SlideShare a Scribd company logo

Software Security For DevOps And Continuous Deployment In The Cloud

Download as PPTX, PDF
InterCon, profile picture
InterCon

The document discusses a keynote session from Intercon Vegas 2019, presented by Thomas R. Truitt, focusing on software security in DevOps and cloud deployment. It covers the evolution of software security, the importance of addressing both insider and external threats, and various security practices and standards. Additionally, it highlights the challenges and future of cloud computing security, emphasizing a shift towards more security provider agnostic solutions.

Internet
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
InterCon Vegas 2019 InterCon Vegas 2019 KEYNOTE SESSION IV: SOFTWARE SECURITY FOR DEVOPS AND CONTINUOUS DEPLOYMENT IN THE CLOUD SPEAKER: THOMAS R. TRUITT FOUNDER/PRESIDENT/CEO 19 JUNE 2019
2 InterCon Vegas 2019 InterCon Vegas 2019 Background of Speaker • Involved in Systems / Software Development for Large Scale Systems Since 1990 • Educated as Electrical Engineer at Virginia Tech in Blacksburg, Virginia. Studied Digital Signal Processing at Johns Hopkins University in Laurel, Maryland. • Works with large government and Fortune 500 organizations on building Enterprise Level software development “best- practices” to promote the use of Open Source software • Most recent focus is migrating from on-premise to cloud solutions using public/private clouds such as AWS, Azure, Google, and RedHat/OpenShift Container Platform
3 InterCon Vegas 2019 InterCon Vegas 2019 History of Security in Software Development • Coding 101 Security and the emergence of open source security standards • For more information review (OWASP) at https://www.owasp.org/
4 InterCon Vegas 2019 InterCon Vegas 2019 The Need for Software Security • Insider and External Threats • Authentication [Basic, Federation, Multi-Factor, Bio-Security] • Authorization [Attribute Based Access Control (ABAC), Role Based Access Control (RBAC)]
5 InterCon Vegas 2019 InterCon Vegas 2019 Security Breach Examples • Breach From Internet: – Office of Personnel Management (OPM) Security Breach Affecting Millions • Insider Security Breach: – Federal Bureau of Investigation (FBI) - Robert Hanssen – America Online Insider Threat • Visit List of Breaches at: https://en.wikipedia.org/wiki/List_of_data_breaches
6 InterCon Vegas 2019 InterCon Vegas 2019 Security – In the Beginning • On-Premise Security – Agile – Open Source – Patching – Log Monitoring/Analysis, SIEM Tools – Application Performance Management (APM) – Network Device Monitoring – Release/Build Process – Continuous Integration
7 InterCon Vegas 2019 InterCon Vegas 2019 Security – Today and Beyond • Continuous Deployment/Continuous Integration – DevOps, DevSecOps • Modern Software Tools – Maven, – GIT, – Atlassian Suite, – Jenkins, – Code Quality, – Puppet, – Chef • Security Standards (FedRAMP, FISMA, FIPS, PKI)
8 InterCon Vegas 2019 InterCon Vegas 2019 Challenges In the Cloud • Cross Domain Security • Single-Sign-On • Continuous Software Updates
9 InterCon Vegas 2019 InterCon Vegas 2019 Looking Forward: Cloud Computing Security • Cloud Computing to be more Security Provider Agnostic regardless of Cloud Server Provider • Example of Moving Security to the Cloud Edge with Akamai
10 InterCon Vegas 2019 InterCon Vegas 2019 Question and Answers • Speaker Contact Information – Thomas R. Truitt – 301-305-3116 cell – tom@ostcorp.net – http://www.ostcorp.net

More Related Content

PPT
Cyberterrorism final
sudheerreddy59
 
PPTX
Beyond The Dark Hacking Screen
Segun Ebenezer Olaniyan
 
PDF
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 
PPTX
Cyber terrorism by_Ali_Fahad
aliuet
 
