Implementing Secure Docker Environments At Scale Ben Bernstein CEO Twistlock (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)
Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect
Roles & Responsibilities Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect
Roles & Responsibilities Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Conceptual Design
Roles & Responsibilities Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Conceptual Design Common Pitfalls
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Roles and Responsibilities
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Roles and Responsibilities
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Dev Team Vulnerabilities/patching, infrastructure, identities/access Fix Proactively consider security Roles and Responsibilities
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Security Team Design secure continuum Compliance Micro service aware active threat protection Synergy with developers Dev Team Vulnerabilities/patching, infrastructure, identities/access Fix Proactively consider security Devops Team Implementation Daily security operations Roles and Responsibilities
Today Conceptual Design
Today (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development & Staging ProductionMaintenance Security Operation Team Offline Guidance Set Policy Handle Notifications Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Identity Handle Notifications Set Policy Platform/Host “IT” Operation Team Development Team “IT” Operation Team
Today (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development & Staging ProductionMaintenance Security Operation Team Offline Guidance Set Policy Handle Notifications Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Identity Handle Notifications Set Policy Platform/Host “IT” Operation Team Development Team “IT” Operation Team MS
Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Milestone Review Review Setup Scripts, Security Testing, App Compliance Communicate Infra Requirements to IT Development & Staging Micro-Segmentation E-W FWs Production Updates Security Alerts / Patches Maintenance Security Operation Team Offline Guidance Set Policy Handle Notifications IPS/IDS Deception 1 st / Next Gen Firewall Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Identity Handle Notifications Set Policy Host Configuration Compliance Traffic Encryption Data Encryption Platform/Host “IT” Operation Team Development Team “IT” Operation Team MS
Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development & Staging ProductionMaintenance Security Operation Team Offline Guidance Set Policy Handle Notifications Isolation Network Set Policy Handle Notifications “IT” Operation Team Offline Communications Offline Review Set Policy Pre-Checkin Review Code Analysis User Behavior Analytics Identity Handle Notifications Set Policy Platform/Host “IT” Operation Team Development Team “IT” Operation Team MS
Staging Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development Production Maintenance Security Operation Team Set Policy Isolation Network Set Policy Dev/Devops Team Pre-Checkin Review Code Analysis User Behavior Analytics Identity Platform/Host Dev/Devops Team Development Team “IT” Operation Team Dev/Devops/ IT Team MS Dev/Devops Team
Better & Even Yet Better Architectural Diagram
Staging Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development Production Updates Security Alerts / Patches Maintenance Security Operation Team Set Policy Handle Notifications Isolation Network Set Policy Handle Notifications Dev/Devops Team Set Policy Pre-Checkin Review Code Analysis User Behavior Analytics Identity Handle Notifications Set Policy Host Configuration Compliance Platform/Host Dev/Devops Team Development Team “IT” Operation Team Dev/Devops/ IT Team MS Delivery Review CVE checks, Signing, Base Image, Other Metadata Ports, Volumes, Devices, Processes Delivery Aware Network Restrictions Delivery Aware Anomaly Detection Delivery Aware Deception Dev/Devops Team
Staging Architectural Diagram (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Development Production Updates Security Alerts / Patches Maintenance Security Operation Team Set Policy Handle Notifications Isolation Network Set Policy Handle Notifications Dev/Devops Team Set Policy Pre-Checkin Review Code Analysis User Behavior Analytics Identity Handle Notifications Set Policy Host Configuration Compliance Platform/Host Dev/Devops Team Development Team “IT” Operation Team Dev/Devops/ IT Team MS Delivery Review CVE checks, Signing, Base Image, Other Metadata Ports, Volumes, Devices, Processes Delivery Aware Network Restrictions Delivery Aware Anomaly Detection Delivery Aware Deception Dev/Devops Team Fuzzing, Sandboxing Delivery Aware Pen-Tests
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Three Common Pitfalls Battle Tested
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Compliance Policies Adjust per micro-service Adjust per R&D team / Org / Application Group. Three Common Pitfalls Battle Tested
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Compliance Policies Adjust per micro-service Adjust per R&D team / Org / Application Group. Delivery hygiene Monitoring only in production Monitor early in CI/CD and in production Three Common Pitfalls Battle Tested
(NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Compliance Policies Adjust per micro-service Adjust per R&D team / Org / Application Group. Delivery hygiene Monitoring only in production Monitor early in CI/CD and in production Active Threat Protection Trust your “application / next-gen firewall” Use “delivery aware” active threat protection Three Common Pitfalls Battle Tested
Thank you!