11-11, 15:45–16:15 (MST), Flex Space
A new era of cloud-native applications that are secure by default is emerging. From zero-vulnerability container images to container runtime isolation, we’ll learn how to build secure-by-default Kubernetes applications that don't require complex policy configuration or constant log monitoring.
Kubernetes has come a long way in 10 years, but we’ve yet to achieve secure defaults. Kubernetes users must abandon default configurations to harden their environments and ward off attackers. Keeping up with an ever-growing list of security tools with complex configurations increases the cognitive load and technical debt required to secure workloads. We believe this is no longer tenable.
A new era of cloud-native applications that are secure by default is emerging. From zero-vulnerability container images to container runtime isolation, we’ll learn how to build secure-by-default Kubernetes applications that don't require complex policy configuration or constant log monitoring. Security can truly be the default.
This talk will show how just a few lines of yaml can yield a secure-by-default configuration in your existing Kubernetes environments. Instead of deploying another monitoring agent, dashboard of catastrophes, or doom-scrolling security logs, we’ll deploy vulnerability-free container images running in a secure sandbox.
Secure-by-default reduces toil and technical debt, so platform teams can focus on reliability and scale without being bogged down with vulnerabilities and alerts.
Jed Salazar started his Security and SRE journey working on Borg clusters and securing Alphabet companies at Google. He's passionate about security and SRE and spreading knowledge to benefit everyone in the community. In his free time, he enjoys trail running in the mountains.
