If we think about our production cloud-native & microservices operations, in the same way we think about how we design and build our products, we could build and automate minimum viable security (MVS) plans that we could easily bake into our config files and CI/CD processes. Once we build this foundational framework of security, it will always be possible to iterate and evolve our security framework, for advanced layers of security that often come with time, increased experience, and greater maturity around security.
In this talk, I will present the MVS mindset, and how it's applied to cloud-native apps. We will focus on 6 critical security controls that will be integrated as part of your typical cloud-native operations and CI/CD pipeline. These controls are a starting point on the journey to securing your applications from the first line of code. From that point, you will continuously iterate and evolve your security maturity all the way through advanced layers of security.
An example of a workflow file running these security controls will be demonstrated.