Liz Fong-Jones (方禮真) Profile picture
Oct 3, 2018 19 tweets 8 min read Read on X
My colleague @sethvargo on microservice security at #VelocityConf: traditionally we've thought of traditional security as all-or-nothing -- that you put the biggest possible padlock on your perimeter, and you have a secure zone and untrusted zone.
@sethvargo We know that monoliths don't actually work, so we're moving towards microservices. But how does this change your security model?

You might have a loadbalancer that has software-defined rules. And you have a variety of compartmentalized networks. #VelocityConf
You might also be communicating with managed services such as Cloud SQL that are outside of your security perimeter.

You no longer have one resource, firewall, loadbalancer, and security team. You have many. Including "Chris." #VelocityConf
In this new world, you can't just wrap your code in one firewall. Especially if you have multiple cloud providers with non-interoperable security systems.

Instead we need to think about defense in depth and layers and degrees of trustedness. #VelocityConf
What can you practically do? Cloud providers can help with this, for example by taking care of threat analysis and proactive fixes for things that aren't in your threat model but are in theirs. hi @taviso and co! #VelocityConf
and using a cloud provider also takes care of your physical security needs so you don't need to worry about controlling access to colocated cages. and the boot path.

You'll also need automated vulnerability scanning to detect issues. #VelocityConf
What does modern security look like?

(1) add encryption everywhere. Encrypt things at rest. And if you want to control your keys, you can get your provider to give you CSEK. Encrypt in transit with TLS.
(2) Make sure your permissions can be quickly revoked. #VelocityConf
(2a) You need to be able to issue them quickly and revoke them. With automation.

You shouldn't need to hardcode your usernames and passwords in config files, least of all files checked into public Github... #VelocityConf
And you need to be able to get provenance of your accesses -- which is impossible if you're sharing credentials between different users and services. #VelocityConf
(3) Which means you need security APIs and write down/adhere to your best practices. And actually make sure your best practices are *usable* by real people without PhDs in cryptography. #VelocityConf
It's not fair or secure for developers to have to make security decisions. Inevitably someone will make a decision that makes your security worse. Instead, provide easy to use APIs that do the right thing and can be fixed *once*, not N times. #VelocityConf
So this is the problem that Vault, an open source tool developed by @HashiCorp is trying to solve - making it possible to generate time-limited tokens with provenance on the fly, etc. [cue live demo] #VelocityConf
[ed: loving how each secret has a "deletion time", versioning, and whether it's been deleted] #VelocityConf
but you can also store ciphertext, and entrust vault only with generating and keeping the keys. We can ask vault to encrypt/decrypt data to those keys, but it doesn't persist the ciphertext or plaintext. So we can store the ciphertext in our databases separately. #VelocityConf
it's easy to rotate our keys, to make sure they aren't bruteforced before rotated (which makes regulators happier and you happier).

So now how does this work with our applications? #VelocityConf
[ed: I'm starting to perceive Vault as a distsys/software equivalent to the TPM/HSM...] #VelocityConf
Vault also can generate TOTP tokens and handle 2FA for your customers & administrators. #VelocityConf
and it has an awesome plugin system that's extensible. (e.g. for generating diceware passwords or random symbolic passwords) #VelocityConf
Not going to tweet the URL of Seth's demo instance and save it for the people in the room to play with. But it interacts well with k8s and is highly available. github.com/sethvargo/vaul… to spin up your own. [fin] #VelocityConf

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Liz Fong-Jones (方禮真)

Liz Fong-Jones (方禮真) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lizthegrey

Oct 3, 2018
Final talk I'll be getting to at #VelocityConf before I dash to Toronto: @IanColdwater on improving container security on k8s.
@IanColdwater She focuses on hardening her employer's cloud container infrastructure, including doing work on k8s.

She also was an ethical hacker before she went into DevOps and DevSecOps. #VelocityConf
She travels around doing competitive hacking with CTFs. It's important to think like an attacker rather than assuming good intents and nice user personas that use our features in the way the devs intended things to be used. #VelocityConf
Read 36 tweets
Oct 3, 2018
Leading off the k8s track today is @krisnova on migrating monoliths to k8s! #VelocityConf
@krisnova [ed: p.s. her ponies and rainbows dress is A+++]

She starts by providing a resources link: j.hept.io/velocity-nyc-2…

The problems we're solving:
(1) why are monoliths harder to migrate?
(2) Should you?
(3) How do I start?
(4) Best practices #VelocityConf
.@krisnova is a Gaypher (gay gopher), is a k8s maintainer, and is involved in two k8s SIGs (cluster lifecycle & aws, but she likes all the clouds. depending upon the day). And she did SRE before becoming a Dev Advocate! #VelocityConf
Read 29 tweets
Oct 3, 2018
Final keynote block: @lxt of Mozilla on practical ethics and user data. #VelocityConf
@lxt And also ethics of experimentation!

"just collect data and figure out later how you'll use it" doesn't work any more. #VelocityConf
We used to be optimistic before we ruined everything.

Mozilla also used to not collect data, and only had data on number of downloads, but its market share went down because they weren't measuring user satisfaction and actual usage. #VelocityConf
Read 25 tweets
Oct 3, 2018
Next up is @mrb_bk on why marketing matters. #VelocityConf
@mrb_bk Hypothesis: marketing >> code in terms of software adoption. [ed: and this is why I became a developer advocate!] #VelocityConf
You need to consider community early when developing a product.

Always ask, "Why do people matter?" "Why does adoption matter?" #VelocityConf
Read 17 tweets
Oct 3, 2018
Next up is @rogerm on O'Reilly's insights into trends with Radar. #VelocityConf
@rogerm They look at changes in search terms year on year; the two largest increases are k8s and blockchain. #VelocityConf
People are becoming less interested in broader topics and more interested in specific technologies e.g. pytorch. #VelocityConf
Read 5 tweets
Oct 3, 2018
Next is my colleague @rakyll on distributed tracing!! #VelocityConf
@rakyll In a big city, you learn to deal with large scale and navigating your way around, in an environment that has a lot of chaos and data.

And sometimes things don't go according to plan if you encounter construction, etc. along the way. #VelocityConf
It doesn't matter where the error happened, from a user's perspective, it's a failure to them.

Maybe we're doing better at @GCPcloud, but there are lots of opportunities to improve still, says @rakyll. #VelocityConf
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(