Presentation Material
Abstract
High performance teams are releasing software to production several times a day. This poses a challenge to Ops and infosec who need to have the confidence that these releases will not lead to a security breach in the infrastructure. DevOpSec or DevSecOps is a discipline where development, operations and security work collaboratively to achieve security compliance in agile teams. In this demonstration of our open source project, we show how we used DevOps and security best practices to achieve and test AWS infrastructure.
AI Generated Summary
Here is a summary of the discussion:
The conversation revolves around data protection, to ensure compliance with various regulations such as Singapore’s PDPA, and Europe’s GDPR. The speaker emphasizes the importance of following basic hardening checklists during infrastructure setup and migration. They mention open-source projects like CIS Benchmark and Ansible Playbook that can help implement security policies.
A major challenge in cloud migration is ensuring secure communication between services,<|begin_of_text|>199without human intervention. This requires proper key management, (e.g., bootstrapping, authentication, and secret management) to prevent single points of failure.
The speaker highlights the importance of encrypting configuration files and limiting access to sensitive information like credentials and certificates. They recommend using tools like Key Vault, HashiCorp’s Vault, or other open-source solutions for secure key management.
In terms of application dependencies, the speaker suggests that if an application is too tightly coupled to a particular infrastructure, it may indicate design issues with the application itself.
Finally, the discussion touches on outages and how static code analysis could have helped prevent them.