SlideShare uma empresa Scribd logo

Security in the DevOps pipeline of containerized core application: Case Study Finnova

Aarno Aukia
Aarno Aukia

Keynote at the Swiss CISO Summit September 2, 2020, in Zürich Switzerland Christian Reinhard, Leader Application Management, Finnova AG Bankware Aarno Aukia, CTO & Partner, VSHN - The DevOps Company Finnova offers innovative software solutions for the banking sector as a software product and also in the form of a software-as-a-service model. There are strong needs and incentives to assume responsibility for confidentiality, integrity, and availability. Christian and Aarno will present the current state of the Dev(Sec)Ops pipelines of their own products, the application management processes and automation for first- and third-party software and finally the con- tainer platforms and tools used for operational secu- rity engineering. The speakers will provide insights of challenges and experiences.

Software
1 de 23
Baixar para ler offline
24.08.2020I Finnova 1 Finnova – Christian Reinhard, Head Application Management VSHN - Aarno Aukia, CTO & Partner CISO SUMMIT ZURICH
INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3 4 Agenda CISO Summit 5 DEVOPS (VSHN) KEY TAKEAWAYS
Introduction 24.08.2020 I Finnova3 Digitization within Finnova
Finnova Application Management Seewen more than just Application Management 4 FINNOVA APPLICATION MANAGEMENT SEEWEN FINNOVA SOLUTIONS FINNOVA CONSULTING FINNOVA PRODUKTHAUS
INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit 4 5 DEVOPS (VSHN) KEY TAKEAWAYS
03.08.20207 A solution arises from a customer need together with the customer – Finnova Portal as a Service CMS-Portal TechnologieFinnova Omega Platform Development PartnerFinnova Open Platform Orchestrierung mit Prozessen und FIL-Services Finnova Core Betrieb des CMS-Portals im SaaS-Modell | Workshop Neobank OPERATION AND APPLICATION MANAGEMENT AT FINNOVA AM IN SEEWEN
Finnova Plattform 8 Portal as a Service Portal WAF WAF WAF Core Γ Core Γ Core Γ OMEGA Ω OMEGA Ω OMEGA Ω Finnova Core Suite 3rd Party Portal „Liferay“ – ti&m
INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit 4 5 DEVOPS (VSHN) KEY TAKEAWAYS
24.08.2020 Hier steht der Präsentationstitel I10
12 Deployment Process & Security DEV (Repository) Files (Pods) Docker Images Container (OpenShift) Betrieb AM Seewen (PRD) GitHub Code Image-Scan (Security & Compliance Policies) » Code Analyse » Image Scanning » Container Hardening Runtime » Network Security » Monitoring » Logging & Reporting » Code Security » Access » Security & Auditing SecurityDeployment
24.08.2020 Portal as a Service13 Architecture and Security
INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit KEY TAKEAWAYS 4 5 DEVOPS (VSHN)
VSHN - The DevOps Company Collaboration between Software Development (Dev) and IT-Operations (Ops) ● Automate as much as possible (“Infrastructure as code”) ● use standard services (layers of abstractions with clear API) to abstract complexity ● Cost efficient and lean way of working ● Agility: ability to react to new/changing requirements ● One team with a common goal: ship stable features ● Continuous improvement 1515 DevOps
VSHN - The DevOps Company 1616 DevOps: People, Processes & Tools
VSHN - The DevOps Company DevOps + Security Engineering = DevSecOps 1717
VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 1818 Traditional IT governance
VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud, onprem ● Ops: Container orchestration platform ● Review design document & platform configuration 1919 Cloud native IT governance
VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 2020 IT governance controls in container platforms
VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 2121 IT governance financial/compliance controlling
INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit KEY TAKEAWAYS 4 5 DEV OPS (VSHN)
VSHN - The DevOps Company ● Modularization ○ Modular digitalization platform enabling multi-tenancy and development autonomy ○ clearly defined layers for API and operations for alignment ● Collaboration ○ BPF orchestration engine to provide end-to-end process for Dev & Ops (Application Management) at Finnova ○ clearly defined layers for operations and specialization 2323 Key takeaways
VSHN - The DevOps Company @aarnoaukia http://about.me/aarno a@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company Since 2014, currently 45 VSHNeers in Zürich, Switzerland Helping Developers run applications on any infrastructure making both visitors happy with stability and developers happy with agility 2424 About Aarno & VSHN.ch
Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 25

Recomendados

Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
Aarno Aukia
 
[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments
WSO2
 
[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger
[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger
[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger
WSO2
 
„GitOps with Flux and Flagger“
„GitOps with Flux and Flagger“„GitOps with Flux and Flagger“
„GitOps with Flux and Flagger“
ConSol Consulting & Solutions Software GmbH
 
Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012
44CON
 
[WSO2Con EU 2018] Architecting for a Container Native Environment
[WSO2Con EU 2018] Architecting for a Container Native Environment[WSO2Con EU 2018] Architecting for a Container Native Environment
[WSO2Con EU 2018] Architecting for a Container Native Environment
WSO2
 
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINXStrengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
NGINX, Inc.
 
