Digital Developer Conference: Cloud-Native Security

The Digital Developer Conference: Cloud-Native Security is a unique opportunity to learn tools such as IBM Cloud, Openshift, Kubernetes, and many others.

7 min readJun 19, 2020

Table Of Contents

Application Security, Data Security, and DevSecOps
Why attend
DevSecOps, the evolution of species
React, when you’re gonna code!
Go Istio
Create your custom agenda

Cloud Computing can help you to respond to critical issues needed to build smart applications that map your business in a reliable, secure, and agile way. The Digital Developer Conference: Cloud-Native Security is a great opportunity to develop skills with leading open-source tools such as IBM Cloud, Red Hat Openshift, Kubernetes, Istio, and many others. Here is a video about the Conference:

Organised and led by subject matter experts from IBM and Red Hat, the sessions and hands-on labs offer beginners and experts alike an opportunity to explore techniques in Application Security, Data Security, and DevSecOps. Security is critical: that’s why this virtual conference combines security with application development and DevOps. Last year, thousands of developers participated in this conference.

The Digital Developer Conference: Cloud-Native Security spans over 5 hours with many presentations and labs organised in 3 tracks, and will be held according to four different macro-regions: Americas, June 24 ET; Europe and India, June 25; Asia Pacific July 1st.

You can sign-up for free clicking here.

Application Security, Data Security, and DevSecOps

This conference is your free opportunity to develop skills with the leading open-source tools and technologies on IBM Cloud and Red Hat OpenShift to build smart and secure cloud-native applications. Technical sessions and hands-on labs offer beginners and experts alike an opportunity to explore three dedicated tracks:

Application Security,
Data Security
DevSecOps.

Security needs to be managed as a pillar in all software and infrastructure development and can be achieved by unlocking the true value of the cloud. From modernizing applications with containerized microservices to securing data while training AI models, or building continuous, secure DevOps pipelines in a growing complex hybrid cloud, developers face a myriad of challenges when it comes to security in a cloud-native hybrid cloud environment. With the right knowledge, tools and infrastructure, building secure high-performance cloud will be achievable.

Why attend

Staying current is hard work, so IBM and RedHat have made it a little easier. IBM Developer bundles up the best technical info on popular software development topics and delivers it to your inbox. You can get updated with hands-on labs, prizing you with achievement reports to show your new skills.

Registration provides you with a free IBM Cloud account, so you can jump right at the moment the conference starts.

You can learn with proven and popular open-source technologies that are backed by a trusted community, and you can get coding right away with exercises designed by expert IBM and Red Hat developers for you. This is the new learning paradigm that will empower you in your next professional challenges.

Enjoy the convenience of a free, 100% digital event, with live and on-demand access post-conference. You will then display proof of your progress with badges for your newly acquired industry-recognized skills in the field of DevOps and DevSecOps.

DevSecOps, the evolution of species

It is no longer the time for ICT practitioners to develop a long-term maintainable code infrastructure and hand security off to another team. Security has remained a separate practice for too long, and DevSecOps takes it’s name from DevOps, providing a philosophy and a framework for an integrated, united effort when it comes to security which is embedded in the organised from the very first code.

DevSecOps is a better way for security practitioners to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.

By developing security as code, we will strive to create awesome products and services, provide insights directly to developers, and generally favour iteration over trying to always come up with the best answer before a deployment. We will make security and compliance available to be consumed as services. We will unlock and unblock new paths to help others see their ideas become a reality.

In our security first efforts, we won’t simply rely on scanners and reports to make code better. We will attack products and services like an outsider to help you defend what you’ve created. We will learn the loopholes, look for weaknesses, and we will work with you to provide remediation actions instead of long lists of problems for you to solve on your own.

We will not wait for our organizations to fall victim to mistakes and attackers. We will not settle for finding what is already known; instead, we will look for anomalies yet to be detected. We will strive to be a better partner by valuing what you value.

React, when you’re gonna code!