PPTX
Keeping up with the Revolution in IT Security
Distil Networks
 
PDF
Ransomware ly
Lisa Young
 
PPTX
Cyberthreats: causes, consequences, prevention
moldovaictsummit2016
 
PPTX
Mobile Security Research Projects Help
Network Simulation Tools
 
Cyberterrorism final
sudheerreddy59
 
Beyond The Dark Hacking Screen
Segun Ebenezer Olaniyan
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Knowledge Group
 
Cyber terrorism by_Ali_Fahad
aliuet
 
Keeping up with the Revolution in IT Security
Distil Networks
 
Ransomware ly
Lisa Young
 
Cyberthreats: causes, consequences, prevention
moldovaictsummit2016
 
Mobile Security Research Projects Help
Network Simulation Tools
 

What's hot (20)

PDF
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Arun Kannoth
 
PPTX
Cyber Security
rahulbhardwaj312501
 
PDF
CybersecurityTFReport2016 PRINT
Aimee Shuck
 
PPTX
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
PPTX
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24
 
PPTX
Information Security Engineering
Md. Hasan Basri (Angel)
 
PPT
28658043 cyber-terrorism
Dharani Adusumalli
 
PDF
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
PPTX
Cyber terrorism
Balvant Biradar
 
PPTX
Mobile security
CyberoamAcademy
 
PPTX
Cyber Security
ADGP, Public Grivences, Bangalore
 
PDF
Cyber Security and the National Central Banks
Community Protection Forum
 
PDF
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
PPTX
Cybersecurity Risks In the Mobile Environment
Hamilton Turner
 
PDF
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
PPTX
Securing the Cloud
GGV Capital
 
PDF
Cyber security-briefing-presentation
sathiyamaha
 
PPTX
Cyber terrorism
Hiren Selani
 
PDF
ICANN Security, Stability and Resiliency Plans & Framework
Bangladesh Network Operators Group
 
PPTX
The Future of Cybersecurity - October 2015
Security Innovation
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Arun Kannoth
 
Cyber Security
rahulbhardwaj312501
 
CybersecurityTFReport2016 PRINT
Aimee Shuck
 
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24
 
Information Security Engineering
Md. Hasan Basri (Angel)
 
28658043 cyber-terrorism
Dharani Adusumalli
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Cyber terrorism
Balvant Biradar
 
Mobile security
CyberoamAcademy
 
Cyber Security
ADGP, Public Grivences, Bangalore
 
Cyber Security and the National Central Banks
Community Protection Forum
 
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
Cybersecurity Risks In the Mobile Environment
Hamilton Turner
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
Securing the Cloud
GGV Capital
 
Cyber security-briefing-presentation
sathiyamaha
 
Cyber terrorism
Hiren Selani
 
ICANN Security, Stability and Resiliency Plans & Framework
Bangladesh Network Operators Group
 
The Future of Cybersecurity - October 2015
Security Innovation
 
Ad

Similar to Software Security For DevOps And Continuous Deployment In The Cloud (20)

PDF
Shift Left Security
BATbern
 
PDF
Coding Secure Infrastructure in the Cloud using the PIE framework
James Wickett
 
PPTX
Security on AWS, 2021 Edition Meetup
CloudHesive
 
PPTX
Security on AWS, 2021 Edition Meetup
CloudHesive
 
PDF
Pulse 2013 Session Roadmap for Financial Services
Steve Cole
 
PDF
Pulse 2013 Financial Services Sector Industry Roaadmap
annualexander
 
PPTX
Top Application Security Trends of 2012
DaveEdwards12
 
PDF
Why AppSec Matters
InnoTech
 
PPT
Mr. desmond cloud security_format
MULTIMATICS_ID
 
PPTX
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
PPTX
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
PDF
The Future of Software Security Assurance
Rafal Los
 
PDF
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
PPTX
Agile Gurugram Conference 2020 | Keeping software secure in agile | Gurpreet ...
AgileNetwork
 