Process Automation: an Update from the Trenches
Process Automation: an Update from the TrenchesProcess Automation: an Update from the Trenches
Process Automation: an Update from the Trenches
Kris Verlaenen
 

Recomendados

Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
Aarno Aukia
 
[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments[WSO2Con USA 2018] Architecting for Container-native Environments
[WSO2Con USA 2018] Architecting for Container-native Environments
WSO2
 
[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger
[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger
[WSO2Con EU 2018] OpenAPI Specification 3 - The Evolution of Swagger
WSO2
 
„GitOps with Flux and Flagger“
„GitOps with Flux and Flagger“„GitOps with Flux and Flagger“
„GitOps with Flux and Flagger“
ConSol Consulting & Solutions Software GmbH
 
Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012Modern Post-Exploitation Strategies - 44CON 2012
Modern Post-Exploitation Strategies - 44CON 2012
44CON
 
[WSO2Con EU 2018] Architecting for a Container Native Environment
[WSO2Con EU 2018] Architecting for a Container Native Environment[WSO2Con EU 2018] Architecting for a Container Native Environment
[WSO2Con EU 2018] Architecting for a Container Native Environment
WSO2
 
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINXStrengthen Security and Traffic Visibility on Amazon EKS with NGINX
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
NGINX, Inc.
 
Process Automation: an Update from the Trenches
Process Automation: an Update from the TrenchesProcess Automation: an Update from the Trenches
Process Automation: an Update from the Trenches
Kris Verlaenen
 
Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour...
Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour... Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour...
Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour...
VMware Tanzu
 
Exposing Lambda Functions as Managed APIs
Exposing Lambda Functions as Managed APIsExposing Lambda Functions as Managed APIs
Exposing Lambda Functions as Managed APIs
WSO2
 
Case management applications with BPM
Case management applications with BPMCase management applications with BPM
Case management applications with BPM
Kris Verlaenen
 
What Makes up a Modern Application Platform?
What Makes up a Modern Application Platform?What Makes up a Modern Application Platform?
What Makes up a Modern Application Platform?
All Things Open
 
CNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyCNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to Envoy
Harish
 
Avoid SPOF in Cloud-native Apps
Avoid SPOF in Cloud-native AppsAvoid SPOF in Cloud-native Apps
Avoid SPOF in Cloud-native Apps
Thang Chung
 
Building successful business Java apps: How to deliver more, code less, and c...
Building successful business Java apps: How to deliver more, code less, and c...Building successful business Java apps: How to deliver more, code less, and c...
Building successful business Java apps: How to deliver more, code less, and c...
Red Hat Developers
 
GitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & ApproachGitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & Approach
Eliran Mesika
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
Meetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service meshMeetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service mesh
ConSol Consulting & Solutions Software GmbH
 
Bring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsBring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-apps
Thang Chung
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
Mofizur Rahman
 
GitLab Product Roadmap and Approach
GitLab Product Roadmap and ApproachGitLab Product Roadmap and Approach
GitLab Product Roadmap and Approach
Eliran Mesika
 
API design-first and Microservices
API design-first and MicroservicesAPI design-first and Microservices
API design-first and Microservices
Sven Bernhardt
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
NGINX, Inc.
 
Accelerate Your Development: CI/CD using AWS and Serverless
Accelerate Your Development: CI/CD using AWS and ServerlessAccelerate Your Development: CI/CD using AWS and Serverless
Accelerate Your Development: CI/CD using AWS and Serverless
AaronLieberman5
 
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furiousDevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
DevOps_Fest
 
MuleSoft Meetup Roma - Processi di Automazione su CloudHub
MuleSoft Meetup Roma - Processi di Automazione su CloudHubMuleSoft Meetup Roma - Processi di Automazione su CloudHub
MuleSoft Meetup Roma - Processi di Automazione su CloudHub
Alfonso Martino
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
Geoffrey Filippi
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
Aarno Aukia
 

Mais conteúdo relacionado

Mais procurados

Exposing Lambda Functions as Managed APIs
Exposing Lambda Functions as Managed APIsExposing Lambda Functions as Managed APIs
Exposing Lambda Functions as Managed APIs
WSO2
 
