Sponsored Keynote: Marvin, Where is My Secure API?
Vijoy Pandey at KubeCon + CloudNativeCon North America 2020
Modern cloud native developers use APIs and services from a variety of organic, public cloud and SaaS offers to build their apps and drive velocity. Unfortunately, this implies that the developer, security teams, infrastructure teams, the responsible SREs, and the management chain (e.g., CISOs) are out-of-sync and in the dark on the security ramifications behind any developer’s API choices. And worse, they have no visibility to the security exposure of the app's customers and their data. This talk will highlight these challenges due to the velocity mismatch between these teams, the potential lack of compliance, and the risk to customer data due to these API decisions. We will explore how solving it earlier in the application development lifecycle will lower the cost of the exposure of the entire software (and hardware) stack as well as what needs to be done in the community to solve these problems in a software-driven manner. It’s time to Go Up and Shift Left.