1 / 24

Implementing Secure Docker Environments at Scale: Architectural Guidance

This session provides guidance on implementing secure Docker environments at scale, covering roles, responsibilities, and common pitfalls. Learn about security, compliance, threat protection, and synergy with developers in a conceptual design.

croteau
Download Presentation

Implementing Secure Docker Environments at Scale: Architectural Guidance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Implementing Secure Docker Environments At Scale Ben Bernstein ben@twistlock.com CEO Twistlock

  2. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

  3. Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect

  4. Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Roles & Responsibilities

  5. Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Roles & Responsibilities Conceptual Design

  6. Agenda Implementing Secure Docker Environments At Scale Architectural guidance for the security architect Common Pitfalls Roles & Responsibilities Conceptual Design

  7. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Roles and Responsibilities Roles and Responsibilities • Security Team • Design secure continuum • Compliance • Micro service aware active threat protection • Synergy with developers

  8. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Roles and Responsibilities Roles and Responsibilities • Security Team • Design secure continuum • Compliance • Micro service aware active threat protection • Synergy with developers

  9. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Roles and Responsibilities Roles and Responsibilities • Security Team • Design secure continuum • Compliance • Micro service aware active threat protection • Synergy with developers • Dev Team • Vulnerabilities/patching, infrastructure, identities/access • Fix • Proactively consider security

  10. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Roles and Responsibilities Roles and Responsibilities • Security Team • Design secure continuum • Compliance • Micro service aware active threat protection • Synergy with developers • Dev Team • Vulnerabilities/patching, infrastructure, identities/access • Fix • Proactively consider security • Devops Team • Implementation • Daily security operations

  11. Today Conceptual Design

  12. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Today Development & Staging Offline Communications Production Maintenance Offline Review Development Team “IT” Operation Team “IT” Operation Team Set Policy Set Policy Offline Guidance Handle Notifications Security Operation Team Set Policy Set Policy Handle Notifications Handle Notifications Identity Network Platform/Host “IT” Operation Team “IT” Operation Team “IT” Operation Team

  13. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Today MS MS Development & Staging Offline Communications Production Maintenance Offline Review Development Team “IT” Operation Team “IT” Operation Team Set Policy Set Policy Offline Guidance Handle Notifications Security Operation Team Set Policy Set Policy Handle Notifications Handle Notifications Identity Network Platform/Host “IT” Operation Team “IT” Operation Team “IT” Operation Team

  14. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Architectural Diagram MS MS Development & Staging Offline Communications Production Maintenance Milestone Review Review Setup Scripts, Security Testing, App Compliance Communicate Infra Requirements to IT Updates Security Alerts / Patches Micro-Segmentation E-W FWs Offline Review Development Team “IT” Operation Team “IT” Operation Team Set Policy Set Policy Offline Guidance Handle Notifications Security Operation Team Set Policy Set Policy Handle Notifications Handle Notifications Identity Network Platform/Host IPS/IDS Deception 1st / Next Gen Firewall Host Configuration Compliance Traffic Encryption Data Encryption “IT” Operation Team “IT” Operation Team “IT” Operation Team

  15. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Architectural Diagram MS MS Development & Staging Offline Communications Production Maintenance Pre-Checkin Review Code Analysis Offline Review Development Team “IT” Operation Team “IT” Operation Team Set Policy Set Policy Offline Guidance Handle Notifications Security Operation Team Set Policy Set Policy Handle Notifications Handle Notifications Identity Network Platform/Host Isolation User Behavior Analytics “IT” Operation Team “IT” Operation Team “IT” Operation Team

  16. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Architectural Diagram MS MS Development Production Staging Maintenance Pre-Checkin Review Code Analysis Dev/Devops Team Dev/Devops Team Development Team Dev/Devops Team Set Policy Security Operation Team Set Policy Identity Network Platform/Host Isolation User Behavior Analytics “IT” Operation Team Dev/Devops Team Dev/Devops/ IT Team

  17. Better & Even Yet Better Architectural Diagram

  18. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Architectural Diagram MS MS Development Production Staging Maintenance Delivery Review CVE checks, Signing, Base Image, Other Metadata Ports, Volumes, Devices, Processes Delivery Aware Network Restrictions Delivery Aware Anomaly Detection Delivery Aware Deception Updates Security Alerts / Patches Pre-Checkin Review Code Analysis Dev/Devops Team Dev/Devops Team Development Team Dev/Devops Team Set Policy Set Policy Handle Notifications Set Policy Security Operation Team Set Policy Set Policy Handle Notifications Handle Notifications Identity Network Platform/Host Isolation Host Configuration Compliance User Behavior Analytics “IT” Operation Team Dev/Devops Team Dev/Devops/ IT Team

  19. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Architectural Diagram MS MS Development Production Staging Maintenance Delivery Review CVE checks, Signing, Base Image, Other Metadata Ports, Volumes, Devices, Processes Delivery Aware Network Restrictions Delivery Aware Anomaly Detection Delivery Aware Deception Fuzzing, Sandboxing Delivery Aware Pen-Tests Updates Security Alerts / Patches Pre-Checkin Review Code Analysis Dev/Devops Team Dev/Devops Team Development Team Dev/Devops Team Set Policy Set Policy Handle Notifications Set Policy Security Operation Team Set Policy Set Policy Handle Notifications Handle Notifications Identity Network Platform/Host Isolation Host Configuration Compliance User Behavior Analytics “IT” Operation Team Dev/Devops Team Dev/Devops/ IT Team

  20. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Three Common Pitfalls Battle Tested

  21. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Three Common Pitfalls Battle Tested • Compliance Policies • Adjust per micro-service • Adjust per R&D team / Org / Application Group.

  22. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Three Common Pitfalls Battle Tested • Compliance Policies • Adjust per micro-service • Adjust per R&D team / Org / Application Group. • Delivery hygiene • Monitoring only in production • Monitor early in CI/CD and in production

  23. (NOTE: PASTE IN PHOTO AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP) Three Common Pitfalls Battle Tested • Compliance Policies • Adjust per micro-service • Adjust per R&D team / Org / Application Group. • Delivery hygiene • Monitoring only in production • Monitor early in CI/CD and in production • Active Threat Protection • Trust your “application / next-gen firewall” • Use “delivery aware” active threat protection

  24. Thank you!

More Related