03-18, 17:05–17:35 (Europe/Paris), Arena
Imagine the inevitable has already happened—you’ve had a security breach—and you’re now dealing with the aftermath. Organisations must act fast to ensure business returns to operations quickly while also figuring out how to prevent similar incidents in the future. By adopting new use cases, engineering teams are simultaneously accelerating the deployment of sensitive data across multi-cloud architectures and tapping into new risk factors.
In this talk, we will use the “Data Security Bang” analogy and learnings from resilience engineering to answer questions such as: How could we do more left of bang (prevention) to help with the speed of right of bang (remediation)? The audience will be guided through a set of example scenarios using Kanister, OPA, and Prometheus, in which they can make decisions on data security to guide the way towards a more robust infrastructure.
Both speakers combine their expertise to bring more awareness to data security. Anais has several years of experience in the cloud native security space, where she has helped dozens of users to implement open source security scanning with Trivy. Michael Cade is an expert in all things data storage and management for cloud native environments.
A lot of the time, people will talk in isolation about both topics. Resulting, security professionals are unaware of database management processes and, thus, do not provide the right guidance on preventing and dealing with incidents.
Looking at this table of data breaches from 2021: https://github.com/rapid7/data/blob/main/2021-cloud-misconfigurations/2021-cloud-misconfigurations.csv
Most misconfiguration issues expose customer/user data publicly due to misconfigured and insecure data storage. This risk can be minimised through the right policies and security scanning.
However, in cases where no misconfiguration is identified, our data security depends on the right data protection and disaster recovery strategies to ensure the availability of our data services.
In this talk, the speakers will go through trial incidents ("the bang") to showcase the best strategies for minimising the damage to businesses and customers and also to share strategies for reducing the risk of similar issues in the future.
Anaïs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as SRE at Civo, a cloud native service provider, where she worked on infrastructure for hundreds of tenant clusters. Her passion lies in making tools and platforms more accessible to developers and community members.