Code and infrastructure development require an ever-increasing time and planning capability. New challenges appear abruptly and a good professional needs to react immediately. “Learn the skills to react with speed and confidence by using solutions on IBM Cloud and Red Hat OpenShift alongside leading open source contributions by IBM and Red Hat to Kubernetes, Istio, Open Container Initiative, Cloud Native Computing Foundation, and Apache Foundation”, shares Willie Tejada, GM & Chief Developer Advocate of IBM, on his introductory blog post to this virtual conference.

“Choose the track and session for the cloud-native skills you need today to build the smart, secure applications of tomorrow”, writes Tehaja.

Here are just a few of the featured technical sessions, keynotes, and hands-on labs:

Deep-dive into data-in-motion encryption with Istio auto mTLS and key management;
From hardware root of trust (RoT) to containers: Running trusted containers on a high assurance OpenShift platform;
Kubernetes networking to control access with network policy, Calico, NodePort, LoadBalancer, and Ingress;
Adding secure encrypted object storage, persistent volume to a MongoDB with S3FS-Fuse;
Source-to-Image (S2I) secure deployment with UBI, custom builder, and runtime images and templates;
IBM Garage best practices: Developing secure applications for enterprise clients”.

Go Istio

In opposition to the old monolithic applications, a cloud native approach provides great convenience. However, there’s no denying that cloud adoption can put strains on DevOps teams undergoing a period of change. Developers must use microservices to architect for portability, and meanwhile, operators are managing extremely large hybrid and multi-cloud deployments.

The fusion between developers and operations is rewarding but at the same time it is very demanding and fast-changing. Fortunately the software environment is creating products that help ease this integration — that’s exactlywhere Istio intervenes in the software production.

Istio lets you connect, secure, control, and observe services.

At a high level, Istio helps reduce the complexity of the deployment. Istio is a completely open-source service mesh that layers transparently onto existing distributed applications. It is also a platform, including APIs that let it integrate into any logging platform, or telemetry or policy system. It’s diverse feature set lets you successfully, and efficiently, run a distributed microservice architecture, and provides a uniform way to secure, connect, and monitor microservices. Istio addresses the challenges developers and operators face as monolithic applications transition towards a distributed microservice architecture. Let’s take a more detailed look at Istio’s service mesh:

The term service mesh is used to describe the network of microservices that make up such applications and the interactions between them. As a service mesh grows in size and complexity, it can become harder to understand and manage. Its requirements can include discovery, load balancing, failure recovery, metrics, and monitoring. A service mesh also often has more complex operational requirements, like A/B testing, canary rollouts, rate limiting, access control, and end-to-end authentication.

Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.

You can add Istio support to services by deploying a special sidecar proxy throughout your environment that intercepts all network communication between microservices, then configure and manage Istio using its control plane functionality to manage automatic load balancing, fine-grained control of traffic behavior, a pluggable policy layer and configuration API and many more metrics and services.

Create your custom agenda

Digital Developer Conference: Cloud Native Security has been built for a global audience, respecting the different needs of each macro-region. Enrolled participants can choose from our regional viewings. During the conference, they are free to jump from track to track creating a personalised agenda according to needs and interests.

The conference tracks and tools allow us to build smart, secure applications, mixing different architectural paradigms. Whether modernizing applications with containerized microservices, securing data in a smart cloud or building continuous, secure DevOps pipelines in a growingly complex hybrid cloud, you’ll bring confidence to the challenges faced thanks to the skills gained with IBM Cloud and Red Hat OpenShift alongside popular open-source technologies like Kubernetes and Istio.

Participants can learn how to use the leading open-source tools, get the best practices from experts, and join hands-on labs in three dedicated tracks:

Application Security: Securing containerized applications on Kubernetes or microservices. Includes configuration, policies, and app governance, and APIs.

Data Security: Securing your application data and analytics. Includes privacy, data storage, encryption, AI/ML, and NIST controls.

DevSecOps: Building a secure CI/CD pipeline. Includes integration, testing, vulnerability scanning, image governance, and automation.

We know you’ll want to join the Digital Developer Conference: Cloud Native Security, so register your interest, and we’ll see you there!

You can read the orginal version of this article at Codemotion.com, where you will find more related contents. https://www.codemotion.com/magazine/dev-hub/cloud-manager/digital-developer-conference-cloud-native-security/