Episode 14: DevOps Secret Management

Episode 14 January 14, 2020 00:30:45
Episode 14: DevOps Secret Management
SilverLining IL
Episode 14: DevOps Secret Management
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Oded Hareven

Guest title:  Founder & CEO

Company:  A-Key-Less

Abstract

Application Secret management is becoming one of the biggest challenges for application security. With cloud, CI/CD and micro services architecture we discover that we are using a growing number of encryption keys, API keys, SSH keys tokens and connection strings. In this episode we talk with Oded HarEven, Founder at A-Key-Less about the challenges of secret management and the way to build secure secret management solution.

Timing

0:00

Intro and introducing our guest

1:40

Application secret management  - defining what secret is, and what is secret management

6.00 

Challenges with encryption keys 

9:47  

How to handle application secret management and encryption keys - requirements and best practices

12.25

Zero trust in key management - what does it mean and how to implement it

20:10

The process of integrating keys with cloud platform

25:35

A-Key-Less state of the market approach

27.35

Summary and conclusions

Other Episodes

Episode 21

August 03, 2020 00:26:59
Episode Cover

Episode 21: Building The Next Generation Of Cloud Services

Attendees Guest: Eran Feigenbaum Guest title:  CSO, Oracle Cloud Abstract The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services. Timing: 0:00 introducing our guest 5:40 Generation one of cloud infrastructure 8:40 so what is second generation of cloud infrastructure 10:30 how Oracle is planning to change the cloud market 11:40 how second generation cloud services can help with common mistakes such as misconfiguration 13:35 what cloud provider should do in order to increase security 16:05 how cloud providers can  be proactive with their customers 19:00 handling miss-configuration such as open buckets and lost API’s keys 23:40 summary and last words ...

Listen

Episode 36

March 09, 2021 00:30:44
Episode Cover

Episode 36: Wiz

Attendees Guest: Yinon Costica Guest title: VP Product  Abstract Wiz is the new star in the cloud security market, founded by veterans with a proven record and raised over $100M in less than a year of operations. In this episode, we talked with Yinon Costica, Co-Founder and VP Product at Wiz, about cloud security challenges, how is Wiz different from others, and how are they going to disrupt the market.  ...

Listen

Episode 10

November 24, 2019 00:30:24
Episode Cover

Episode 10: Securing The New Fintech Economy

Attendees Guest: Nir Valtman Guest title:  Product security lead Company:  Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech.  4.50  Building API platforms for banks. Challenges, security considerations and solutions.  8:45   Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...

Listen