Originally presented at Datadog DASH 2022.
From CI/DI pipelines to container orchestrators to developer debugging tools, you spend years building the automation needed to scale your systems. As we grow our automation footprint over time, we grant more and more access to new systems. But how do you know if that automation is accessing the right systems at the right time? And more recently, we’ve encountered new incidents in which an unauthorized user can exploit automation, compromise credentials, and access systems with us completely unaware.
This talk will discuss ways to build observability into your automation in order to audit its access across different parts of the software development lifecycle. Whether clicking on various things in the console or uploading .tar.gz files, too much human access to the phases of the SDLC can be risky. We will look at automation within your CI/CD pipelines and services, and talk through use cases where the replacement of human access might benefit from automation.
We will also outline some techniques to maintain least-privilege access, mitigate blast radius of compromised credentials, and better observe interactions between services so you quickly identify unauthorized access.
You will learn about managing, aggregating, and configuring audit logging and metrics using:
- Service mesh for authorization
- Secrets management for credentials
- Secure access management for manual access to systems
By the end of this talk, you will be able to identify ways to better secure your automation and observe its access across a system.