Build resilient systems at scale
May 27–29, 2015 • Santa Clara, CA

Continuous security - the DevOps way

Tim Prendergast (Evident.io)
2:40pm–3:20pm Thursday, 05/28/2015
Location: Ballroom GH
Average rating: ****.
(4.33, 12 ratings)

Prerequisite Knowledge

Basic understanding of cloud infrastructure, continuous delivery, DevOps principals, and an interest in security.

Description

The advent of the cloud has brought a number of changes to the world, enabling a new level of agility and capability for organizations that was previously only accessible to elite technology companies. Now, any business has access to world-class infrastructure and scale with just a few clicks or API calls, creating a vehicle for new ideas and services to spring forth into the world. However, with this great power came great responsibility — security responsibility.

In traditional operating environments, perimeter security controls and pervasive appliance-based security tools dominate the conversation. When the control of complex infrastructure moved outside IT and outside the company datacenter, however, the methodology by which we secure infrastructure changed forever:

  • Manual security scans must be replaced by automated, self-inspecting audits
  • Traditional audits by hand are no longer sufficient due to the high rate of change in programmatic infrastructures (CI/CD changed the game!)
  • Host-based security solutions are moving to the wayside as services dominate the landscape — you can’t install an agent on an API-defined service offering
  • Humans can’t possibly keep up with the mass of security telemetry data we now have available, so computers must handle the brunt of it.

There are also exciting new capabilities that never existed before — on-demand scaling, microperimeterization of security controls, per-resource granular security policies, and much more that can be used advantageously in complex environments. These controls can be tightly integrated to your CI/CD pipeline and become operationalized much like monitoring, APM, and other tools that DevOps teams live by. We’ll explore how to integrate the ecosystem of technologies to create a true SecDevOps practice.

Photo of Tim Prendergast

Tim Prendergast

Evident.io

Tim co-founded Evident.io to help others avoid the pain he endured when helping Adobe adopt the cloud at a massive level. After years of building, operating, and securing services in AWS, he set out to make security approachable and repeatable for companies of all sizes.

Tim led technology teams at Adobe, Ingenuity, Ticketmaster, and McAfee.

15+ years security experience
8+ years AWS security experience
3 years successfully defending the Adobe AWS infrastructure from inception to production
AWS Certified Solutions Architect