Docker & DevOps Security at RSA Conference
The RSA conference is the biggest annual gathering of the infosec industry. Held in the Moscone center again last week, RSA 2016 had 40,000 attendees, the largest ever in its history.
This year, Twistlock attended for the first time as an RSA exhibitor and a sponsor for the Rugged DevOps day on Monday.
The RSA conference started with a bang on Monday. Rugged DevOps had over 700 attendees and many sessions saw the conference room filled to the brim. I moderated one of the panels: “DevOps Engagement: Politics, People and Process” with Paula Thrasher, Cornelius Roberts, Wolfgang Goerlich, and Chris Corrierre.
It’s not easy to do a panel on people and process. On top of that, we had the un-envious slot of right before lunch. But Paula, Wolfgang, Cornelius, and Chris were terrific. Not only they kept the audience engaged, they shared many interesting first hand experiences in implementing DevOps programs at their respective organizations.
Paula said adopting DevOps allowed her organization, an IT services and solution provider for the federal government, to take one of the new applications live in 6 weeks. “In the federal space”, she said, “you can’t buy a pen within 6 weeks!”
Cornelius is a Twistlock implementer. He brought the perspective that with the right security tools, micro-service applications can increase the security posture of your system. He said within his client’s environment, they were able to “push code out faster, and have a higher assurance that production applications are vulnerability free”
The rest of the week saw Twistlock team struggled to keep up with the demand between staffing the booth and meetings with customers and partners. A good problems to have, which resulted in many of us having sore feet at the end of the day.
Highlights of the week:
The team presented to Mark Russinovich on our OMS integration and got to brainstorm a bit with Mark on how to collaborate more closely with Microsoft Azure.
We had many discussions on Docker security, container security, and DevOps security. We presented our solutions to many prospects and existing customers. Among the many meetings, we had a great discussion with the NIST team, who is helping federal agencies managing the onslaught of new technologies like DevOps and containers. It was great catching up with Donna Dodson and Murugiah from NIST!
Not only we gained traction with prospects and customers, we also met with many CISOs whose organizations are beginning to deploy containers and micro-service applications. At RSA Conference, we met with CISOs of Fortune 100 companies, CISOs of large European companies, as well as CISOs for government entities. Many have proactively sought us out in order to enable the migration to new technologies and to help them manage the risks that invariably they will come to face.
Here is a picture of Dima giving a presentation to a security team.
Here is John giving a demo to another security team
And Ben speaking to Pete Lindstrom of IDC.
On a related note, I moderated a panel on government encryption backdoor with Matt Green, Michelle Dennedy, and Rich Mogull. The panel was well attended and we saw a number of news articles covering the panel already. The best part was that Ron Rivest was in the audience listening to the panel!
Oh, and one more thing, Momentum partners released their Q1 companies-to-watch list at RSA, and Twistlock is on the list!
It is clear that containers are going mainstream traction. Twistlock is proud to be one of the change agents that facilitates and enables this trend. The RSA momentum is just a beginning, we are excited to see what 2016 has in store for us and for the future of containers.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Baking Compliance in your CI/CD PipelineRead the Blog
Serverless Security Suggestions: Tips for Keeping Serverless Functions SecureRead the Blog
Why a Common Security Toolset is Essential for DevSecOpsRead the Blog
Putting the “Ops” in DevSecOps: Why It’s Hard and How to Do ItRead the Blog
Why the Point Solution Mindset for IT Security is DeadRead the Blog