PPTX
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
 
PDF
Practical Security for Agile and DevOps 1st Edition Mark S Merkow
hariomtapang
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
PPTX
Security on AWS
CloudHesive
 
PDF
Who Owns Software Security?
ColdFusionConference
 
PDF
Who owns Software Security
devObjective
 
Shift Left Security
BATbern
 
Coding Secure Infrastructure in the Cloud using the PIE framework
James Wickett
 
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Pulse 2013 Session Roadmap for Financial Services
Steve Cole
 
Pulse 2013 Financial Services Sector Industry Roaadmap
annualexander
 
Top Application Security Trends of 2012
DaveEdwards12
 
Why AppSec Matters
InnoTech
 
Mr. desmond cloud security_format
MULTIMATICS_ID
 
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
The Future of Software Security Assurance
Rafal Los
 
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
Agile Gurugram Conference 2020 | Keeping software secure in agile | Gurpreet ...
AgileNetwork
 
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
 
Practical Security for Agile and DevOps 1st Edition Mark S Merkow
hariomtapang
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Security on AWS
CloudHesive
 
Who Owns Software Security?
ColdFusionConference
 
Who owns Software Security
devObjective
 
Ad

More from InterCon (18)

PDF
Getting Started With IoT – Guidebook: Presented by Anu Taksali, CEO of Dhanuk...
InterCon
 
PDF
Cross Border Blockchain Equity/Capital Market Services And Compliance: Presen...
InterCon
 
PPTX
Transitioning Your Business Model - From Services To Subscriptions: Presented...
InterCon
 
PPTX
IoT Now And In The Future: Presented by Niroshan Madampitige, Head of Deliver...
InterCon
 
PPTX
Data is the New Oil: Presented By Naveen Narayanan, Global Client Partner of ...
InterCon
 
PDF
Can Blockchain Disrupt Or Even Destroy The Cloud? : Presented by Suhas Patil,...
InterCon
 
PDF
E-Commerce Automation: Presented by Siddhartha Choudhary, Co-Founder & CEO of...
InterCon
 
PDF
5G Technology - The Future of Internet
InterCon
 
PDF
Transitioning Your Business Model - From Services To SaaS
InterCon
 
PPTX
ML Will Redesign, Not Replace, Jobs
InterCon
 
PPTX
Blockchain Applications Transforming Society
InterCon
 
PPTX
How Are AI And ML Transforming Decision Making?
InterCon
 
PPTX
Boosting App Installs
InterCon
 
PPTX
Blockchain, Smart Contracts & IoT
InterCon
 
PPTX
Deep Reinforcement Leaning In Machine Learning
InterCon
 
PPTX
Phishing Attacks and Trends in Cloud Computing
InterCon
 
PPTX
IoT - Understanding The Shift To Edge Computing
InterCon
 
PPTX
IoT Data - Like No Data We have Ever Seen
InterCon
 
Getting Started With IoT – Guidebook: Presented by Anu Taksali, CEO of Dhanuk...
InterCon
 
Cross Border Blockchain Equity/Capital Market Services And Compliance: Presen...
InterCon
 
Transitioning Your Business Model - From Services To Subscriptions: Presented...
InterCon
 
IoT Now And In The Future: Presented by Niroshan Madampitige, Head of Deliver...
InterCon
 
Data is the New Oil: Presented By Naveen Narayanan, Global Client Partner of ...
InterCon
 
Can Blockchain Disrupt Or Even Destroy The Cloud? : Presented by Suhas Patil,...
InterCon
 
E-Commerce Automation: Presented by Siddhartha Choudhary, Co-Founder & CEO of...
InterCon
 
