DevOps Done Right With Infrastructure-as-Code Security

Logo
Presented by

Charles Kim, Solution Architect, Indeni

About this talk

Security is often perceived as a drag on the required speed and agility of development. Legacy approaches to security happen late in the development process ultimately slowing down delivery. In this session, we’ll share how to automate and integrate your security programs into the DevOps pipeline preventing insecure cloud infrastructure from being deployed. We’ll show the ability to merge a planned environment (infrastructure-as-code files) with a runtime environment to predict security exposures that would occur before the infrastructure-as-code is deployed. Learn how we catch common cloud security issues in CI such as: Privilege escalation in AWS due to overly permissive IAM permissions Sharing IAM roles for resources in public & private subnets may not be a good idea
Related topics:

More from this channel

Upcoming talks (7)
On-demand talks (352)
Subscribers (64056)
The Enterprise Architecture channel presents the next generation of Enterprise IT: recognizing the strategic importance of digital transformation and the data center to make companies more nimble and competitive. These presentations will help demanding IT and BizOps professionals achieve flexibility, scalability and performance with reduced risk and complexity.