
that
once
that
key
is
in
there,
it's
entirely
trusted!
You
know!
No
one
else
has
access
to
it.
You
can
demonstrate
its
provenance,
so
every
time
you
build
cryptography
into
your
application
using
that
key.
You
can
trust
that
cryptography
and
this
matters
at
scale
when
you
think
about
what
you
do
in
in
your
enterprises
and
what
you
develop
all
right
in
addition
to
that,
there's
an
entropy
engine.
So
if
you
were
to
generate
your
own
encryption,
you
can
trust
the
the
roots
of
that
as
well.
A
A
You
know,
wherever
you
move
those
containers,
it
will
always
call
back
to
your
key
securely
stored
in
our
hsm.
So
if
your
application
needs
to
demonstrate
its
identity,
if
you
need
to
sign
a
container,
if
you
need
to
incorporate
encryption
directly
into
your
application,
you
can
do
all
of
that
as
you
develop,
and
when
it's
running
in
production,
it
can
always
call
back
to
your
hsm,
irrespective
of
where
you're
deploying
that
application
on-prem
in
cloud
or
across
multiple
clouds.
A
So,
in
closing,
what
you
get
is
the
ability
to
develop
in
a
secure
way
across
any
industry,
any
environment,
any
application
so
that
you
can
keep
your
data
safe,
secure
and
you
yourself
compliant
so
with
that
at
the
end
of
my
lightning
lightning
talk.
If
you
have
questions
you
can
find
me
after
the
talk
today
I'll
be
around
all
week
or
you
can
find
us
on
our
social
media
channels
for
more
information
all
right.
Thank
you.