Cloud Native Security 101 - Building Blocks, Patterns and Best Practices

Explore the fundamentals of cloud native security in this 34-minute conference talk by Rafik Harabi from Sysdig. Dive into the building blocks, patterns, and best practices for securing cloud native applications. Learn about the multidimensional challenges involved in cloud security, including new acronyms like CWPP, CSPM, and KSPM. Discover various attack vectors and areas that require protection in cloud and Kubernetes environments. Gain insights into implementing continuous security practices without compromising innovation. Understand the roles of different teams and personas involved in the lifecycle of cloud native applications and how they can collaborate effectively. Explore topics such as container vulnerability prioritization, image signing, admission control patterns, and continuous compliance. Walk away with actionable takeaways to enhance your cloud native security strategy.

Intro
Anatomy of Cloud Native Application
Cloud Native Acronym
CNAPP Building Blocks
Cloud Attack Vectors
Kubernetes Attack Vectors
Container Workload Attack Vectors
Lifecycle of Cloud Native Application
Secure Cloud Native Application
Container In-Use vulnerabilities Prioritization
Container Image Signing
Gatekeeper pattern (AC)
Base Image & Layer Analysis
Continuous & Actionable Compliance
Risk Assessment and Prioritization
Cloud Security Personas
DevSecOps (workload integrity)
DevSecOps (Admission Controller)
laC security (build phase)
Takeaways