Cloud Native London June 2022: esynergy, ControlPlane, and Sysdig
We had three fantastic speakers from esynergy, ControlPlane, and Sysdig joining our June Cloud Native London meetup - our first in person since March 2020! We also had virtual attendees joining us via Rambly and the YouTube/Twitch livestreams.
Kicking off our evening was Chris Nesbitt-Smith from esynergy with a fun and lively discussion on Policy as [versioned] code (starting at 15:38). He talked about how:
- Policy often causes more harm than good, is slow to update, exemptions are harder still to manage, measuring compliance at scale is nigh on impossible.
- Throwing some curly braces at a problem is not the solution. Policy if it is articulated as code, needs to embrace all the best practices of code.
- Purposeless policy is potentially practically pointless. (now say it 5 times quickly)
Then we had Ric Featherstone from ControlPlane who told us to Throw Away Your Passwords: Trusting Workload Identity (starting at 52:59). His takeaways mentioned that:
- You can use Kubernetes as an Identity Provider for services outside of your cluster
- Restrict the usefulness of compromised ServiceAccount Tokens by using Bound Service Account Tokens
- Start to look at TPMs and TEEs for Hardware Roots of Trust
Finally we had Bruno Silva from Sysdig who wrapped up our evening with a talk on Cloud-Native Runtime Security with Sysdig & Falco (starting at 1:36:08). His takeaways talked about:
- Using Containers can bring some drawbacks concerning Security.
- Vulnerability management can’t avoid 0 Day’s threads.
- Using as a source of truth (Kernel, Cloud API logs, K8s Audit), tools like Falco can give you real-time information.
And of course, a group photo from Rambly!
Cloud Native London July
Our next meetup will be on Wednesday 6th July, when we’ll be in person and joined by speakers from InVideo, Microsoft, and Harness. RSVP and save the date now!.
Stay safe, stay healthy, and I’ll see you next month!