Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Lightning Talk [clear filter]
Tuesday, November 17

3:40pm EST

Cloud Security and how to leverage the shared responsibility model to your advantage - Eshrak Assaf & David Lebutsch, IBM
Adopting Cloud Computing models could be a blessing or a curse. When done with security and compliance in mind, it could save you lots of time, effort and operational costs. When done without regard to security and compliance, it could result in exposing your company to financial and reputational risks. In this session, we will talk about some basic security and compliance concepts that developers need to know before they consider adopting Cloud Computing models. We will talk about how to leverage the Cloud shared responsibility model to your advantage, and why Cloud security and compliance is not optional.

avatar for Eshrak Assaf

Eshrak Assaf

Senior Manager, IBM
Senior manager for the Virtual Private Cloud Gen2, IBM Cloud Telemetry and Analytics teams. MSc & MBA graduate complemented by 13+ years of experience in Development, Security, DevOps and Operations with a primary focus on virtualization and cloud computing.
avatar for David Lebutsch

David Lebutsch

CTO / Distinguished Engineer SaaS and Hybrid Cloud, IBM Data and AI, IBM
IBM Distinguished Engineer and CTO for Data & AI SaaS on IBM Cloud. Hands on architect and technical leader with 20+ years of experience.

Tuesday November 17, 2020 3:40pm - 3:50pm EST

3:50pm EST

Why OpenID Connect is More Secure then Certificates - Marc Boorshtein, Tremolo Security, Inc.
Most user's first experience accessing a cluster usually involves a certificate.  It's one of the most secure ways to authenticate a user, when done properly.  It's not nearly as secure as OpenID Connect for your clusters.  In this session you will learn why certificate authentication is a bad idea for your users accessing your clusters and why you should be using OpenID Connect.  In addition to showing why OpenID Connect is the more secure method for accessing your clusters, the session will detail the OpenID Connect threat model and how to mitigate it.  The session will also contrast this model with certificates and show how it's nearly impossible to create an authentication system with certificates as secure as one protected with OpenID Connect.  There will also be a chance for those attending to try to take over an OpenID Connect protected cluster!  

avatar for Marc Boorshtein

Marc Boorshtein

CTO, Tremolo Security, Inc.
Marc Boorshtein has been a software engineer and consultant for nearly twenty years and is currently the CTO of Tremolo Security, Inc. Marc has spent most of his career building identity management solutions for large enterprises, U.S. Government civilian agencies, and local government... Read More →

Tuesday November 17, 2020 3:50pm - 4:00pm EST

4:00pm EST

Hardware Backed Security For Multitenancy at the Edge with SPIFFE & PARSEC - Paul Howard, Arm & Andres Vega, VMware
Three powerful CNCF projects come together in this session, which focuses on how cloud-native workloads can access the best hardware security facilities of any platform in a way that is portable, convenient to consume, and which scales to multiple workloads.  SPIFFE, the Secure Production Identity Framework for Everyone, alongside its production-grade implementation project SPIRE, are both now incubation projects within CNCF.  Parsec (CNCF sandbox) is the Platform Abstraction for Security: a simple and portable way to access platform facilities for key management and cryptography on any hardware in any programming language. But Parsec is so much more than just an API shim. It also provides key management and access control based on the identities of workloads, keeping their secure assets separate.  This session will show how Parsec can be combined with SPIFFE and SPIRE to provide a key management service based on attested workload identities,

avatar for Andres Vega

Andres Vega

Maintainer, contributor, author, and open source troublemaker.
avatar for Paul Howard

Paul Howard

Principal System Solutions Architect, Arm
Paul has been a solutions architect at Arm since November 2018, having previously held software engineering positions at companies including Citrix and Global Graphics. He is a graduate of Aston University and is currently based in Cambridge, UK. Paul is a maintainer of the Parsec... Read More →

Tuesday November 17, 2020 4:00pm - 4:10pm EST
  • Timezone
  • Filter By Venue VIrtual
  • Filter By Type
  • Break
  • General Session
  • Lightning Talk
  • Session Presentation
  • Sponsored Session

Filter sessions
Apply filters to sessions.