What Makes up a Modern Application Platform?
What Makes up a Modern Application Platform?What Makes up a Modern Application Platform?
What Makes up a Modern Application Platform?
All Things Open
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
API design-first and Microservices
API design-first and MicroservicesAPI design-first and Microservices
API design-first and Microservices
Sven Bernhardt
 
Accelerate Your Development: CI/CD using AWS and Serverless
Accelerate Your Development: CI/CD using AWS and ServerlessAccelerate Your Development: CI/CD using AWS and Serverless
Accelerate Your Development: CI/CD using AWS and Serverless
AaronLieberman5
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
Geoffrey Filippi
 

Mais procurados (20)

Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour...
Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour... Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour...
Cas d'usage ProtoStellar Cloud replatforming de l'application 1Logistic pour...
 
Exposing Lambda Functions as Managed APIs
Exposing Lambda Functions as Managed APIsExposing Lambda Functions as Managed APIs
Exposing Lambda Functions as Managed APIs
 
Case management applications with BPM
Case management applications with BPMCase management applications with BPM
Case management applications with BPM
 
What Makes up a Modern Application Platform?
What Makes up a Modern Application Platform?What Makes up a Modern Application Platform?
What Makes up a Modern Application Platform?
 
CNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyCNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to Envoy
 
Avoid SPOF in Cloud-native Apps
Avoid SPOF in Cloud-native AppsAvoid SPOF in Cloud-native Apps
Avoid SPOF in Cloud-native Apps
 
Building successful business Java apps: How to deliver more, code less, and c...
Building successful business Java apps: How to deliver more, code less, and c...Building successful business Java apps: How to deliver more, code less, and c...
Building successful business Java apps: How to deliver more, code less, and c...
 
GitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & ApproachGitLab's Acquisition Strategy & Approach
GitLab's Acquisition Strategy & Approach
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
 
Meetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service meshMeetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service mesh
 
Bring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsBring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-apps
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
 
GitLab Product Roadmap and Approach
GitLab Product Roadmap and ApproachGitLab Product Roadmap and Approach
GitLab Product Roadmap and Approach
 
API design-first and Microservices
API design-first and MicroservicesAPI design-first and Microservices
API design-first and Microservices
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
 
Accelerate Your Development: CI/CD using AWS and Serverless
Accelerate Your Development: CI/CD using AWS and ServerlessAccelerate Your Development: CI/CD using AWS and Serverless
Accelerate Your Development: CI/CD using AWS and Serverless
 
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furiousDevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
 
MuleSoft Meetup Roma - Processi di Automazione su CloudHub
MuleSoft Meetup Roma - Processi di Automazione su CloudHubMuleSoft Meetup Roma - Processi di Automazione su CloudHub
MuleSoft Meetup Roma - Processi di Automazione su CloudHub
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
 

Semelhante a Security in the DevOps pipeline of containerized core application: Case Study Finnova

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
WSO2
 
Automate your NGINX Environment with the Ansible Collection for NGINX Controller
Automate your NGINX Environment with the Ansible Collection for NGINX ControllerAutomate your NGINX Environment with the Ansible Collection for NGINX Controller
Automate your NGINX Environment with the Ansible Collection for NGINX Controller
NGINX, Inc.
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale Organizations
XebiaLabs
 
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptxManchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Akshata Sawant
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
Sven Bernhardt
 

Semelhante a Security in the DevOps pipeline of containerized core application: Case Study Finnova (20)

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der Cloud
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Automate your NGINX Environment with the Ansible Collection for NGINX Controller
Automate your NGINX Environment with the Ansible Collection for NGINX ControllerAutomate your NGINX Environment with the Ansible Collection for NGINX Controller
Automate your NGINX Environment with the Ansible Collection for NGINX Controller
 
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
 
NFVO based on ManageIQ - OPNFV Summit 2016 Demo
NFVO based on ManageIQ - OPNFV Summit 2016 DemoNFVO based on ManageIQ - OPNFV Summit 2016 Demo
NFVO based on ManageIQ - OPNFV Summit 2016 Demo
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Onboarding process made agile with confluent and flowabl
Onboarding process made agile with confluent and flowablOnboarding process made agile with confluent and flowabl
Onboarding process made agile with confluent and flowabl
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale Organizations
 
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptxManchester MuleSoft Meetup #8 - 28 Sept.pptx
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
 
Nagios Consulting Implementation and Maintenance
Nagios Consulting Implementation and MaintenanceNagios Consulting Implementation and Maintenance
Nagios Consulting Implementation and Maintenance
 
cFactory v4 Launch Workshop for Partners
cFactory v4 Launch Workshop for PartnerscFactory v4 Launch Workshop for Partners
cFactory v4 Launch Workshop for Partners
 

