Securing Your Cloud-Native DevOps: A Zero Trust Approach

Monday, October 14, 2024

2:55pm – 3:55pm PT

Location: Roman II

CPE Credits 1

Speaker(s)

Emma Yuan Fang, MSc, CISSP

Senior Manager, Senior Cloud Security Architect
EPAM Systems, United Kingdom

In modern software development, organizations often embrace cloud-native development and multi-cloud to build highly scalable, flexible and resilient applications. However, these trends also introduce complexity and unique security challenges, leaving the DevOps environment and CI/CD pipelines vulnerable to threats like supply chain attacks and lateral movements. Consequently, It's crucial for organizations to rethink their strategies towards DevOps and pipeline security.

This talk aims to address cloud-native security challenges in DevOps, through the lens of the Zero Trust Model's core principles. Drawing insights from industry studies and past incidents, the talk discusses the DevOps threat landscape. It wraps up by offering actionable guidance for implementing Zero Trust Security to protect the CI/CD pipeline, highlighting key priorities and capabilities to consider in DevOps security.

Learning Objectives:

Understand the threat landscapes in DevOps and CI/CD pipelines, including examples of real-world attacks.
Explain the key principles of the Zero Trust model and how they translate into security controls within the DevOps context. Also, understand the importance and benefits of applying this approach to ensure that the DevOps workflow is secure and compliant.
Understand the strategies and best practices for implementing Zero Trust controls into your DevOps environment and strengthening security at every stage of your CI/CD pipelines.