Cloud Native Security
Digital Developer Conference
The Digital Developer Conference: Cloud Native Security is your free opportunity to develop skills with the leading open source tools needed to build smart and secure cloud native applications. Led by subject matter experts from IBM and Red Hat, these session and lab replays offer beginners and experts alike an opportunity to explore techniques in Application Security, Data Security, and DevSecOps.
Protect your application and secure cluster access, network, pods and containers, keys and credentials.
Day 1: July 1, 2020
The Opening Keynote will cover ideas on container security. Dan will explain the three entities involved in running a container, and explain how each entity has influence on the security of the container. Dan will explain ideas on how we can do this in as user friendly manner as possible.
Ilene uses an example of a simple cloud native web application to discuss how, where and when to apply a security-centric approach to build a secure solution. She will touch on topics like secure handling of credentials, secure coding practices and DevSecOps. She will discuss development-time considerations, as well as runtime considerations.
Chris WeberIlene Seelemann
This talk will begin with a technical overview of IBM Cloud Hyper Protect Virtual Servers, providing a Linux-based environment on IBM Z to develop secure applications. Then from the IBM Storage team, we learn how they've developed open source plug-ins based on CSI specification to connect high performance file and block storage arrays to container frameworks so that applications can be securely deployed on persistent storage.
Chris PooleMatt Levan
Enterprises must meet internal standards for software engineering, secure engineering, resiliency, security, and regulatory compliance for workloads hosted on hybrid clouds. Doing so using manual processes is error prone and expensive, and also makes it hard to easily determine overall security and compliance posture. A policy based governance approach addresses these concerns, allows enterprises to gain visibility and drive remediation for various security and configuration aspects to meet enterprise standards and making it easier for enterprises to adopt secure hybrid cloud. Further, applying this governance approach using "open source" principles results in collaboration across multiple vendors and standards organizations. Jaya will illustrate this approach using the Open Cluster Management community project and Red Hat Advanced Cluster Management product offering that utilizes this project.
Secure containers are the fundamental building blocks of secure Kubernetes pods. Troy will talk about building and maintaining a secure container environment and cover the entire container stack from host, daemon, image to container.
Krithika will focus on key security strategies and best practices to design and implement a highly secure API system in a hybrid cloud environment. She will outline the architecture and features of APIConnect and DataPower Gateway and how they can be used in a truly seamless manner. Understanding the various layers of security and the key concepts in applying the right security standard will tremendously help in securing enterprises. IBM APIConnect and DataPower Gateway can manage and secure APIs without compromising on the performance. As you build your applications and services for the cloud, application security cannot be an an after thought and should be built from the ground up.
Encryption keys and passwords are "keys to the kingdom." Acquiring them allows attackers to open all kinds of doors, and yet developers are often careless. As a result, keys fall victim to reverse engineering and software vulnerabilities such as Path Traversal, XML External Entities (XXE), Local File Inclusion, and others. Ron will review the most common methods of storing credentials and best practices for storing them, such as using key stores. However, an important issue remains -- how do you secure the Master Key? The security of this "key that secures other keys" or the Key Encrypting Key (KEK) is critical. Ron will discuss several low cost, preferred ways for securely storing KEKs, from hardware to software, and their relative costs, including a novel approach that is resistant to remote attacks up to and including path traversal vulnerabilities.
The closing keynote will detail the three trends having the most dramatic influence on cybersecurity programs and investments today.
During the Kubernetes Networking hands-on lab you will learn Kubernetes Networking essentials and gain hands-on skills to implement access control to your cluster using service types from ClusterIP, NodePort, LoadBalancer to Ingress and Network Policies with Calico.
Meet the speakers
We've assembled the best technical leaders across IBM and Red Hat to share their expertise and help elevate your skills with the open source techniques you want for the technology you need.
Senior Developer Advocate (IBM)
Research Staff Member (IBM Research)
CRISC, CDPSE, Vice President of the IBM Security Business Unit (IBM)
Senior Software Engineer, Container Security, at IBM Research
Distinguished Engineer (DE), Cloud Engagement Hub, Financial Services Ready Cloud (IBM)
Lead Developer Advocate & Master InventorView this speaker
IBM Cloud Garage Developer
"Mr SELinux" Senior Distinguished Engineer (SDE), Head of Container Engineering (Red Hat)
Software Engineer, IBM
Gregory I Hanson
Istio Contributor, Staff Software Engineer (IBM)
Client Solutions Architect, IBM Global Markets
Senior Technical Staff Member (STSM), IBM Garage Cloud Architect and Security Technical Lead
Software Engineer - Platform Security, Red Hat
Chief Security and Governance Architect, Red Hat
Senior Software Developer, IBM
Chief Open Source Advocate, Sysdig
Senior Technical Staff Member (STSM), Cloud Integration ArchitectView this speaker
IBM Master Inventor, Senior Software Engineer, Next Generation Containers and Cloud Technologies (IBM Research)
Storage Solutions Architect (IBM)
Developer Advocate (IBM)
Client Developer Advocate at IBMView this speaker
Program Manager, Secure Engineering (IBM)
Distinguished Engineer, Chief Architect for DevOps for Enterprise SystemsView this speaker
Principal Software Engineer, Red Hat
Senior Technical Staff Member (STSM), IBM Hyper Protect Cloud Services (IBM)
Ethical Hacker, X-Force Ethical Hacking Team, at IBMView this speaker