Secure Your Pipeline While Keeping Your Developers and Admins Happy
0 likes23 views
The document discusses the importance of secure identity management in cloud-native systems, highlighting Tremolo Security's expertise in this area since its founding in 2010. It outlines the different perspectives of developers, administrators, and security professionals regarding managing access and workflows within multi-environment OpenShift pipelines. The content emphasizes the need for accountability, automation, and auditability in the deployment process.
Secure Your Pipeline While Keeping Your Developers and Admins Happy
- 1. Secure Your Pipeline While Keeping Your Developers and Admins Happy http://tremolo.io
- 2. http://tremolo.io Who Is Tremolo Security? ● Founded in 2010 ● Cloud Native Identity Management ● Open Source ● Working with OpenShift since 2015 ● First class of Red Hat certified containers ● First class of Red Hat certified operators
- 3. http://tremolo.io Kubernetes - A Rube Goldberg Machine
- 6. http://tremolo.io How To Get There - Developer ● LET ME CODE ● YAML? ● I like Git
- 7. http://tremolo.io How To Get There - Administrator ● Slack gives me a nervous tick ● You need access to what? ● OK Google, how to add a user to a group? ● Ms Auditor, I have no idea why that person has access ● Why did we do a rollout of that service on a Friday? Not sure. No one asked me.
- 8. http://tremolo.io How To Get There - Security ● Why are all these projects here? ● Who approved access? ● MFA? ● You are running different environments, right? ● You’re scanning everything, right? promise?
- 9. http://tremolo.io Why Is Identity Management Important? ● “Pipeline” is made of multiple systems
- 10. http://tremolo.io Why Is Identity Management Important? ● Walk A Path ○ Single trail through systems ○ Map every action to an owner ○ Accountability ○ Toll gates and approvals ● Automate the process ○ Workflows provide consistent deployments ○ Auditability at each step
- 11. http://tremolo.io Multi-Environment OCP Pipeline
- 12. http://tremolo.io “Dev” Pipeline Checkout Build Code Analysis Create Container Push to Test On merge to master:
- 13. http://tremolo.io Production Pipeline Responsible Dev Requests Production Deployment Approved? Push container to production Yes
- 17. Connect with us ● Web - http://tremolo.io ● Twitter - @tremolosecurity / @mlbiam ● Github - http://github.com/tremolosecurity/