Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Compliance in Cloud Native

Carol
November 24, 2020
Technology
2
170

Compliance in Cloud Native

Let's talk about security controls in Cloud Native environments, a checklist to comply with compliance such as ISO 27001, show tools that will help us in the security journey in the Kubernetes cluster.

Carol

November 24, 2020
Tweet

More Decks by Carol

See All by Carol
Contribute to translate K8s Docs, Glossary and CNCF-whitepaper
krol3
1
90
Vulnerabilities in Golang
krol3
0
21
DevSecOps em Aplicações, Cloud, Artefatos
krol3
2
130
Security in Cloud using Infrastructure as a Code (IaaS)
krol3
0
150
Security Opensource Tools in Cloud Native
krol3
1
190
Intro to Operators in Kubernetes
krol3
0
62
Container Security
krol3
4
300
Segurança em Kubernetes
krol3
1
190
Vault em Kubernetes
krol3
3
190

Other Decks in Technology

See All in Technology
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
690
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.5k
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
AIチャットボット開発への生成AI活用
ryomrt
0
170
CDCL による厳密解法を採用した MILP ソルバー
imai448
3
120
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
660
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
250
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
950

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Done Done
chrislema
181
16k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Thoughts on Productivity
jonyablonski
67
4.3k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Building Applications with DynamoDB
mza
90
6.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
YesSQL, Process and Tooling at Scale
rocio
169
14k

Transcript

  1. Compliance em Cloud Native Carol Valencia @krol_valencia

  2. Carol Valencia Solution Architect in in/carolgv krol3 @krol_valencia @krol_valencia

  3. Iso/iec 27001 Information technology - Security techniques - Information security

    management systems - Requirements @krol_valencia

  4. https://www.caveonix.com/solutions/iso/ @krol_valencia

  5. https://www.caveonix.com/solutions/iso/ @krol_valencia

  6. https://blog.ine.com/13-effective-security-controls-in-microsoft-azure-for-iso-27001-compliance @krol_valencia

  7. 7 https://blog.ine.com/what-is-the-goal-of-azure-security Confidentiality - CIA

  8. https://blog.ine.com/what-is-the-goal-of-azure-security 8 Integrity - CIA

  9. https://blog.ine.com/what-is-the-goal-of-azure-security 9 Availability - CIA

  10. A.8 Asset Management @krol_valencia

  11. @krol_valencia

  12. @krol_valencia

  13. A.9 Access Control https://isoconsultantkuwait.com/2019/12/08/iso-270012013-a-9-access-control/ @krol_valencia

  14. RBAC https://www.cncf.io/blog/2018/08/01/demystifying-rbac-in-kubernetes/ @krol_valencia

  15. Autenticação e Autorização https://theithollow.com/2020/01/21/active-directory-authentication-for-kubernetes-clusters/ @krol_valencia

  16. Acesso ao Cluster Kubernetes https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/ @krol_valencia

  17. A.10 Criptografia § Use of encryption (only TLS for public

    communication) § Key Management § Certs in Vault @krol_valencia

  18. A.12 Operations Security • Documented Operating Procedures • Event Logging

    • Management of Technical Vulnerabilities @krol_valencia

  19. A.12.1: Operational procedures and responsibilities https://itnext.io/platform-as-code-how-it-compares-with-infrastructure-as-code-and-what-it-enables-2684b348be2e @krol_valencia

  20. A.12.4: Logging and Monitoring

  21. A.12.5: Integrity of operational systems - Immutable Infrastructure • No

    SSH on workers • Build from scratch on every update - Rolling redeploy every week with newest K8s

  22. A.12.6: Technical Vulnerability Management - Explicit configured sync from selected

    public docker images only - Update Checker for system components - Planned: Container Image Scanning https://github.com/aquasecurity/trivy/ @krol_valencia

  23. A.13 Communications Security https://itnext.io/how-to-kubernetes-cluster-network-security-f19bc99161f5 @krol_valencia

  24. NETWORK POLICY USANDO OPA https://www.magalix.com/blog/how-to-enforce-kubernetes-network-security-policies-using-opa @krol_valencia

  25. https://blog.aquasec.com/istio-kubernetes-security-zero-trust-networking @krol_valencia

  26. A.14 System Acquisition, Development & Maintenance https://holisticsecurity.io/2020/02/10/security-along-the-container-based-sdlc @krol_valencia

  27. A.17 INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT https://www.rancher.co.jp/docs/rke/latest/en/etcd-snapshots/example-scenarios/ -

    High availability - Backup & Recovery @krol_valencia

  28. A.17 Information Security Aspects of Business Continuity Management https://velero.io/ @krol_valencia

  29. A.17 Information Security Aspects of Business Continuity Management - High

    availability - Backup & Recovery https://banzaicloud.com/blog/etcd-multi/ @krol_valencia

  30. A.17 Information Security Aspects of Business Continuity Management - High

    availability - Backup & Recovery https://banzaicloud.com/blog/etcd-multi/ @krol_valencia

  31. CIS Benchmark - CIS Benchmark Linux - CIS Benchmark Docker

    - CIS Benchmark Kubernetes https://github.com/aquasecurity/kube-bench @krol_valencia

  32. Pentesting em Kubernetes https://github.com/aquasecurity/kube-hunter @krol_valencia

  33. CSPM - Cloud Secure Posture Management https://github.com/aquasecurity/cloudsploit @krol_valencia

  34. References - KubeSec: https://kubesec.aquasec.com/enterprise_online_series - Iso 27001: https://www.isms.online/iso-27001 - Disaster

    Recovery: https://www.altoros.com/blog/enabling-high-availability-and-disaster- recovery-in-kubernetes - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started - Cryptografia - Casa Hacker: https://www.youtube.com/watch?v=9CoQpGt6aAg&feature=em-lbrm @krol_valencia