A guide to achieving DevSecOps in Kubernetes environments. AGPIAL audiobook.
| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 | Publish Date not found |  0 Views |
introduction
Over the past decade, enterprises have increasingly adopted modern software development practices, public cloud infrastructure, and cloud-native software such as Kubernetes and containers to drive their digital transformation and innovation.
At the heart of these changes is DevOps, a set of practices and tools designed to enable teams to deliver software applications and manage infrastructure environments at high speed.
DevOps emphasizes principles such as increased collaboration, shared responsibility for development and operations, breaking down barriers between operations teams, and autonomous decision-making, all in the spirit of achieving greater speed and consistency.
DevOps is based on methods that use automation and continuous integration and delivery (CI/CD), and treats infrastructure and application components as immutable.
These changes can put a strain on existing security programs.
DevOps-driven adoption of new technologies and processes can cause security to take a back seat, creating new gaps in security coverage and risk management.
Security teams must therefore work toward a set of well-known goals for modern computing environments: preventing security incidents, breaches, and compromises; establishing security best practices and policies that must be implemented across the enterprise; and managing resources to minimize operational overhead, alert overload, tool proliferation, and manual investigation workflows—all in a way that aligns with the approaches preferred by development teams.
This has led to the concept of DevSecOps: the combination of DevOps practices and security strategies as a means for any organization to increase the protection and reduce the risks of their modern software environments.
This white paper provides an overview of what DevSecOps is and how organizations can adopt its practices in conjunction with technologies such as Kubernetes and containers to achieve strong, scalable security for their cloud-native environments.
Kubernetes Security Trends and Challenges: Enterprises continue to rapidly shift their software development efforts to hybrid cloud environments with a focus on Kubernetes, containers, microservices, and service meshes.
These modernization efforts can have a significant impact on organizations as they require new skills, tools, processes and a new corporate culture.
The introduction of new technical architectures and operating patterns associated with these efforts also introduces security challenges that arise from greater complexity – for example, the number of cloud-native technologies used by a single organization can easily grow into the dozens.
00:00:00 Welcome
00:00:12 Introduction
00:04:12 What DevSecOps is and why it is important
00:05:44 Cloud-native technologies require a DevSecOps approach
00:08:17 Applying DevSecOps practices to Kubernetes
00:09:55 Kubernetes security is only as good as the starting point: the software supply chain
00:12:12 Declarative Configuration: Harness the Power of DevOps for Kubernetes
00:12:17 Safety advantage
00:14:55 Standardization: Align teams to a single, familiar operating framework
00:16:44 DevOps context enables faster Kubernetes security analysis and decision making
00:18:59 Combining the best of DevOps and security with complete lifecycle policies
00:20:50 How immutability helps enforce policies when things go wrong
00:23:12 Closing the loop: optimizing renovation across the entire life cycle
00:25:49 Conclusion
00:28:00 Further reading: Implementing Kubernetes-native security with Red Hat
Over the past decade, enterprises have increasingly adopted modern software development practices, public cloud infrastructure, and cloud-native software such as Kubernetes and containers to drive their digital transformation and innovation.
At the heart of these changes is DevOps, a set of practices and tools designed to enable teams to deliver software applications and manage infrastructure environments at high speed.
DevOps emphasizes principles such as increased collaboration, shared responsibility for development and operations, breaking down barriers between operations teams, and autonomous decision-making, all in the spirit of achieving greater speed and consistency.
DevOps is based on methods that use automation and continuous integration and delivery (CI/CD), and treats infrastructure and application components as immutable.
These changes can put a strain on existing security programs.
DevOps-driven adoption of new technologies and processes can cause security to take a back seat, creating new gaps in security coverage and risk management.
Security teams must therefore work toward a set of well-known goals for modern computing environments: preventing security incidents, breaches, and compromises; establishing security best practices and policies that must be implemented across the enterprise; and managing resources to minimize operational overhead, alert overload, tool proliferation, and manual investigation workflows—all in a way that aligns with the approaches preferred by development teams.
This has led to the concept of DevSecOps: the combination of DevOps practices and security strategies as a means for any organization to increase the protection and reduce the risks of their modern software environments.
This white paper provides an overview of what DevSecOps is and how organizations can adopt its practices in conjunction with technologies such as Kubernetes and containers to achieve strong, scalable security for their cloud-native environments.
Kubernetes Security Trends and Challenges: Enterprises continue to rapidly shift their software development efforts to hybrid cloud environments with a focus on Kubernetes, containers, microservices, and service meshes.
These modernization efforts can have a significant impact on organizations as they require new skills, tools, processes and a new corporate culture.
The introduction of new technical architectures and operating patterns associated with these efforts also introduces security challenges that arise from greater complexity – for example, the number of cloud-native technologies used by a single organization can easily grow into the dozens.
00:00:00 Welcome
00:00:12 Introduction
00:04:12 What DevSecOps is and why it is important
00:05:44 Cloud-native technologies require a DevSecOps approach
00:08:17 Applying DevSecOps practices to Kubernetes
00:09:55 Kubernetes security is only as good as the starting point: the software supply chain
00:12:12 Declarative Configuration: Harness the Power of DevOps for Kubernetes
00:12:17 Safety advantage
00:14:55 Standardization: Align teams to a single, familiar operating framework
00:16:44 DevOps context enables faster Kubernetes security analysis and decision making
00:18:59 Combining the best of DevOps and security with complete lifecycle policies
00:20:50 How immutability helps enforce policies when things go wrong
00:23:12 Closing the loop: optimizing renovation across the entire life cycle
00:25:49 Conclusion
00:28:00 Further reading: Implementing Kubernetes-native security with Red Hat
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
