Txema González Balseiro & Manuel Sánchez Rodríguez – Zero Trust DevOps with Azure & Github Actions

Discover how a Zero Trust approach to DevOps with Azure and GitHub Actions can provide robust security for your organization, utilizing AKAs, manual security controls, and segregation of traffic for enhanced protection.

Key takeaways
  • Zero Trust DevOps with Azure and GitHub Actions is a security approach that assumes no trust within an organization.
  • AKAs (Assumed Known As) are used to minimize lateral movements.
  • Two main differences between tool sets are:
    • Manual for different tool sets
    • Different results for tool sets
  • Manual security controls are applied to discover and contain breaches.
  • Networking connectivity is important, using Azure private link or firewall.
  • The customer domain is used, not the Azure Active Directory.
  • The strong support for Spring is for the enterprise subscription.
  • For a successful software delivery, GitHub and Azure are used.
  • All traffic is encrypted and monitored.
  • Teradras is a model framework for exception identification and containing lateral movements.
  • Authentication and encryption are used to protect data.
  • For remote work, segregation of traffic is important.
  • In Azure, there are three areas for storage.
  • Corporate devices are used in a smart and agile way.
  • Monitoring of traffic and flow logs is important.
  • Identity and Access Management (IAM) tools are used to take an identity-based approach to security.
  • Collaboration and security for the Cloud is important.
  • Data encryption and sharing is also important.
  • Different apps have different security needs, such as minimal apps.
  • Infrastructure and Network Organizations require controls, classifier, tax, and encrypt.
  • Cloud security policies are made for sharing and segmenting data traffic.
  • Monitoring of apps is important for controlling and containing risks.
  • For the future, it’s important to have strong security practices and tools.

More talks

You Shall Not Password: Modern Authentication for Web Apps - Eli Holderness - NDC Sydney 2022

Unsafe At Any Speed: CISA's Plan to Foster Tech Ecosystem Security

Managers Are Not That Stupid • Malte Foegen • GOTO 2022

What I Wish I Knew When I Started Designing Systems (Jakub Nabrdalik)

SAINTCON 2023 - Matt Durrin - The Need For Speed

sett: data encryption and transfer made easy(ier) by Jaroslaw Surkont, Christian Ribeaud - 🦀 Zürisee

A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven

Michał Wodyński - Difficulties of Python code development:packages,virtualenvs and package mangers