Welcome to our Cloud-Native Wellington meetup, friends; here is our October 2022 meetup #1. Welcome to all new members, #DevOps, #CloudOps & #CloudNative enthusiasts. What a delight we have a doubleheader this month. Two meetups back to back on Wednesday & Thursday.
Thank you for joining us for last month's in-person event. We are on a roll and excited to connect, learn and share again with our community.
Cloud Native Security: Why Securing in Day 1 is Not Enough
Speaker: Eilon Elhadad, Aqua's General Manager, Software Supply Chain Security.
In the past year, we all witnessed the severity of the software supply chain threat, demonstrated on a massive scale by the insidious attacks on SolarWinds and then Codecov. As adversaries are increasingly looking to plant malicious code into trusted software that makes up organizations’ supply chains, tools used by developers as part of their CI/CD pipelines have become a prime target. But why are our development environments so vulnerable?
Although high-velocity CI/CD pipelines are the backbone of modern software development, it’s striking how little security attention they get. In traditional security architectures, production gets a lot of attention, with multiple layers of tools and processes to secure runtime. Development environments, however, have not historically been scrutinized in the same way.
Add a high degree of automation and frequent code updates in CI/CD, and malicious actors get plenty of opportunities to abuse the process. As enterprises worldwide are accelerating their digital transformation initiatives on a crazy scale, securing the software delivery process is paramount.
That's why we started Argon. Our vision was to provide organizations with a practical and simple solution to prevent code manipulation and secure their software supply chain.
But we realised that Securing on Day 1 through Argon was not enough. Security must span the entire DevOps pipeline, from code through build to runtime, and ensure the end-to-end integrity of the artifacts.