5G Technology - The Future of Internet
InterCon
 
Transitioning Your Business Model - From Services To SaaS
InterCon
 
ML Will Redesign, Not Replace, Jobs
InterCon
 
Blockchain Applications Transforming Society
InterCon
 
How Are AI And ML Transforming Decision Making?
InterCon
 
Boosting App Installs
InterCon
 
Blockchain, Smart Contracts & IoT
InterCon
 
Deep Reinforcement Leaning In Machine Learning
InterCon
 
Phishing Attacks and Trends in Cloud Computing
InterCon
 
IoT - Understanding The Shift To Edge Computing
InterCon
 
IoT Data - Like No Data We have Ever Seen
InterCon
 

Recently uploaded (20)

PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
artificial intelligence overview of it and more
yafotin445
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Internet___Basics___Styled_ presentation
poonam62133
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 

Software Security For DevOps And Continuous Deployment In The Cloud

  • 1. InterCon Vegas 2019 InterCon Vegas 2019 KEYNOTE SESSION IV: SOFTWARE SECURITY FOR DEVOPS AND CONTINUOUS DEPLOYMENT IN THE CLOUD SPEAKER: THOMAS R. TRUITT FOUNDER/PRESIDENT/CEO 19 JUNE 2019
  • 2. 2 InterCon Vegas 2019 InterCon Vegas 2019 Background of Speaker • Involved in Systems / Software Development for Large Scale Systems Since 1990 • Educated as Electrical Engineer at Virginia Tech in Blacksburg, Virginia. Studied Digital Signal Processing at Johns Hopkins University in Laurel, Maryland. • Works with large government and Fortune 500 organizations on building Enterprise Level software development “best- practices” to promote the use of Open Source software • Most recent focus is migrating from on-premise to cloud solutions using public/private clouds such as AWS, Azure, Google, and RedHat/OpenShift Container Platform
  • 3. 3 InterCon Vegas 2019 InterCon Vegas 2019 History of Security in Software Development • Coding 101 Security and the emergence of open source security standards • For more information review (OWASP) at https://www.owasp.org/
  • 4. 4 InterCon Vegas 2019 InterCon Vegas 2019 The Need for Software Security • Insider and External Threats • Authentication [Basic, Federation, Multi-Factor, Bio-Security] • Authorization [Attribute Based Access Control (ABAC), Role Based Access Control (RBAC)]
  • 5. 5 InterCon Vegas 2019 InterCon Vegas 2019 Security Breach Examples • Breach From Internet: – Office of Personnel Management (OPM) Security Breach Affecting Millions • Insider Security Breach: – Federal Bureau of Investigation (FBI) - Robert Hanssen – America Online Insider Threat • Visit List of Breaches at: https://en.wikipedia.org/wiki/List_of_data_breaches
  • 6. 6 InterCon Vegas 2019 InterCon Vegas 2019 Security – In the Beginning • On-Premise Security – Agile – Open Source – Patching – Log Monitoring/Analysis, SIEM Tools – Application Performance Management (APM) – Network Device Monitoring – Release/Build Process – Continuous Integration
  • 7. 7 InterCon Vegas 2019 InterCon Vegas 2019 Security – Today and Beyond • Continuous Deployment/Continuous Integration – DevOps, DevSecOps • Modern Software Tools – Maven, – GIT, – Atlassian Suite, – Jenkins, – Code Quality, – Puppet, – Chef • Security Standards (FedRAMP, FISMA, FIPS, PKI)
  • 8. 8 InterCon Vegas 2019 InterCon Vegas 2019 Challenges In the Cloud • Cross Domain Security • Single-Sign-On • Continuous Software Updates
  • 9. 9 InterCon Vegas 2019 InterCon Vegas 2019 Looking Forward: Cloud Computing Security • Cloud Computing to be more Security Provider Agnostic regardless of Cloud Server Provider • Example of Moving Security to the Cloud Edge with Akamai
  • 10. 10 InterCon Vegas 2019 InterCon Vegas 2019 Question and Answers • Speaker Contact Information – Thomas R. Truitt – 301-305-3116 cell – tom@ostcorp.net – http://www.ostcorp.net