Aqua Security - Kubernetes and the Software Supply Chain
Common Sense Virtual Roundtable:

Kubernetes and the Software Supply Chain

May 5th, 2022, 1 PM – 2 PM CT, Successfully held

Request Detailed Session Notes

We are careful about who we send this key document to. The session notes will be sent based on the request, provided your profile matches our qualification criteria.

Presented by

Aqua Security

Here’s what we discussed:

In order to secure our applications, we must verify they are trustworthy. This work happens in the context of time pressure and rapidly changing code bases and libraries.

Designed to build on the mix-and-match approach of containers and microservice architectures, technologies like Kubernetes add even more complexity. Code may run in isolated containers, but it also runs in nested abstracted userlands, each dockerfile adding a selection of undocumented dependencies. In this environment, how can we verify what’s actually in the containers we use? If we can’t verify what’s in these containers, how can we ship secure code?

In this session we discussed the security challenges presented by Kubernetes and the modern software supply chain, and what companies are doing to manage risk and security for these.

Solution Expert

Ehud Amiri
VP Product Management at Aqua Security

Here is what we learned:

Poonam Khemwani, Executive Director, Cloud Security Architecture, JP Morgan Chase

JP Morgan does a lot of work with containers using managed Kubernetes environments with heavy Open Shift on premise and the AWS clouds as well. Although they have been transitioning for about seven years, only about 2 percent of their legacy and on-premise data has moved. Part of this is from internal resistance.

Where they have grown most digitally is by building cloud first applications.
Khemwani is concerned about visibility across the multi-cloud environment and the logs are not coming into a centralized location.

They are moving to a more DevOps approach on security.

Michael Elgart, Director – Sr Group Manager Enterprise Solutions Architect, BNY Mellon

The bank is always looking to modernize its applications and is interested in security in a Kubernetes deployment paradigm. That deployment will be internal in the initial phase, so they have everything in place when they begin migrating to the cloud. There are some cloud assets that they procured through acquisition.

Request detailed session notes

We are careful about who we send this key document to. The session notes will be sent based on the request, provided your profile matches our qualification criteria.

About Aqua Security:

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Participation in the Virtual Roundtable is free of charge to qualified attendees. Once you’ve completed the registration, we’ll confirm your invitation and send you a calendar invite with a link to the meeting.

If you don’t qualify, we’ll suggest other learning events that may be a better fit for you.

Here’s what attendees at past events have said:

Other active events

Talk To Us About Attending Future Events

    This site is protected by Invisible reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Receive Upcoming Event Notifications
    Find out about upcoming events you or your team may want to attend.
    By hitting submit, you agree to receive important updates from Common Sense.