Google Security Talks during RSA Conference 2017
For many years, the RSA Conference has been the security event that best represented the whole of the vendor ecosystem – good and bad. Those who dare enter the expo hall are met with an onslaught of swag and pitches, where the former justifies the latter. This year was no exception, with hundreds of vendors, sessions, and parties spread out over the week. The agenda was so deep that OneLogin built a dedicated website just for all the parties.
Usenix Enigma 2017 - Closing the Gap Between Security and Usability
I attended the Usenix Enigma conference this week in Oakland, which brought together some of the brightest minds in security across academia, government, and business. After watching a few of the videos from last year’s conference, I wanted to be there in person this time around. Everything about the conference was top-notch, with a diverse and thoughtful community really coming together for the greater good. A major theme echoed across the conference, from the sessions to the hallways – usability.
Google's Infrastructure Security Design Revealed
In recent years, Google has put tremendous effort into creating a security architecture that better maps to their global organization, the scale at which they operate, and the products that they offer. The BeyondCorp papers that we often reference here at ScaleFT have provided insight into their practices for how employees access protected resources, and now we’re fortunate to be presented an in-depth view into how they secure their entire infrastructure through the publication of a new whitepaper - Google Infrastructure Security Design.
Real World Crypto 2017: Day 3
This is the third and final post describing my favorite talks from Real World Crypto 2017. If you haven’t already, check out my previous posts: Day 1 Day 2 Video recordings from RWC 2017 are available here. The Physics of Building a Quantum Computer Evan Jeffrey from Google kicked off the day by discussing Google’s project to build a quantum computer. This talk was interesting for putting the post-quantum crypto talks from day one into real-world perspective.
BeyondCorp is security for the Cloud Native organization
The term Cloud Native usually references application-centric tools and patterns, so what does it mean to be a Cloud Native organization? It begins with the awareness that being a software company goes beyond simply making technology choices – it’s about creating a culture of innovation across the entire company that fully supports the release of software at a rapid pace through tight-knit collaboration and well-oiled processes. This represents the new face of IT, driving the business forward by tackling the ever-changing demands of the customer head on.
Real World Crypto 2017: Day 2
Yesterday I published my thoughts on some of my favorite talks from Day One of Real World Crypto 2017. The following are some highlights from Day Two. 0-RTT Key Exchange with Full Forward Secrecy In recent years two desirable properties for transport security have come to prominence: The first is Zero-RTT Key Exchange, which enables clients to securely send data to a server without waiting one or more round trips for a key exchange to complete.
Real World Crypto 2017: Day 1
This week I’m attending Real World Crypto 2017 in New York City. For each of the three days of the conference I’ll be highlighting a few of my favorite talks from my perspective as an engineer building infrastructure software. Project Wycheproof - Scaling Crypto Testing Thai Duong gave an overview of Project Wycheproof, an open source project developed at Google which tests cryptographic libraries for known weaknesses. According to Thai, Google internally provides abstractions for common cryptographic protocols and operations by wrapping third party libraries such as OpenSSL and OpenJDK.
Leveraging Service Users for Privileged DevOps Automation
ScaleFT provides a more effective way of managing the credentials users need to access infrastructure, but what about automated services that need privileged access to operate? Along with an emphasis on closer collaboration between teams, modern DevOps practices have introduced more automation throughout the entire software development lifecycle. Various processes for developing, building, testing, packaging, and deploying code are all streamlined via event-driven, automated workflows. When done well through a collaborative effort, teams are able to ship software quicker and more continuously.
Using ScaleFT With Ansible
Ansible is a hugely popular configuration management (CM) platform used around the world by millions of users every day. One of the things that distinguishes Ansible from other CM platforms like Puppet, Chef, and SaltStack (when not using salt-ssh), is that it pushes everything it needs to the hosts; usually using sftp/scp/rsync/ssh. This allows Ansible to be “agentless”, meaning nothing needs to be installed on your hosts to manage them. Ansible will just SSH to each host, copy over the appropriate scripts it requires, and get to work.
Even with ephemeral credentials and audit logs to make sure you see when members of your team have ssh’d to your machines, you may still want more control over when users can log in to your environment. To help you be explicit about when users will and won’t be issued credentials, we’re pleased to announce you can now require preauthorization to access servers in a project. To use the feature, create a new project with the option Require Preauthorization checked.