SecDevOps 2.0 - Managing Your Robot Army(A.K.A Securing your Cattle from Rustlers)

Josh BregmanVice President/Evangelist

@kingoauth

Elizabeth Lawler - CEO/Founder Conjur, Inc.

Elizabeth Lawler is CEO and Co-founder of Conjur,

Inc., a security company which focuses on

security for next generation infrastructure. Lawler

has over 20 years of experience working in highly

regulated and sensitive data environments. Prior

to founding Conjur, she was Chief Data Officer of

Generation Health and held a leadership position

in research at the Department of Veterans Affairs.

She has been a programmer herself, and is

constantly working to make software

development and IT systems easier to manage for

people working in regulated industries.Elizabeth’s RSA Presentation “Is DevOps Breaking your Company?” is still available on line

Josh Bregman - “Enterprise Guy”/Evangelist

Josh has 20 years experience successfully

architecting, evangelizing, and delivering

innovative identity management and security

products to customers. Prior to joining Conjur ,

Josh spent a decade as a solutions and pre-

sales leader in the Oracle ecosystem. A

developer at heart, early in his career Josh

worked as a software engineer at IBM, GTE

Labs, and Netegrity. He has 2 U.S. patents and

received a B.A. in Math from the University of

Rochester in 1995. Elizabeth’s RSA Presentation “Is DevOps Breaking your Company?” is still available on line

My Hiring Process at Conjur - Pets vs. Cattle

◁ Conjur is in a “hot” space - just out of stealth

◁ Team dynamic is SUPER important

◁ Project Based Interview

“We secure cattle. Put together some go-to market materials”

Securing Cattle from Rustlers – Step 1

● Maintain Good Records of the Cattle that You Own

Securing Cattle from Rustlers – Step 6

● Keep an eye out for suspicious activity

Securing Cattle from Rustlers – Step 2

● Make sure all of your cattle have their tags and/or have been branded with the brand of your farm or ranch

Securing Cattle from Rustlers – Step 4

● Ensure the proper location of your handling facilities or loading areas meet farm bio-security measures

My Hiring Process at Conjur - Pets vs. Cattle - cont

◁ Got some more guidance from Elizabeth

When you treat your servers like Cattle, this introduces a number of security challenges...

“...actually Josh, Pets vs. Cattle is a common meme in DevOps”

SecDevOps 1.0: Current State of Evolution

◆ Source Control◆ Automated Build and Test◆ Configuration Management◆ Orchestration◆ Software-Defined

Networking◆ Monitoring

SecDevOps 1.0 - Challenges

◁ Lack of Visibility

⊃ Compliance Challenges

◁ Wrong Tool for the Job

⊃ Production Only-Workflows

⊃ Human Bottlenecks

⊃ Conflation of Concerns

◁ Configuration Management as DIY

Security System

What is SecDevOps 2.0?

Security Orchestration SystemRBAC for people, machines and code | Self Auditing |Fully programmable with fine granularity | Highly

available across any cloud, hybrid and global architecture |End to end encryption

DevOps Enabled EnterpriseUsers

Process Environment

SecDevOps 2.0 - Reference Architecture

Security Orchestration System

DevOps Toolchain Process Environment

.secrets

Cauldron

Cauldron Driver

SCM/CM/CI

HostFactory

SecretsStorage

SDF

“Host” - xxx

Serviceto Service

Access

SSHAccess

Policy

Users

SecDevOps 2.0 - Continuous Secrets Delivery

Policy

Cauldron/.secrets

Host Factory

HighAvailability

Tools

● 5 step process based on years of delivering secrets management solutions to highly regulated industries

● Skipping steps will result in issues down the road and cause disruption and delay

● DIY projects that start with tools and then try to work backward are extremely difficult

SECRETS SOURCE(Vault,

Keywhiz, AWS IAM…)

SUMMON

PROCESS ENVIRONMENT

DOCKER CONTAINER

Summon uses a pluggable secrets provider to load secrets into the environment of an application, service or container.

Introducing Summon

Get Involved in Cauldron

● Summon is coming soon○ Sign up to be notified when it’s ready!○ If you’re doing DIY or even using another open source

project, you can build a driver - spread the word!● Try to adopt the Continuous Secrets Delivery approach

○ If you think it’s no good, let’s hash it out - join the discussion #cauldron

● Get Connected○ Follow us on Twitter and LinkedIn

@ConjurInc

www.conjur.net

Thank you!