Mais de Aarno Aukia

Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Aarno Aukia
 

Mais de Aarno Aukia (20)

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
 
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 Recap
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platforms
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps process
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, Kubernetes
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloud
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die Cloud
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container Plattforms
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOps
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native Computing
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open source
 
SecDevOps 2017
SecDevOps 2017SecDevOps 2017
SecDevOps 2017
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup Zürich
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-Commerce
 

Último

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Último (20)

%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 

Security in the DevOps pipeline of containerized core application: Case Study Finnova

  • 1. 24.08.2020I Finnova 1 Finnova – Christian Reinhard, Head Application Management VSHN - Aarno Aukia, CTO & Partner CISO SUMMIT ZURICH
  • 2. INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3 4 Agenda CISO Summit 5 DEVOPS (VSHN) KEY TAKEAWAYS
  • 4. Finnova Application Management Seewen more than just Application Management 4 FINNOVA APPLICATION MANAGEMENT SEEWEN FINNOVA SOLUTIONS FINNOVA CONSULTING FINNOVA PRODUKTHAUS
  • 5. INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit 4 5 DEVOPS (VSHN) KEY TAKEAWAYS
  • 6. 03.08.20207 A solution arises from a customer need together with the customer – Finnova Portal as a Service CMS-Portal TechnologieFinnova Omega Platform Development PartnerFinnova Open Platform Orchestrierung mit Prozessen und FIL-Services Finnova Core Betrieb des CMS-Portals im SaaS-Modell | Workshop Neobank OPERATION AND APPLICATION MANAGEMENT AT FINNOVA AM IN SEEWEN
  • 7. Finnova Plattform 8 Portal as a Service Portal WAF WAF WAF Core Γ Core Γ Core Γ OMEGA Ω OMEGA Ω OMEGA Ω Finnova Core Suite 3rd Party Portal „Liferay“ – ti&m
  • 8. INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit 4 5 DEVOPS (VSHN) KEY TAKEAWAYS
  • 9. 24.08.2020 Hier steht der Präsentationstitel I10
  • 10. 12 Deployment Process & Security DEV (Repository) Files (Pods) Docker Images Container (OpenShift) Betrieb AM Seewen (PRD) GitHub Code Image-Scan (Security & Compliance Policies) » Code Analyse » Image Scanning » Container Hardening Runtime » Network Security » Monitoring » Logging & Reporting » Code Security » Access » Security & Auditing SecurityDeployment
  • 11. 24.08.2020 Portal as a Service13 Architecture and Security
  • 12. INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit KEY TAKEAWAYS 4 5 DEVOPS (VSHN)
  • 13. VSHN - The DevOps Company Collaboration between Software Development (Dev) and IT-Operations (Ops) ● Automate as much as possible (“Infrastructure as code”) ● use standard services (layers of abstractions with clear API) to abstract complexity ● Cost efficient and lean way of working ● Agility: ability to react to new/changing requirements ● One team with a common goal: ship stable features ● Continuous improvement 1515 DevOps
  • 14. VSHN - The DevOps Company 1616 DevOps: People, Processes & Tools
  • 15. VSHN - The DevOps Company DevOps + Security Engineering = DevSecOps 1717
  • 16. VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 1818 Traditional IT governance
  • 17. VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud, onprem ● Ops: Container orchestration platform ● Review design document & platform configuration 1919 Cloud native IT governance
  • 18. VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 2020 IT governance controls in container platforms
  • 19. VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 2121 IT governance financial/compliance controlling
  • 20. INTRODUCTION 1 USER STORY – FROM THE IDEA TO OPENSHIFT PLATFORM 2 SECURITY WITHIN THE PLATFORM 3Agenda CISO Summit KEY TAKEAWAYS 4 5 DEV OPS (VSHN)
  • 21. VSHN - The DevOps Company ● Modularization ○ Modular digitalization platform enabling multi-tenancy and development autonomy ○ clearly defined layers for API and operations for alignment ● Collaboration ○ BPF orchestration engine to provide end-to-end process for Dev & Ops (Application Management) at Finnova ○ clearly defined layers for operations and specialization 2323 Key takeaways
  • 22. VSHN - The DevOps Company @aarnoaukia http://about.me/aarno a@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company Since 2014, currently 45 VSHNeers in Zürich, Switzerland Helping Developers run applications on any infrastructure making both visitors happy with stability and developers happy with agility 2424 About Aarno & VSHN.ch
  • 23. Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 25