Navigating the Cloud Native Security Landscape - Pablo Musa - NDC Porto 2023

Pablo Musa

Security strategies for cloud native applications, including image scanning, registry security, vulnerability management, runtime security, and identity access management to prevent attacks and data exfiltration.

Key takeaways
  • Cloud security is a complex landscape, and companies need to prioritize their efforts.
  • Attackers can exploit vulnerabilities in cloud applications, and companies need to implement security measures to prevent this.
  • Image scanning and registry security are crucial for preventing attacks.
  • Minimal images are a low-hanging fruit for security improvements.
  • Companies should focus on securing their container images, registries, and build infrastructure.
  • Vulnerability management is important, and companies should prioritize fixing high-severity vulnerabilities.
  • Runtime security is critical, and companies should use tools like Falco to detect and prevent attacks.
  • Cloud data exfiltration is a significant threat, and companies should implement security measures to prevent this.
  • Identity and access management are crucial for securing cloud applications.
  • Companies should implement multi-factor authentication and limit access to sensitive data.
  • The average time to identify a vulnerability is 207 days, and companies should prioritize fixing vulnerabilities quickly.
  • The average time to contain a vulnerability is 70 days, and companies should prioritize containing vulnerabilities quickly.
  • Companies should use tools like Cloud Security Posture Management to monitor and secure their cloud applications.
  • The importance of image signing and registry security cannot be overstated.
  • Companies should prioritize securing their build infrastructure and implementing security measures to prevent attacks.
  • Runtime security is critical, and companies should use tools like Falco to detect and prevent attacks.
  • Companies should prioritize securing their container images, registries, and build infrastructure.
  • The average time to identify a vulnerability is 207 days, and companies should prioritize fixing vulnerabilities quickly.
  • The average time to contain a vulnerability is 70 days, and companies should prioritize containing vulnerabilities quickly.