Program Speakers: Jody Hunt, Director of DevOps Security @CyberArk
How can we make handling secrets in Cloud Native environments less challenging and painful? Virtually all applications requires some sort of secret, such as a database password, a service token or a certificate to establish secure connections and access sensitive data. The growing popularity of Kubernetes in the last few years has gotten the attention of attackers and raised the stakes for developers. Now, many developers and DevOps engineers are searching for the capabilities to properly secure secrets in Kubernetes services.
The burden of secrets management can be as frustrating for developers as it is scary for security teams. To do their job, developers need to write applications that require secure access to resources – such as databases, SSH servers and HTTPS based resources – via secrets and, to do their jobs, security teams need to mitigate risk. This can lead to contention between developers and security teams, but it doesn’t need to.
This webinar discusses best practices for securing application access within Kubernetes, and the challenges of secrets management. It will demo open source secrets management solutions like Kubernetes Secrets and Conjur for securing access, enforcing policy and authenticating access requests when working with CNCF projects like Kubernetes. In addition, we’ll demo how applications securely access databases and other sensitive resources without requiring secrets, by using the Secretless pattern.
Attendees will learn how to build secure Kubernetes applications faster without having to be a security expert, what secret zero is, the importance of strong authentication and how developers can work more effectively with security teams.