On September 18th, 2018 I attended the Cloud Native Security Summit in New York City. This was an invitation-only event that gave Security and DevOps industry members an opportunity to hear from some of the brightest minds in InfoSec today. The event had about 100 attendees and was sponsored by Duo, Signal Sciences and Capsule 8 was extremely educational and thought provoking.
Chenxi Wang of Rain Capital really helped kick the morning off on the progress that’s been made in the last few years in the world of InfoSec, DevOps and DevSecOps. This talk by Chenxi really focused on a survey that was done by the sponsors of the Summit which asked questions of 486 senior-level IT and IT security decision makers. Some highlights from the survey included some of the following data points (the full report can be downloaded here):
- Cloud native (microservices, serverless, PaaS) is on the rise – 62% of companies rely on cloud native for more than half of their new applications; they expect this to increase this to 80% over the next three years.
- Cyberattacks are growing – 80% of businesses surveyed experienced year-over-year growth of at least 2x
- False positives are an issue – both for screening and the analytics produced to determine threat patterns.
Chenxi really did remind me of the threat many businesses have by not placing security as a top priority to their application deployment. While DevOps practices and tool implementation has greatly increased productivity for software developers, organizations still need to embed good security practices into teams.
Fireside chats were a big part of the day, I found the conversation with former RSA Chairman Art Coviello to be one of my favorites based on his frank nature. Concerns about the current state of global trade combined with a lack of experts in the security field have created a critical mass situation for global InfoSec. He spoke of a Cold War-era like battle between the US opposing nations which understand the idea of mutually assured destruction if impacting each other’s infrastructure such as the power grid. In the case of international terrorism, there is no fear of this, so the need to improve who businesses defend from continues to grow and become more complicated.
One of the highlights as well during the day was a panel made up of some of the industry’s brightest minds in InfoSec. Heather Adkins of Google, Melody Hidebrandt of 21st Century Fox, Jess Frazzelle of Microsoft and Brad Maiorino of Booz Allen. Conversations ranging from how to ensure video is transmitted from Moscow back to the US for the World cup and container security were all part of this wide ranging panel discussion.
The last fireside chat I got to attend before heading to my next appointment after this summit was seeing a chat with Stephen Fridakis, the CISO of HBO. The part of the conversation I took the most from was the strategy that HBO has to take in regards to cloud distribution and CDN access. Being able to serve all customers globally meant finding providers that would allow them to provide the same experience to all users regardless of cloud provider.
One big takeaway I had from this conference was the lack of educational resources sponsored by the US Government to help produce more people involved in InfoSec. While the industry continues to push the idea of security as a part of your entire development process, there’s a need for more people in forensics. With an increase in different types of attacks, especially those at impact the CPU, it will be important to increase the depth of knowledge in security students and professionals have. This was a great opportunity to get slightly out of the Ops/Infra world and see what is potentially next for security with cloud native applications. Whether it’s a new app running in a container or code that is executed as a Serverless task, it’s important to always consider the requirements around security.
Here are some great tweets from the event:
— Capsule8 (@capsule8) September 18, 2018
— Capsule8 (@capsule8) September 18, 2018
— Michelle Nguyen (@nguyenwin) September 18, 2018