InfoQ Homepage Cloud Security Content on InfoQ
-
Trust No One: Securing the Modern Software Supply Chain with Zero Trust
Emma Yuan Fang discusses how to apply Zero Trust principles to secure the software supply chain and CI/CD pipeline, detailing mitigation for major attacks like SolarWinds and dependency confusion.
/presentations/trust-security-cloud-native/en/mediumimage/emma-yuan-fang-medium-1763029652621.jpg)
-
The Way We Manage Compliance is Wrong… and is Changing! Bringing DevOps Principles to Controls and Audit
Ian Miell shares the open-source Continuous Compliance Framework, discussing how to revolutionize audits. He explains shifting from periodic checks to continuous monitoring with DevOps and OSCAL.
/presentations/compliance-devops-management/en/mediumimage/ian-miell-medium-1761032906689.jpg)
-
One Network: Cloud-Agnostic Service and Policy-Oriented Network Architecture
Anna Berenberg reveals Google's shift to One Network, streamlining diverse infrastructures to enhance developer velocity and policy management.
/presentations/policy-network-architecture/en/mediumimage/anna-berenberg-medium-1751622407858.jpg)
-
How DoorDash Ensures Velocity and Reliability through Policy Automation
Lin Du discusses the details of their approach at DoorDash; how they enabled their engineers to self-serve infrastructure through policy automation while ensuring both reliability and high velocity.
/presentations/policy-automation-velocity-reliability/en/mediumimage/LinDu-medium-1706689451713.jpg)
-
Programming Your Policies: Exploring Open Policy Agent and More
Justin Cormack discusses how to deal with policies, what the business drivers are, how it affects developers, compliance and security departments, and the cultural and communication changes there.
/presentations/policy-dealing-with/en/mediumimage/Justin-Cormack-medium-1691573825461.jpg)
-
Cloud DevSecOps in Practice: People, Processes and Tools
The panelists discuss how to get the right security, DevOps, and cloud engineering stakeholders together to build a realistic DevSecOps strategy.
/presentations/cloud-devsecops-strategy/en/mediumimage/infoq-live-logo-m-1647596251841.jpg)
-
Let Devs Be Devs: Abstracting away Compliance and Reliability to Accelerate Modern Cloud Deployments
Rahul Arya shares how they built a platform to abstract away compliance, make reliability with Chaos Engineering completely self-serve, and enable developers to ship code faster.
/presentations/compliance-jpmorgan/en/mediumimage/Rabig-1607696926422.JPG)
-
Policy Enforcement on Kubernetes with Open Policy Agent
Aleks Saul and Jaime Gonzalez Aguilar introduce Rego, the language used to describe OPA policies, recent updates to OPA, and break down sample policies for common use cases.
/presentations/rego-opa/en/mediumimage/Alebig-1591521264640.JPG)
-
Security and Compliance Theater - The Seventh Deadly Disease
John Willis describes the “Seven Deadly Diseases of DevOps” with a focus on the most costly of them all - Security and Compliance Theater.
/presentations/security-compliance/en/mediumimage/Jobig-1583757240262.JPG)
-
The Common Pitfalls of Cloud Native Software Supply Chains
Daniel Shapira talks about some of the common security vulnerabilities found in cloud-native environments and why it’s important to take security measures immediately to protect instances in the cloud
/presentations/pitfalls-cloud-native-supply-chains/en/mediumimage/Daniel-Shapira-m-1579744171056.jpg)
-
Mind the Software Gap: How We Can Operationalize Privacy & Compliance
Jean Yang talks about some of the ways GDPR and CCPA can influence software, but also about practical solutions to protecting data privacy and security.
/presentations/gdpr-ccpa-privacy/en/mediumimage/Jeabig-1575475429593.JPG)
-
Beyond Entitlements for Cloud-native
Chandra Guntur and Hong Liu show how they use Open Policy Agent with Spring Boot and HOCON to produce a responsibility management solution that scales to volume and performance needs.
/presentations/opa-spring-boot-hocon/en/mediumimage/opa-spring-boot-hocon-m-1570032482345.jpg)