Cloud Forum 2016 – Practical Security for DevOps in the Cloud

Xueshan Feng, Bruce Vincent, Scotty Logan, – Stanford

How secure do we need to be? Should be asking not “is it safe?” but “is it safe enough?”

Stanford’s Minimum Security Standards for Servers

“it’s an automated bear now” – not good enough to be just faster than the other guy.

Contracts are not security controls

Only coders need apply… coding is table stakes for ops now. “if you do it twice, code it!” (Xueshan). If you’re in a technical role and don’t code, reflect on your future. Automation, revision control (audit trail), scripted deployment, API integrations

Putting the IdP, LDAP, KDC, in the cloud in docker containers. 3 of each + masters for kdc and ldap. Run on CoreOS on EC2. Signed commits with git in gpg. Using gitcrypt (encrypting data in repos). CoreOS is self-patching – no compiler, no yum. Don’t need interactive logins, so don’t need to expose those ports. Not patching containers, but build new ones and deploy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s