It’s a month full of conferences and as promised we are back with our 2nd episode this week to bring you the cloud security highlights from KubeCon. In this episode we will share some of our team’s favourite from Kubecon 2021 North America
If you aren’t quite familiar with the wonderful world of Kubernetes, there are a few weird and wonderful open source acronyms in today’s episode. TUF refers to The Update Framework, SPIFFE refers to Secure Production Identity Framework for Everyone SPIFFE, SPIRE is the SPIFFE’s Runtime Environment). Now that we are all across cool Kube words – lets into the talks
- Starting off with the talk from Andrew Martin, Co-Founder of Control Plane and Author of Hacking Kubernetes and Kubernetes Threat Modelling. He spoke about Kubernetes Supply Chain Security – he showcased work to build a Kubernetes Software Factory with Tekton and Deep dived on signing and verification approaches to securely build software with (TUF) SPIFFE, SPIRE and sigstore
- Ian Coldwater from Twilio; Brad Geesaman & Rory McCune from Aqua Security Duffie Cooley from Isovalent combined forces to share with the community how they do security research or hacking Kubenetes clusters using a recently discovered Kubernetes CVE (Common Vulnerability and exposure) – Their talk was called Exploiting a Slightly Peculiar Volume Configuration with SIG-Honk
- Matt Jarvis from Synk shared what to do if your container has a huge number of Vulnerabilities – how to prioritise them and remediate them in his talk My Container Image has 500 Vulnerabilities, Now What?
- Talking about containers and Vulnerability scanning If you want to know about how vulnerability scanners work, their blind spots and how to implement a practical risk based approach to remedy vulnerabilities that really matter to your organisation – check out Pushkar Joglekar’s Keeping Up with the CVEs: How to Find a Needle in a Haystack?
- If you find yourself asking “How do I access my S3 bucket in AWS from my GCP cluster?” Brandon Lum & Mariusz Sabath, IBM may have the answer for you in their talk Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak where they talk about a proposed shift in the perspective of workload identity from being “platform specific” to “organization wide” using SPIFFE/SPIRE and the new SPIFFE Tornjak project.