Container Security
How to Build Secure Applications Using Smart Controls
Watch our whiteboarding sessions to see how Trend Micro can enable you to build secure, ship fast, and run anywhere, without getting in the way of what you do best—building great applications.
Transcript
Hi, I'm Bharat Mistry, and I am a Security Strategist working for Trend Micro. I work across many organizations really looking to secure their application pipelines based on traditional CI/CD and cloud infrastructures
[00:00:19,02]
Today, we're going to be looking how smart controls can be used to help meet your compliance and security requirements.
[00:00:26,01]
But before we get into that, I quite often hear a lot of development and operations people saying security is getting in the way with a merger of DevOps that's certainly happening more and more. So let's understand why that is happening. First of all, our traditional security model, we still think about it as a perimeter cage with dedicated appliances enforcing those controls. It doesn't matter whether they're in the data centre or virtual or out in the cloud.
[00:00:56,19]
What this kind of leads to is we have a kind of perimeter mentality in terms of protection, but using these dedicated appliances and by their very nature, they're going to be very slow rate of change across it. And the biggest downfall I see is a lack of automation. This is what's causing security to be at the back of the chain and all too often forgotten about. So what do we need to do? We really need to change our thinking and think about security automation. We need to think about, well, we already have infrastructure as code whereby we define our virtual machines our applications stacks, our identity and access as code. We need to make that transition for security. We need to do security as code and define the stack in the same way, create the policies in the same way. In order to do that, there's some essential features we need to have. First one is to expose the platform through APIs. Those features, everything that you can do from the GUI should be able to be done from the API level. If we can do that, we can think about automating everything. If we automate everything, we can automate at scale without any human intervention and that ties back into our DevOps lifecycle. Finally, a kind of nirvana is to really bring in those CI/CD tools, especially at one time. So we have a platform called Deep Security. We have a myriad of smart controls which range from content inspection through to network inspection type services. We have the hooks into the infrastructure pipelines that we see. So the physical, virtual, Docker based workloads, and cloud based workloads. What we've done is we've created a rich set of rest API that allows either manual or automatic triggers to instrument change, those triggers can be coded up in common coding languages like Python, Ruby, Java, JavaScript, and what you can do is do mass deployment and mass change through the API onto the platform, across the hybrid infrastructure.
[00:03:28,31]
So in conclusion, the Deep Security platform provides advanced, frictionless security for the CI/CD pipelines, your traditional environment and your cloud environments for seamless compliance and protection and Zero-Day threat protection. Thank you.
Run Anywhere for DevOps
Ship Fast for DevOps
